Browse Exams Pricing

ExamsAZ-500Questions

AZ-500 Exam Questions

627 real AZ-500 exam questions with expert-verified answers and explanations. Page 10 of 13.

Question #466Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Hotspot Question You have an Azure subscription that contains a Microsoft Defender External Attack Surface Management (Defender EASM) resource named EASM1. EAMS1 contains the inven...
Microsoft Defender External Attack Surface ManagementEASMasset inventorydashboard insights
Question #467Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You have an Azure subscription that uses Microsoft Defender for Cloud. You have an Amazon Web Services (AWS) account named AWS1 that is connected to Defender for Cloud. You need to...
Question #468Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Hotspot Question You plan to deploy a custom policy initiative for Microsoft Defender for Cloud. You need to identify all the resource groups that have a Delete lock. How should yo...
Azure Policycustom policyresource groupsresource lockspolicy definition
Question #469Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You have an Azure subscription that contains a Microsoft Defender External Attack Surface Management (Defender EASM) resource named EASM1. You review the Attack Surface Summary das...
Defender EASMAttack Surface ManagementRisk PrioritizationVulnerability Identification
Question #470Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You have an Azure subscription that contains the virtual machines shown in the following table. Which computers will support file integrity monitoring?
File Integrity MonitoringMicrosoft Defender for CloudAzure Virtual MachinesLog Analytics Agent
Question #471Manage Azure identities and governance - specifically, managing Azure AD application registrations and credentials for developer-facing workloads (AZ-104 / SC-300 domain: Implement and manage identities)
SIMULATION The developers at your company plan to create a web app named App28681041 and to publish You need to perform the following tasks: - Ensure that App28681041 is registered...
Azure Active DirectoryApp RegistrationClient SecretsIdentity Management
Question #472Secure networking
You have an Azure subscription that contains a resource group named RG1 and the network security groups (NSGs) shown in the following table. You create and assign the Azure policy...
Question #473Secure networking
Hotspot Question You have an Azure subscription that contains the virtual machines shown in the following table. Subnet1 and Subnet2 have a network security group (NSG). The NSG ha...
Private EndpointsNetwork Security GroupsAzure Storage NetworkingDNS Resolution
Question #474Secure networking
Hotspot Question You have an Azure subscription that contains the resources shown in the following table. VNet1 contains the subnets shown in the following table. You plan to use t...
Azure Firewallfirewall deploymentAzureFirewallSubnetnetwork security
Question #475Secure networking
You have an Azure subscription that contains a storage account named storage1 and a virtual machine named VM1. VM1 is connected to a virtual network named VNet1 that contains one s...
Question #476Secure networking
You have an Azure subscription that contains a web app named App1. App1 provides users with product images and videos. Users access App1 by using a URL of HTTPS://app1.contoso.com....
Question #477Configure and manage virtual networking - specifically understanding how VNet Service Endpoints affect traffic routing and IP address usage for Azure PaaS services (AZ-104 / AZ-700 domain: Implement and Manage Virtual Networking)
Hotspot Question You have an Azure subscription that is linked to an Azure AD tenant and contains the virtual machines shown in the following table. The subnets of the virtual netw...
Azure Service EndpointsVirtual Network SecurityAzure Storage NetworkingAzure Key Vault Networking
Question #478Secure networking
You have an Azure subscription that contains an instance of Azure Firewall Standard named AzFW1. You need to identify whether you can use the following features with AzFW1: - TLS i...
Question #479Implement and manage Azure security - specifically securing compute resources and managing network access to virtual machines using Microsoft Defender for Cloud and NSG configurations (AZ-500 / SC-900 domain: Manage security operations and implement platform protection).
SIMULATION Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, plac...
Just-in-Time VM AccessMicrosoft Defender for CloudNetwork Security GroupsAzure Virtual Machines Security
Question #480Implement and manage storage accounts - Configure Azure Storage firewalls and virtual networks to restrict access to specific IP ranges or subnets (AZ-104: Implement and Manage Storage / AZ-900: Describe Azure security and network protection features)
SIMULATION You need to ensure that only devices connected to a 131.107.0.0/16 subnet can access data in the rg1lod28681041 Azure Storage account. To complete this task, sign in to...
Azure Storage SecurityNetwork Firewall RulesStorage Account NetworkingAzure Access Control
Question #481Configure and manage virtual networking - specifically implementing and managing virtual network service endpoints to secure and route traffic to Azure PaaS services over the Microsoft backbone network (AZ-104: Implement and Manage Virtual Networking)
Hotspot Question You have an Azure Subscription that is connected to an on-premises datacenter and contains the resources shown in the following table. You need to configure virtua...
Virtual Network Service EndpointsAzure StorageAzure Key VaultVNet Configuration
Question #482Secure networking
You have an Azure subscription that contains the resources shown in the following table. You plan to deploy an Azure Private Link service named APL1. Which resource should you refe...
Question #483Configure and manage virtual networking - specifically securing access to Azure PaaS services and web applications using network controls (AZ-104 / AZ-700 networking domain)
Drag and Drop Question You have an on-premises datacenter. You have an Azure subscription that contains a virtual machine named VM1. VM1 is connected to a virtual network named VNe...
Azure NetworkingService EndpointsAccess RestrictionsStorage Security
Question #484Secure networking
You have an Azure subscription that contains the subnets shown in the following table. The subscription contains an Azure web app named WebApp1 that has the following configuration...
Question #485Secure networking
You have an Azure subscription. You need to deploy an Azure virtual WAN to meet the following requirements: - Create three secured virtual hubs located in the East US, West US, and...
Question #486Configure and manage virtual networking - including NSGs, service endpoints, and subnet delegation for Azure networking and hybrid connectivity scenarios (AZ-104: Implement and manage virtual networking)
Hotspot Question You have an Azure subscription that contains the resources shown in the following table. VNet1 connects to a remote site by using a Site-to-Site (S2S) VPN that use...
Network Security GroupsService EndpointsApp Service EnvironmentVirtual Network Subnets
Question #487Secure networking
You have an Azure subscription that contains an Azure web app named App1 and a virtual machine named VM1. VM1 runs Microsoft SQL Server and is connected to a virtual network named...
Question #488Design and implement Azure networking - Configure and manage virtual network integration for Azure App Services, including subnet sizing requirements, regional constraints, and delegation prerequisites for web app autoscaling scenarios.
Hotspot Question You have an Azure subscription that contains the virtual networks shown in the following table. The subscription contains the subnets shown in the following table....
Azure App Service VNet IntegrationSubnet DelegationRegional VNet IntegrationAutoscaling
Question #489Design and implement network security - specifically comparing Azure DDoS Protection tiers (Infrastructure, IP, and Network Protection) and their respective features, supported SKUs, and incident response capabilities (AZ-700 / AZ-500 / SC-100)
Drag and Drop Question You have an Azure subscription. You plan to implement Azure DDoS Protection. The solution must meet the following requirements: - Provide access to DDoS rapi...
Azure DDoS ProtectionNetwork SecurityPublic IP SKUsDDoS Rapid Response
Question #490Secure compute, storage, and databases
Hotspot Question You have an Azure subscription that contains the resources shown in the following table. You create a shared access token as shown in the following exhibit. Which...
Shared Access Signature (SAS)Azure Storageaccess controlpermissions
Question #491Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You have an Azure subscription that contains an Azure SQL server named SQL1. SQL1 contains an Azure SQL database named DB1. You need to use Microsoft Defender for Cloud to complete...
Question #492Secure compute, storage, and databases
Hotspot Question You have an Azure subscription that contains the resources shown in the following table. SQL1 has the following configurations: - Auditing: Enabled - Audit log des...
Azure SQL Databaseauditingaudit logssecurity monitoring
Question #493Implement and manage storage accounts - Configure security for Azure Storage, including enforcing secure transfer (HTTPS) to prevent unencrypted HTTP connections. This aligns with the AZ-104 domain: 'Implement and Manage Storage' and security best practices under 'Manage identities and governance in Azure'.
SIMULATION You need to prevent HTTP connections to the rg1lod28681041n1 Azure Storage account. To complete this task, sign in to the Azure portal. Answer:
Azure Storage SecuritySecure TransferHTTPS EnforcementStorage Account Configuration
Question #494Implement and Manage Storage Security / Configure encryption for Azure Storage using customer-managed keys stored in Azure Key Vault - aligned with AZ-104 'Implement and manage storage' or AZ-500 'Secure data and applications' domains.
SIMULATION You need to ensure that the rg1lod28681041n1 Azure Storage account is encrypted by using a key stored in the KeyVault28681041 Azure key vault. To complete this task, sig...
Azure Storage EncryptionCustomer-Managed Keys (CMK)Azure Key VaultData Security at Rest
Question #495Implement and manage virtual networking / Secure access to Azure services using network controls - typically maps to AZ-104 Domain: Configure and manage virtual networks or AZ-305 Domain: Design network solutions
Hotspot Question You have an Azure subscription that contains the virtual machines shown in the following table. You have an Azure Cosmos DB account named cosmos1 configured as sho...
Azure Cosmos DBFirewall and Virtual Network RulesNetwork SecurityAzure Networking
Question #496Secure compute, storage, and databases
You are troubleshooting a security issue for an Azure Storage account. You enable Azure Storage Analytics logs and archive it to a storage account. What should you use to retrieve...
Question #497Secure identity and access
You have an Azure subscription that contains an Azure Blob storage account named blob1. You need to configure attribute-based access control (ABAC) for blob1. Which attributes can...
ABACAzure Storage Access ControlBlob Index TagsAzure RBAC Conditions
Question #498Secure networking
You have an Azure subscription that contains a storage account and an Azure web app named App1. App1 connects to an Azure Cosmos DB database named Cosmos1 that uses a private endpo...
Question #499Secure identity and access
Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure AD tenant. You plan to implement single sign-on (SSO) for Azure AD res...
Question #500Manage Azure Active Directory identities - specifically managing group types, deletion policies, and the 30-day soft-delete restoration window for Microsoft 365 groups in Azure AD (Microsoft Entra ID).
Hotspot Question You have an Azure AD tenant that contains the groups shown in the following table. You assign licenses to the groups as shown in the following table. On May1, you...
Azure AD Group ManagementSoft Delete and RestoreMicrosoft 365 GroupsGroup Lifecycle
Question #501Secure identity and access
You have an Azure AD tenant. You need to ensure that users cannot create passwords containing a variation of the word contoso. What should you configure?
Question #502Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You have an Azure subscription. You plan to deploy Microsoft Defender External Attack Surface Management (Defender EASM) to identify and monitor externally facing assets. You creat...
Question #503Secure compute, storage, and databases
You have an Azure subscription that contains an Azure Key Vault Standard key vault named Vault1. Vault1 hosts a 2048-bit RSA key named key1. You need to ensure that key1 is rotated...
Question #504Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You have an Azure subscription named Sub1 that has Security defaults disabled. The subscription contains the following users: - Five users that have owner permissions for Sub1. - T...
Question #505Manage Azure identities and governance - specifically implementing and managing Azure Policy, including remediating non-compliant resources using PowerShell cmdlets (AZ-104 / AZ-305 domain: Governance)
Drag and Drop Question You have two Azure subscriptions named Sub1 and Sub2. Sub1 contains a resource group named RG1 and an Azure policy named Policy1. You need to remediate the n...
Azure PolicyPowerShell RemediationSubscription ManagementGovernance and Compliance
Question #506Secure identity and access
You have an Azure AD tenant that contains the users shown in the following table. You need to ensure that the users cannot create app passwords. The solution must ensure that User1...
Question #507Manage security posture by configuring Microsoft Defender for Cloud plans and protecting Azure Storage resources, including subscription-level enablement and resource-level exclusions using tags and per-resource settings.
Drag and Drop Question You have an Azure subscription named Sub1 that contains the storage accounts shown in the following table. The storage3 storage account is encrypted by using...
Microsoft Defender for StorageAzure Security CenterStorage Account SecurityResource Tagging
Question #508Secure networking
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a single subnet. The subscription contains a virtual machine named VM1 that is connected...
Question #509Secure networking
Hotspot Question You are implementing an Azure Application Gateway web application firewall (WAF) named WAF1. You have the following Bicep code snippet. For each of the following s...
Azure Application Gateway WAFBicepWAF rulesFile upload limits
Question #510Implement and manage virtual networking / Configure network security (Azure Administrator AZ-104 or Azure Network Engineer AZ-700) - specifically covering WAF policies, NSG default rules, and Application Gateway WAF file upload limits.
Hotspot Question You have an Azure subscription that contains the virtual networks shown in the following table. NSG1 and NSG2 both have default rules only. The subscription contai...
Azure Application Gateway WAFNetwork Security GroupsWAF Modes (Detection vs Prevention)Azure Virtual Networks
Question #511Implement and manage virtual networking / Configure and manage Azure Firewall - typically found in AZ-104 or AZ-700 certification domains covering network security and firewall rule prioritization.
Drag and Drop Question You have an Azure subscription. You create an Azure Firewall policy that has the rules shown in the following table. In which order should the rules be proce...
Azure FirewallFirewall PolicyRule Processing OrderNetwork Security
Question #512Implement and manage Microsoft Entra identity and access - specifically managing authentication methods policies and understanding administrative role boundaries within Microsoft Entra ID (SC-300 / AZ-104)
Hotspot Question You have a Microsoft Entra tenant that contains the users shown in the following table. You configure the Temporary Access Pass settings as shown in the following...
Microsoft Entra IDTemporary Access PassAuthentication MethodsRole-Based Access Control (RBAC)
Question #513Secure identity and access
Hotspot Question Your network contains an on-premises Active Directory domain named adatum.com that syncs to a Microsoft Entra tenant. The Microsoft Entra tenant contains the users...
Azure AD Password ProtectionHybrid IdentityBanned passwordsPassword policies
Question #514Secure identity and access
Hotspot Question You have a Microsoft Entra tenant that contains the users shown in the following table. From Microsoft Entra Privileged Identity Management (PIM), you configure th...
Azure AD PIMJust-in-Time (JIT) accessRole activationEligible assignments
Question #515Implement and manage identity and access in Microsoft Azure - specifically configuring Conditional Access policies to enforce device-based and compliance-based access controls (Microsoft SC-300 / AZ-104)
Drag and Drop Question You have an Azure subscription that contains an Azure web app named App1. You plan to configure a Conditional Access policy for App1. The solution must meet...
Conditional AccessAzure ADDevice ComplianceIdentity and Access Management

PreviousPage 10 of 13Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.