AZ-500 Exam Questions
626 real AZ-500 exam questions with expert-verified answers and explanations. Page 3 of 13.
- Question #109Secure compute, storage, and databases
You are troubleshooting a security issue for an Azure Storage account. You enable the diagnostic logs for the storage account. What should you use to retrieve the diagnostics logs?
- Question #110Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You have an Azure subscription that contains the virtual machines shown in the following table. From Azure Security Center, you turn on Auto Provisioning. You deploy the virtual ma...
Microsoft Defender for CloudAuto ProvisioningLog Analytics AgentVM Security Monitoring - Question #111Secure networking
Case Study 2 - Contoso, Ltd Overview Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The company hosts its...
Azure FirewallVNetNetwork security rulesNetwork connectivity - Question #112Configure and manage virtual networking - specifically Azure VPN Gateway SKU selection based on connection requirements and BGP support (AZ-104 / AZ-700)
Drag and Drop Question You are configuring network connectivity for two Azure virtual networks named VNET1 and VNET2. You need to implement VPN gateways for the virtual networks to...
VPN Gateway SKUsAzure NetworkingBGPSite-to-Site VPN - Question #113Manage identity and access – specifically implementing role-based access control (RBAC) with custom roles to enforce least privilege for resource operations in Azure (AZ-104 / AZ-500 domain: Manage Access Control)
Drag and Drop Question You have an Azure subscription named Sub1. You have an Azure Active Directory (Azure AD) group named Group1 that contains all the members of your IT team. Yo...
Azure RBACCustom Role DefinitionsLeast PrivilegeAzure Virtual Machines - Question #114Configure and manage virtual networking - Implement and manage network security (AZ-104 / Implement network security in Azure)
Drag and Drop Question You have an Azure subscription that contains the following resources: - A virtual network named VNET1 that contains two subnets named Subnet1 and Subnet2. -...
Azure FirewallNAT Rule CollectionNetwork SecurityRemote Desktop Protocol - Question #115Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Hotspot Question You are configuring just in time (JIT) VM access to a set of Azure virtual machines. You need to grant users PowerShell access to the virtual machine by using JIT...
Just-in-Time (JIT) VM accessAzure Security CenterPowerShell RemotingNetwork security - Question #116Secure compute, storage, and databases
Hotspot Question You have an Azure subscription that contains the resources shown in the following table. You create the Azure Storage accounts shown in the following table. You ne...
Azure SQL DatabaseAuditingDiagnostic logsLog Analytics - Question #117Secure compute, storage, and databases
Hotspot Question You have an Azure subscription named Sub1. Sub1 has an Azure Storage account named Storage1 that contains the resources shown in the following table. You generate...
Azure StorageShared Access Signature (SAS)Azure Storage ExplorerBlob storage - Question #118Secure compute, storage, and databases
Hotspot Question You have an Azure subscription that contains the resources shown in the following table. User1 is a member of Group1. Group1 and User2 are assigned the Key Vault C...
Key Vaultaccess policiesRBACsecrets management - Question #119Implement and manage information protection in Microsoft Azure / Microsoft 365 - specifically configuring Azure Information Protection labels, understanding permission levels (Owner, Co-Author, Reviewer, Viewer), and determining user access rights based on applied protection policies. This aligns with the AZ-500 (Azure Security Engineer) or SC-400 (Microsoft Information Protection Administrator) certification domain on 'Implement information protection'.
Hotspot Question You have an Azure Active Directory (Azure AD) tenant named contoso1812.onmicrosoft.com that contains the users shown in the following table. You create an Azure In...
Azure Information ProtectionAIP Label PermissionsAzure AD Identity ManagementData Protection and Rights Management - Question #120Secure compute, storage, and databases
You have an Azure Container Registry named ContReg1 that contains a container image named image1. You enable content trust for ContReg1. After content trust is enabled, you push tw...
Azure Container RegistryContent TrustContainer Security - Question #121Secure compute, storage, and databases
You are troubleshooting a security issue for an Azure Storage account. You enable the diagnostic logs for the storage account. What should you use to retrieve the diagnostics logs?
Azure StorageDiagnostic LogsAzure Storage ExplorerTroubleshooting - Question #122Secure networking
You have a web app named WebApp1. You create a web application firewall (WAF) policy named WAF1. You need to protect WebApp1 by using WAF1. What should you do first?
Web Application Firewall (WAF)Azure Front DoorWeb Application SecurityEdge Security - Question #123Manage Azure Active Directory identities and governance - specifically configuring and understanding Privileged Identity Management (PIM) role assignments, activation requirements, and approval workflows (Microsoft SC-300 / AZ-104 Identity domain)
Hotspot Question You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table. From Azure AD Privileged Identity Management (PIM), you...
Azure AD Privileged Identity ManagementPIM Role AssignmentsActive vs Eligible AssignmentsRole Activation Settings - Question #124Secure identity and access
Hotspot Question Your company has an Azure subscription named Subscription1 that contains the users shown in the following table. The company is sold to a new owner. The company ne...
Azure subscriptionownership transferAzure Account Centerbilling administrator - Question #125Manage Azure identities and governance - specifically, configure Azure AD application registrations and credentials as part of the AZ-104 Microsoft Azure Administrator certification or AZ-900 Azure Fundamentals identity domain.
SIMULATION Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, plac...
Azure Active DirectoryApp RegistrationsClient SecretsIdentity Management - Question #126Manage Azure identities and governance - specifically creating and managing Azure AD tenants and configuring user authentication methods including MFA (AZ-104 / MS-900 / SC-900 domain)
SIMULATION Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, plac...
Azure Active DirectoryMulti-Factor AuthenticationIdentity ManagementAzure AD Tenant Creation - Question #127Secure identity and access
Hotspot Question You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table. You create and enforce an Azure AD Identity Protection s...
Azure AD Identity Protectionsign-in risk policyconditional accessMFA - Question #128Secure identity and access
Hotspot Question You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table. In Azure AD Privileged Identity Management (PIM), the Ro...
Azure AD PIMRBACprivileged accessrole activationMFA - Question #129Implement and manage virtual networking - Configure network security groups and manage inbound/outbound security rules to control access to Azure Virtual Machines (AZ-104 / AZ-900 Networking & Security Domain)
SIMULATION Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, plac...
Network Security Groups (NSG)RDP Access ControlAzure Virtual MachinesInbound Port Rules - Question #130Configure and manage virtual networking – specifically managing network security using Application Security Groups (ASGs) within Azure portal, aligning with the AZ-104 'Implement and Manage Virtual Networking' domain or AZ-900 networking fundamentals.
SIMULATION Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, plac...
Application Security GroupsAzure NetworkingVirtual MachinesNetwork Interface Configuration - Question #131Implement and manage security for Azure workloads - specifically configuring antimalware and endpoint protection for Azure IaaS Virtual Machines as part of the AZ-104 or AZ-500 certification domain covering 'Secure Compute, Storage, and Networking'.
SIMULATION Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, plac...
Microsoft Antimalware ExtensionAzure Virtual Machine SecurityEndpoint ProtectionAzure Extensions - Question #132Secure networking
SIMULATION Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, plac...
- Question #133Manage Azure identities and governance - specifically, managing access to Azure resources using Role-Based Access Control (RBAC), including assigning built-in roles at the appropriate scope to satisfy least-privilege requirements (AZ-104 Domain: Manage Azure Active Directory and RBAC)
SIMULATION Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, plac...
Azure RBACRole AssignmentsPrinciple of Least PrivilegeIdentity and Access Management - Question #134Implement and manage storage accounts security - specifically configuring Azure Storage firewalls and virtual network rules to restrict access based on IP address ranges (AZ-104: Implement and Manage Storage / Configure Azure Storage firewalls and virtual networks)
SIMULATION Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, plac...
Azure Storage AccountNetwork SecurityFirewall RulesAccess Control - Question #135Implement and manage storage accounts - specifically configuring Azure Storage network access controls including virtual network rules and IP-based firewall rules (AZ-104: Implement and Manage Storage / Configure Azure Storage firewalls and virtual networks)
Hotspot Question You create resources in an Azure subscription as shown in the following table. VNET1 contains two subnets named Subnet1 and Subnet2. Subnet1 has a network ID of 10...
Azure Storage FirewallNetwork SecurityVirtual Network Service EndpointsAzure Storage Account - Question #136Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
SIMULATION Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, plac...
- Question #137Monitor and Back Up Azure Resources - specifically configuring diagnostic settings to collect VM guest OS security event logs (audit failures) and route them to an Azure Storage account using Azure Diagnostics Extension.
SIMULATION Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, plac...
Azure MonitorDiagnostic SettingsVirtual Machine Security LogsAzure Storage Account - Question #138Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Hotspot Question You have an Azure subscription that contains the alerts shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each sta...
Azure MonitorAlert managementSecurity monitoring - Question #139Implement and manage storage accounts security - specifically configuring secure transfer requirements to enforce encrypted connections (HTTPS/SMB) and prevent unencrypted HTTP traffic, aligning with the AZ-104 'Implement and manage storage' and AZ-500 'Secure data and applications' domain objectives.
SIMULATION Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, plac...
Azure Storage SecuritySecure Transfer RequiredHTTPS EnforcementStorage Account Configuration - Question #140Implement and manage data security - specifically configuring customer-managed encryption keys for Azure Storage using Azure Key Vault, mapped to the AZ-104 or SC-900/AZ-500 'Secure Data and Applications' domain objective.
SIMULATION Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, plac...
Azure Storage EncryptionCustomer-Managed Keys (CMK)Azure Key VaultData Security at Rest - Question #141Secure identity and access
A company has an Azure subscription and an Azure tenant. The company is planning on deploying a web application which will work with a CosmosDB account. The CosmosDB account will c...
CosmosDB securityResource tokensAccess controlDatabase users - Question #142Secure identity and access
You have to configure an Azure policy as part your subscription. You have to assign policies that would make use of different types of effects. Which of the following type of effec...
Azure PolicyPolicy EffectsManaged IdentityDeployIfNotExist - Question #143Secure identity and access
Your company has created an Azure key vault named "vault". They want to delegate administrative access to the key vault. The access has to follow the below requirements for a set o...
Azure RBACKey VaultAccess ControlLeast Privilege - Question #144Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your company has a set of 50 Windows Azure virtual machines. They all run Windows Server 2016. You have to automate the deployment of the Log Analytics virtual machine extension on...
Log AnalyticsVM ExtensionsARM TemplatesAzure Monitoring - Question #145Secure compute, storage, and databases
A company has an Azure subscription. They have around 50 virtual machines defined as part of the subscription. Azure Diagnostics have been enabled on all of the virtual machines. Y...
Azure MonitorLog AnalyticsSecurity EventsVirtual Machines - Question #146Secure identity and access
A company has a set of Azure subscriptions. They want to transfer the ownership of a subscription to another Azure AD tenant. Which of the following can be used to transfer the own...
Azure SubscriptionsSubscription ManagementTenant TransferAccount Ownership - Question #147Secure identity and access
Your company has a resource group that contains Virtual Machines, Virtual Networks and storage accounts. You have to delegate access to a user with the following privileges to the...
Azure RBACRole-Based Access ControlVirtual MachinesLeast Privilege - Question #148Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your company has defined a set of virtual machines as part of their subscription. The company currently has Azure P2 Premium licences for their users. They are using the Standard v...
Just-in-time (JIT) VM AccessRBAC PermissionsMicrosoft Defender for CloudVirtual Machine Security - Question #149Secure identity and access
A company currently has several subscriptions. They are all associated with the same Azure AD tenant. You have to ensure that all subscriptions have the same role assignments. How...
Azure BlueprintsRole-Based Access Control (RBAC)Azure GovernanceSubscription Management - Question #150Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your company has a set of virtual machines setup in Azure. They want to ensure that IT administrators can request for access when they want to connect to the virtual machine. Which...
Just-in-time (JIT) accessVirtual machine securityMicrosoft Defender for CloudLeast privilege - Question #151Secure identity and access
You have an Azure storage account named "store2020". You go ahead and create the following shared access signature: If key1 for the storage account is rotated, would a user using t...
Shared Access Signatures (SAS)Storage Account KeysKey RotationAccess Control - Question #152Secure identity and access
You have an Azure subscription. You configure the subscription to use a different Azure Active Directory (Azure AD) tenant. What are two possible effects of the change? Each correc...
Azure Active DirectorySubscription ManagementRole-Based Access Control (RBAC)Managed Identities - Question #154Secure networking
You have an Azure subscription that contains virtual machines. You enable just in time (JIT) VM access to all the virtual machines. You need to connect to a virtual machine by usin...
JIT VM AccessVirtual Machine AccessRemote DesktopAzure Portal - Question #155Configure and manage virtual networking - specifically implementing network security controls using Network Security Groups (NSGs) to restrict inbound internet traffic to specific ports on Azure subnets.
SIMULATION You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources. To c...
Network Security GroupsAzure Virtual NetworksInbound Security RulesNetwork Access Control - Question #156Manage Azure identities and governance - specifically implementing and managing Azure resource locks to protect resources from accidental deletion or modification (AZ-104 Domain: Manage Azure Resources)
SIMULATION You need to prevent administrators from performing accidental changes to the Homepage app service plan. To complete this task, sign in to the Azure portal. Answer: You n...
Azure Resource LocksResource ManagementApp Service PlansAzure Governance - Question #157Configure Azure AD authentication for Azure SQL Server to enable users to sign in using their Azure AD credentials via SSMS - typically falls under 'Implement and Manage Identity and Access' or 'Configure Access to Azure Resources' in Azure Administrator (AZ-104) certification domains.
SIMULATION You need to ensure that a user named Danny11597200 can sign in to any SQL database on a Microsoft SQL server named web11597200 by using SQL Server Management Studio (SSM...
Azure SQL ServerAzure Active Directory AuthenticationSQL Server Management StudioIdentity Management - Question #158Implement and manage virtual networking - specifically configuring Azure SQL Server firewall and virtual network service endpoints to restrict database access to authorized subnets (AZ-104 / AZ-500 Network Security domain).
SIMULATION You need to configure a Microsoft SQL server named Web11597200 only to accept connections from the Subnet0 subnet on the VNET01 virtual network. To complete this task, s...
Azure SQL ServerVirtual Network RulesFirewall ConfigurationNetwork Security - Question #159Secure compute, storage, and databases
You have Azure Resource Manager templates that you use to deploy Azure virtual machines. You need to disable unused Windows features automatically as instances of the virtual machi...
Azure VM SecurityDesired State Configuration (DSC)Configuration ManagementOS Hardening