AZ-500 Exam Questions
626 real AZ-500 exam questions with expert-verified answers and explanations. Page 4 of 13.
- Question #160Configure and manage virtual networking - specifically implementing VNet-to-VNet connectivity using Azure Virtual Network Peering (AZ-104: Implement and manage virtual networking)
SIMULATION You need to configure network connectivity between a virtual network named VNET1 and a virtual network named VNET2. The solution must ensure that virtual machines connec...
Azure Virtual NetworkVNet PeeringNetwork ConnectivityAzure Networking - Question #161Implement and manage virtual networking - specifically configuring Azure Firewall as a network security service within a virtual network, aligning with the AZ-104 'Configure and manage virtual networks' or AZ-700 'Design and implement network security' domain objectives.
SIMULATION You need to deploy an Azure firewall to a virtual network named VNET3. To complete this task, sign in to the Azure portal and modify the Azure resources. This task might...
Azure FirewallVirtual NetworksNetwork SecurityAzure Portal - Question #162Manage Azure identities and governance - specifically implementing resource locks to protect critical Azure resources from accidental deletion or modification, aligned with the AZ-104 Microsoft Azure Administrator certification.
SIMULATION You need to configure a virtual network named VNET2 to meet the following requirements: Administrators must be prevented from deleting VNET2 accidentally. Administrators...
Azure Resource LocksVirtual NetworksResource GovernanceAzure Portal Administration - Question #163Secure compute, storage, and databases
You have an Azure virtual machine named VM1. From Azure Security Center, you get the following high-severity recommendation: "Install endpoint protection solutions on virtual machi...
Azure Virtual MachinesEndpoint ProtectionAzure Security CenterVM Extensions - Question #164Secure compute, storage, and databases
You have an Azure subscription that contains a virtual network. The virtual network contains the subnets shown in the following table. The subscription contains the virtual machine...
Just-in-Time (JIT) VM accessNetwork Security Groups (NSG)Virtual machine securityAzure Defender for Cloud - Question #165Implement and manage virtual machine security - specifically configuring antimalware protection and scheduled scanning for Azure IaaS virtual machines using VM Extensions, aligned with the AZ-104 'Manage Azure identities and governance' / 'Deploy and manage Azure compute resources' domain.
SIMULATION You need to ensure that web11597200 is protected from malware by using Microsoft Antimalware for Virtual Machines and is scanned every Friday at 01:00. To complete this...
Azure Virtual MachinesMicrosoft Antimalware ExtensionVM SecurityAzure Extensions - Question #166Monitor and maintain Azure resources - specifically configuring diagnostic logging and archiving for Network Security Groups to meet compliance and retention requirements (AZ-104: Monitor and back up Azure resources)
SIMULATION You need to ensure that the events in the NetworkSecurityGroupRuleCounter log of the VNET01- Subnet0-NSG network security group (NSG) are stored in the logs11597200 Azur...
Azure Network Security GroupsDiagnostic SettingsAzure Monitor LogsAzure Storage Retention - Question #167Monitor and Maintain Azure Resources - Configure monitoring, alerting, and notifications for Azure resource governance events using Azure Monitor and Action Groups.
SIMULATION A user named Debbie has the Azure app installed on her mobile device. You need to ensure that [email protected] is alerted when a resource lock is deleted. To complete...
Azure Monitor AlertsResource LocksAction GroupsActivity Log - Question #168Secure compute, storage, and databases
You are troubleshooting a security issue for an Azure Storage account. You enable the diagnostic logs for the storage account. What should you use to retrieve the diagnostics logs?
Azure StorageDiagnostic loggingMonitoring toolsTroubleshooting - Question #169Monitor and Back Up Azure Resources - Configure monitoring for Azure resources using Azure Monitor and Log Analytics workspaces, including data collection from connected Windows servers.
SIMULATION You plan to connect several Windows servers to the WS11641655 Azure Log Analytics workspace. You need to ensure that the events in the System event logs are collected au...
Azure MonitorLog Analytics WorkspaceWindows Event LogsData Collection Configuration - Question #170Implement and manage Azure Monitor logging and diagnostics, specifically configuring diagnostic settings to route resource-level logs from Azure Recovery Services vaults to a Log Analytics workspace for backup reporting and monitoring.
SIMULATION You need to ensure that the AzureBackupReport log for the Vault1 Recovery Services vault is stored in the WS11641655 Azure Log Analytics workspace. To complete this task...
Azure Recovery Services VaultDiagnostic SettingsLog AnalyticsAzure Monitor - Question #171Configure and manage Azure security monitoring - specifically enabling and routing Azure SQL Database audit logs to a Log Analytics workspace for centralized log management and compliance reporting (AZ-500 / SC-900 / DP-300 Security and Compliance domain).
SIMULATION You need to ensure that the audit logs from the SQLdb1 Azure SQL database are stored in the WS11641655 Azure Log Analytics workspace. To complete this task, sign in to t...
Azure SQL DatabaseDatabase AuditingLog Analytics WorkspaceAzure Monitor - Question #172Implement and manage data platform resources - specifically configuring backup and recovery options for Azure SQL Database, aligning with the Azure Database Administrator Associate (DP-300) or Azure Administrator Associate (AZ-104) certification objectives around data protection and storage management.
SIMULATION You need to configure a weekly backup of an Azure SQL database named Homepage. The backup must be retained for eight weeks. To complete this task, sign in to the Azure p...
Azure SQL DatabaseLong-Term Retention (LTR)Backup PolicyData Protection - Question #173Implement and manage Azure security - specifically configuring Key Vault access policies to support secure Azure Resource Manager template deployments (AZ-104 / AZ-500: Manage identity and access / Secure Azure solutions with Key Vault)
SIMULATION You need to ensure that when administrators deploy resources by using an Azure Resource Manager template, the deployment can access secrets in an Azure key vault named K...
Azure Key VaultARM TemplatesAdvanced Access PoliciesSecret Management - Question #174Implement and manage network security - specifically configuring Azure Application Gateway WAF to protect web applications from malicious HTTP/HTTPS traffic, aligning with the AZ-104 or AZ-500 certification domain of securing Azure infrastructure and services.
SIMULATION You need to ensure that connections through an Azure Application Gateway named Homepage- AGW are inspected for malicious requests. To complete this task, sign in to the...
Azure Application GatewayWeb Application Firewall (WAF)Network SecurityAzure Portal Configuration - Question #175Implement and manage Azure identities and access - specifically configuring Azure AD authentication for Azure App Services within the AZ-104 or AZ-900 certification domain covering identity, governance, and access management.
SIMULATION You need to create a web app named Intranet11597200 and enable users to authenticate to the web app by using Azure Active Directory (Azure AD). To complete this task, si...
Azure App ServiceAzure Active DirectoryAuthentication and AuthorizationWeb App Configuration - Question #176Implement and manage security for Azure SQL databases, including configuring Advanced Data Security and Advanced Threat Protection alert notifications - aligning with the AZ-500 'Secure Data and Applications' domain or SC-300/AZ-104 security management objectives.
SIMULATION You need to enable Advanced Data Security for the SQLdb1 Azure SQL database. The solution must ensure that Azure Advanced Threat Protection (ATP) alerts are sent to User...
Azure SQL Database SecurityAdvanced Data SecurityAdvanced Threat ProtectionAzure Portal Configuration - Question #177Implement and manage data protection and encryption - specifically configuring Azure Key Vault access policies to support Azure Disk Encryption for IaaS virtual machine disk security (AZ-104: Secure Azure resources / AZ-500: Configure and manage Key Vault).
SIMULATION You plan to use Azure Disk Encryption for several virtual machine disks. You need to ensure that Azure Disk Encryption can retrieve secrets from the KeyVault11641655 Azu...
Azure Key VaultAzure Disk EncryptionAccess PoliciesData Security - Question #178Manage identity and access in Azure - specifically configuring role-based access control (RBAC) for Azure Key Vault resources to grant appropriate secret management permissions to users.
SIMULATION You need to ensure that User2-11641655 has all the key permissions for KeyVault11641655. To complete this task, sign in to the Azure portal and modify the Azure resource...
Azure Key VaultAzure RBACIdentity and Access ManagementLeast Privilege Principle - Question #179Secure compute, storage, and databases
You have an Azure web app named WebApp1. You upload a certificate to WebApp1. You need to make the certificate accessible to the app code of WebApp1. What should you do?
Azure App ServiceCertificatesApplication Settings - Question #180Secure identity and access
Case Study 1 - Litware, Inc Overview Litware, Inc. is a digital media company that has 500 employees in the Chicago area and 20 employees in the San Francisco area. Existing Enviro...
Azure AD app registrationUser consentEnterprise applications - Question #181Secure identity and access
Hotspot Question Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. The tenant contains the users shown in the...
Azure AD MFAConditional AccessIdentity protection - Question #182Manage Azure identities and governance - specifically, implementing and managing Azure AD application registrations, including configuring redirect URIs and supported account types for enterprise or developer applications.
SIMULATION The developers at your company plan to publish an app named App11641655 to Azure. You need to ensure that the app is registered to Azure Active Directory (Azure AD). The...
Azure Active DirectoryApp RegistrationIdentity ManagementAzure Portal Navigation - Question #183Implement and manage storage - Configure Azure Files authentication and authorization using on-premises Active Directory Domain Services (AZ-104 / AZ-305)
Drag and Drop Question Your network contains an on-premises Active Directory domain named contoso.com. The domain contains a user named User1. You have an Azure subscription that i...
Azure Files AuthenticationActive Directory Domain ServicesAzure AD ConnectHybrid Identity - Question #184Secure identity and access
Hotspot Question You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following ta...
Azure RBACResource Group permissionsVirtual Network creation - Question #185Implement and Manage Containers - Configure environment variables and secure secrets in Azure Container Instances using YAML deployment files
Hotspot Question You have a file named File1.yaml that contains the following contents. You create an Azure container instance named container1 by using File1.yaml. You need to ide...
Azure Container InstancesEnvironment VariablesSecure VariablesYAML Configuration - Question #186Implement and manage virtual networking - specifically configuring network access to Azure Storage accounts using service endpoints and firewall rules (AZ-104 / AZ-700 domain: Configure secure access to storage)
Hotspot Question You have an Azure subscription that contains the virtual machines shown in the following table. Subnet1 and Subnet2 have a Microsoft.Storage service endpoint confi...
Azure Storage FirewallService EndpointsNetwork Access ControlVirtual Network Integration - Question #187Secure compute, storage, and databases
Hotspot Question You have an Azure subscription that contains an Azure key vault named KeyVault1 and the virtual machines shown in the following table. You set the Key Vault access...
Azure Disk EncryptionAzure Key VaultKey Vault firewall - Question #188Secure compute, storage, and databases
Drag and Drop Question You have an Azure Storage account named storage1 and an Azure virtual machine named VM1. VM1 has a premium SSD managed disk. You need to enable Azure Disk En...
Azure Disk Encryption (ADE)Key VaultVirtual Machine SecurityData at Rest Encryption - Question #189Secure compute, storage, and databases
Hotspot Question You have the Azure key vaults shown in the following table. KV1 stores a secret named Secret1 and a key for a managed storage account named Key1. You back up Secre...
Azure Key VaultSecret managementKey managementBackup and restore - Question #190Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You onboard Azure Sentinel. You connect Azure Sentinel to Azure Security Center. You need to automate the mitigation of incidents in Azure Sentinel. The solution must minimize admi...
Azure SentinelAlert RulesIncident ManagementSecurity Automation - Question #191Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
From Azure Security Center, you enable Azure Container Registry vulnerability scanning of the images in Registry1. You perform the following actions: - Push a Windows image named I...
Azure Container RegistryVulnerability scanningMicrosoft Defender for CloudContainer security - Question #192Secure identity and access
You have an Azure Active Directory (Azure AD) tenant. You have the deleted objects shown in the following table. On May 4, 2020, you attempt to restore the deleted objects by using...
Azure Active DirectoryDeleted ObjectsObject RestorationRetention Policy - Question #193Secure identity and access
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named User1. You plan to publish several apps in the tenant. You need to ensure that Use...
Azure AD RolesAdmin ConsentApplication Management - Question #194Secure identity and access
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant. When a developer attempts to register an app named App1 in the tenant, the developer recei...
Azure ADApp RegistrationUser PermissionsIdentity Management - Question #195Secure identity and access
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant and a user named User1. The App registrations settings for the tenant are configured as sho...
Azure AD RolesApp RegistrationLeast PrivilegeIdentity and Access Management - Question #196Secure networking
You have the Azure virtual machines shown in the following table. Each virtual machine has a single network interface. You add the network interface of VM1 to an application securi...
Application Security Group (ASG)Network Interface (NIC)Virtual Network (VNet)Azure Networking Security - Question #197Secure identity and access
You have an Azure subscription named Subcription1 that contains an Azure Active Directory (Azure AD) tenant named contoso.com and a resource group named RG1. You create a custom ro...
- Question #198Secure identity and access
You have an Azure subscription. You enable Azure Active Directory (Azure AD) Privileged Identity Management (PIM). Your company's security policy for administrator accounts has the...
Azure AD PIMPrivileged Identity ManagementSecurity AlertsAccount Management - Question #199Secure identity and access
You have an Azure Active Directory (Azure AD) tenant named Contoso.com and an Azure Kubernetes Service (AKS) cluster AKS1. You discover that AKS1 cannot be accessed by using accoun...
Azure Kubernetes Service (AKS)Azure Active Directory (Azure AD)Identity and Access Management (IAM)AKS Security - Question #200Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You have an Azure subscription that contains an Azure Container Registry named Registry1. The subscription uses the Standard use tier of Azure Security Center. You upload several c...
Azure Container RegistryVulnerability scanningMicrosoft Defender for CloudPricing tiers - Question #201
You have an Azure Active Directory (Azure AD) tenant named contoso.com. You need to configure diagnostic settings for contoso.com. The solution must meet the following requirements...
- Question #202Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You have an Azure subscription that contains the Azure Log Analytics workspaces shown in the following table. You create the virtual machines shown in the following table. You plan...
Azure SentinelLog AnalyticsVM MonitoringConnectivity - Question #203
You have an Azure subscription that contains 100 virtual machines and has Azure Security Center Standard tier enabled. You plan to perform a vulnerability scan of each virtual mach...
- Question #204Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You have an Azure subscription that contains a user named Admin1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager t...
Just-in-Time VM AccessAzure Security CenterNetwork Security GroupVM Security - Question #205Secure identity and access
You have an Azure Active Directory (Azure AD) tenant and a root management group. You create 10 Azure subscriptions and add the subscriptions to the root management group. You need...
Azure BlueprintsRBACPermissionsManagement Groups - Question #206Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You have three on-premises servers named Server1, Server2, and Server3 that run Windows. Server1 and Server2 and located on the Internal network. Server3 is located on the premises...
Azure SentinelLog IngestionOn-premises IntegrationMicrosoft Monitoring Agent - Question #207
You have an Azure subscription that contains several Azure SQL databases and an Azure Sentinel workspace. You need to create a saved query in the workspace to find events reported...
- Question #208
You are collecting events from Azure virtual machines to an Azure Log Analytics workspace. You plan to create alerts based on the collected events. You need to identify which Azure...
- Question #209Manage identity and access - specifically managing Azure role-based access control (RBAC), custom role definitions, and understanding the effect of role assignments scoped to resource groups (AZ-104 Domain: Manage Azure identities and governance)
Hotspot Question You have an Azure subscription named Subscription1 that contains the resources shown in the following table. You create an Azure role by using the following JSON f...
Azure RBACCustom RolesRole Assignment ScopeAzure Resource Permissions