AZ-500 Exam Questions
626 real AZ-500 exam questions with expert-verified answers and explanations. Page 6 of 13.
- Question #263Secure identity and access
You plan to create an Azure Kubernetes Service (AKS) cluster in an Azure subscription. The manifest of the registered server application is shown in the following exhibit. You need...
AKS IntegrationAzure ADRBACApplication Manifest - Question #264Secure identity and access
Hotspot Question You plan to implement an Azure function named Function1 that will create new storage accounts for containerized application instances. You need to grant Function1...
Managed IdentitiesAzure FunctionsRBACsystem-assigned identity - Question #265Secure identity and access
Hotspot Question You have an Azure Active Directory (Azure AD) tenant that contains the resources shown in the following table. User2 is the owner of Group2. The user and group set...
Azure AD groupsapplication ownersself-service app accessuser assignment - Question #266Secure networking
Hotspot Question You have an Azure subscription that contains a storage account named storage1 and several virtual machines. The storage account and virtual machines are in the sam...
Azure Storage FirewallsVirtual Network Service EndpointsNetwork Access ControlAzure Networking Security - Question #267Secure networking
Hotspot Question You have the Azure virtual networks shown in the following table. You have the Azure virtual machines shown in the following table. The firewalls on all the virtua...
Network Security Groups (NSG)virtual networknetwork connectivityinbound/outbound rules - Question #268Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Hotspot Question On Monday, you configure an email notification in Azure Security Center to email notifications to [email protected]. On Tuesday, Security Center generates the secu...
Azure Security Centersecurity alertsemail notificationsalert aggregation - Question #269Secure compute, storage, and databases
You are troubleshooting a security issue for an Azure Storage account. You enable the diagnostic logs for the storage account. What should you use to retrieve the diagnostics logs?
Azure MonitorDiagnostic LogsAzure StorageLogging & Monitoring - Question #270Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You have an Azure subscription that contains the resources shown in the following table. You plan to enable Azure Defender for the subscription. Which resources can be protected by...
Microsoft Defender for CloudResource protectionCompute securityStorage security - Question #271Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You have an Azure subscription that contains a resource group named RG1 and a security group named ServerAdmins. RG1 contains 10 virtual machines, a virtual network named VNET1, an...
Just-in-Time (JIT) VM AccessMicrosoft Defender for CloudNetwork Security Groups (NSG)RDP Security - Question #273Secure compute, storage, and databases
You have an Azure subscription that contains an Azure SQL database named sql1. You plan to audit sql1. You need to configure the audit log destination. The solution must meet the f...
Azure SQL AuditingLog AnalyticsKQLSecurity Monitoring - Question #274Secure identity and access
Hotspot Question You have a management group named Group1 that contains an Azure subscription named sub1. Sub1 has a subscription ID of 11111111-1234-1234-1234-1111111111. You need...
Custom RBAC rolesmanagement groupsAzure tagsassignable scope - Question #275Secure identity and access
Hotspot Question You have an Azure subscription that contains the custom roles shown in the following table. In the Azure portal, you plan to create new custom roles by cloning exi...
Custom RBAC rolescloning rolesrole definitionassignable scope - Question #276Configure Azure Sentinel to collect data, detect threats, and automate responses - specifically integrating Security Center alerts with incident creation and playbook-driven remediation (SC-200 / AZ-500: Security Operations)
Drag and Drop Question You have an Azure subscription that contains the following resources: - A network virtual appliance (NVA) that runs non-Microsoft firewall software and route...
Azure SentinelSecurity Automation (SOAR)Azure Security Center IntegrationLogic Apps / Playbooks - Question #277Configure SIEM and threat detection solutions / Manage security monitoring with Microsoft Sentinel (SC-200 / AZ-500 Security Domain)
Hotspot Question You have an Azure subscription named Subscription1 that contains the resources shown in the following table. You have an Azure subscription named Subscription2 tha...
Azure SentinelCEF Log IngestionEvent HubsLog Analytics Workspace - Question #278Implement and manage storage security - specifically configuring customer-managed keys (CMK) for Azure Storage encryption using Azure Key Vault, which falls under the 'Secure storage' or 'Implement storage security' objective in AZ-104 / AZ-500 certification domains.
SIMULATION You need to ensure that the rg1lod10598168n1 Azure Storage account is encrypted by using a key stored in the KeyVault10598168 Azure key vault. To complete this task, sig...
Azure Storage EncryptionCustomer-Managed KeysAzure Key VaultData Security - Question #279Secure identity and access
Case Study 2 - Contoso, Ltd Overview Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The company hosts its...
RBACvirtual network permissionsleast privilege - Question #280Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Case Study 3 - Fabrikam, Inc General Overview Fabrikam, Inc. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York. Fabrikam has IT,...
Microsoft Defender for CloudAzure Security CenterSecurity PolicyInitial Setup - Question #281Secure identity and access
Case Study 3 - Fabrikam, Inc General Overview Fabrikam, Inc. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York. Fabrikam has IT,...
Conditional AccessAzure ADAuthenticationSession Control - Question #282Secure compute, storage, and databases
Case Study 3 - Fabrikam, Inc General Overview Fabrikam, Inc. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York. Fabrikam has IT,...
resource inventoryAzure Container RegistryLog Analytics workspace - Question #283Manage Azure identities and governance / Implement and manage virtual networking - likely from AZ-104 (Microsoft Azure Administrator) or SC-300 (Microsoft Identity and Access Administrator), based on the Fabrikam case study structure involving Azure AD Connect, OUs, NSGs, and Azure resource hierarchy.
Case Study 3 - Fabrikam, Inc General Overview Fabrikam, Inc. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York. Fabrikam has IT,...
Azure AD Connect Cloud SyncNetwork Security GroupsAzure RBACSubscription Management - Question #284Secure identity and access
You have an Azure subscription that contains the resources shown in the following table. You need to ensure that ServerAdmins can perform the following tasks: - Create virtual mach...
Azure RBACLeast PrivilegeCustom RolesVirtual Machine Management - Question #285Secure Azure using Microsoft Defender for Cloud and Sentinel
You have an Azure Sentinel deployment. You need to create a scheduled query rule named Rule1. What should you use to define the query rule logic for Rule1?
Azure SentinelKusto Query Language (KQL)Scheduled RulesSIEM - Question #286Secure identity and access
You have an Azure subscription named Subscription1 that contains a resource group named RG1 and the users shown in the following table. You perform the following tasks: - Assign Us...
- Question #287Manage Azure Active Directory identities - specifically understanding the differences between Assigned and Dynamic membership group types and what object types (users, groups, managed identities, service principals) are eligible for membership in each group type.
Hotspot Question You have an Azure subscription that contains the Azure Active Directory (Azure AD) resources shown in the following table. You create the groups shown in the follo...
Azure Active DirectoryGroup Membership TypesDynamic GroupsIdentity Management - Question #288Manage Azure Active Directory (Azure AD) identities and governance - specifically configuring and managing enterprise application properties including sign-in enablement, user assignment requirements, and application visibility in the My Apps portal.
Hotspot Question You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains three security groups named Group1, Group2, and Group3 and the users shown in...
Azure Active DirectoryEnterprise ApplicationsApp Registration PropertiesUser Assignment - Question #289Manage Azure Active Directory identities and governance - specifically configuring and managing application access, user/group assignments to enterprise applications, and understanding the My Apps portal experience in hybrid Azure AD environments.
Hotspot Question Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure Active Directory (Azure AD). The Azure AD tenant contains the use...
Azure AD Enterprise ApplicationsMy Apps PortalUser and Group AssignmentAzure AD Access Management - Question #290Secure identity and access
Hotspot Question You have an Azure subscription named Subscription1 that contains a resource group named RG1 and a user named User1. User1 is assigned the Owner role for RG1. You c...
Azure BlueprintsResource LocksAzure RBACResource Governance - Question #291Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Hotspot Question You have an Azure Sentinel workspace that has the following data connectors: - Azure Active Directory Identity Protection - Common Event Format (CEF) - Azure Firew...
Azure Sentineldata connectorsLog Analytics workspaceKusto Query Language - Question #292Implement and manage data security - specifically configuring encryption with customer-managed keys for Azure Storage using Azure PowerShell (AZ-104 / AZ-500 domain: Secure Data and Applications / Manage Storage)
Drag and Drop Question You have an Azure subscription. You plan to create a storage account. You need to use customer-managed keys to encrypt the tables in the storage account. Fro...
Azure StorageCustomer-Managed KeysPowerShell CmdletsData Encryption - Question #293Secure networking
You have an Azure subscription that contains the virtual machines shown in the following table. All the virtual networks are peered. You deploy Azure Bastion to VNET2. Which virtua...
Azure BastionVirtual Network PeeringNetwork SecurityRemote Access - Question #294Secure compute, storage, and databases
You have an app that uses an Azure SQL database. You need to be notified if a SQL injection attack is launched against the database. What should you do?
- Question #295Secure identity and access
You plan to deploy an app that will modify the properties of Azure Active Directory (Azure AD) users by using Microsoft Graph. You need to ensure that the app can access Azure AD....
- Question #296Secure identity and access
You have an Azure Active Directory (Azure AD) tenant. You need to prevent nonprivileged Azure AD users from creating service principles in Azure AD. What should you do in the Azure...
Azure Active DirectoryService PrincipalsApplication RegistrationUser Permissions - Question #297Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You have an Azure subscription. You plan to create a workflow automation in Azure Security Center that will automatically remediate a security vulnerability. What should you create...
Microsoft Defender for CloudAutomated RemediationWorkflow AutomationAzure Logic Apps - Question #298Secure identity and access
You have an Azure subscription that contains an app named App1. App1 has the app registration shown in the following table. You need to ensure that App1 can read all user calendars...
- Question #299Secure compute, storage, and databases
You have an Azure subscription that contains two virtual machines named VM1 and VM2 that run Windows Server 2019. You are implementing Update Management in Azure Automation. You pl...
Azure AutomationUpdate ManagementDynamic ScopingVirtual Machine Updates - Question #300Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You have 10 on-premises servers that run Windows Server 2019. You plan to implement Azure Security Center vulnerability scanning for the servers. What should you install on the ser...
Azure ArcMicrosoft Defender for CloudVulnerability ManagementHybrid Cloud - Question #301Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Case Study 3 - Fabrikam, Inc General Overview Fabrikam, Inc. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York. Fabrikam has IT,...
Just-in-Time VM accessAzure Defender for CloudVirtual Machine SecurityAzure Resource Manager (ARM) vs Classic - Question #302Secure compute, storage, and databases
Case Study 3 - Fabrikam, Inc General Overview Fabrikam, Inc. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York. Fabrikam has IT,...
Azure Virtual MachinesAzure Key VaultVirtual Network Service EndpointsApplication Deployment Security - Question #303Secure compute, storage, and databases
Hotspot Question You have an Azure subscription that contains a user named User1 and a storage account named storage1. The storage1 account contains the resources shown in the foll...
Azure StorageShared Access Signaturestorage rolesleast privilege - Question #304Implement and manage data security in Azure - specifically configuring and managing auditing for Azure SQL Managed Instance and Azure SQL Databases, including audit log destination requirements and inheritance behavior.
Hotspot Question You have an Azure subscription that contains three storage accounts, an Azure SQL managed instance named SQL1, and three Azure SQL databases. The storage accounts...
Azure SQL AuditingAzure SQL Managed InstanceStorage Account ConfigurationAzure Security and Compliance - Question #305Manage Azure identities and governance - specifically implementing management groups and assigning appropriate RBAC roles to manage costs across multiple subscriptions (AZ-104 / AZ-900 Governance domain)
Drag and Drop Question You have three Azure subscriptions and a user named User1. You need to provide User1 with the ability to manage and view costs for the resources across all t...
Azure Management GroupsAzure Cost ManagementRole-Based Access Control (RBAC)Least Privilege - Question #306Secure networking
Hotspot Question You implement the planned changes for ASG1 and ASG2. In which NSGs can you use ASG1, and the network interfaces of which virtual machines can you assign to ASG2? A...
Network Security GroupsApplication Security GroupsAzure VMsnetwork access control - Question #307Secure identity and access
Your company recently created an Azure subscription. You have been tasked with making sure that a specified user is able to implement Azure AD Privileged Identity Management (PIM)....
Azure AD PIMAzure AD rolesRole-based access control - Question #308Secure identity and access
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the...
- Question #309Secure identity and access
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the...
- Question #310Secure identity and access
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the...
- Question #311Secure identity and access
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name. After...
- Question #312Secure identity and access
You have been tasked with applying conditional access policies for your company's current Azure Active Directory (Azure AD). The process involves assessing the risk events and risk...
- Question #313Secure identity and access
You have been tasked with applying conditional access policies for your company's current Azure Active Directory (Azure AD). The process involves assessing the risk events and risk...
Conditional AccessAzure AD Identity ProtectionSign-in RiskIP Risk