Before starting you need to understand the basic information, topic details, exam score, recommended exam preparation resources. The following recommended learning resources will be helpful to you. https://www.pass4itsure.com/az-500.html providing latest updates for Microsoft AZ-500 practice exam which will help you to pass this exam. (Microsoft AZ-500 VCE and PDF dumps contain the latest AZ-500 exam questions).
2020 Latest Microsoft AZ-500 Exam Dumps (PDF & VCE) Free Share: https://drive.google.com/file/d/12zkKBfXav0fsM4_rMCLOPt1ZrLGbJUac/view?usp=sharing
Microsoft AZ-500 Exam Video Study
Microsoft AZ-500 PDF Dumps – Excellent Chance AZ-500 Practice Exam
AZ-500 Dumps | AZ-500 Exam Dumps | AZ-500 PDF Dumps | AZ-500 Exam Braindumps | AZ-500 Dumps PDF | AZ-500 Practice Exam | AZ-500 Exam Questions | AZ-500 Practice Test | AZ-500 Braindumps
Microsoft AZ-500 PDF Dumps Download
[PDF] Microsoft AZ-500 PDF Dumps Free https://drive.google.com/file/d/12zkKBfXav0fsM4_rMCLOPt1ZrLGbJUac/view?usp=sharing
Latest Microsoft AZ-500 Practice Exam
QUESTION 1
You have an Azure subscription that contains the virtual networks shown in the following table.
On NIC1, you configure an application security group named ASG1. On which other network interfaces can you
configure ASG1?
A. NIC2 only
B. NIC2, NIC3, NIC4, and NIC5
C. NIC2 and NIC3 only
D. NIC2, NIC3, and NIC4 only
Correct Answer: C
Only network interfaces in NVET1, which consists of Subnet11 and Subnet12, can be configured in ASG1, as all
network interfaces assigned to an application security group have to exist in the same virtual network that the first
network interface assigned to the application security group is in.
Reference: https://azure.microsoft.com/es-es/blog/applicationsecuritygroups/
QUESTION 2
Which virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select the appropriate
options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
Box 1: VNET4 and VNET1 only
RG1 has only Delete lock, while there are no locks on RG4.
RG2 and RG3 both have Read-only locks.
Box 2: VNET4 only
There are no locks on RG4, while the other resource groups have either Delete or Read-only locks.
Note: As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in
your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete
or
ReadOnly. In the portal, the locks are called Delete and Read-only respectively.
CanNotDelete means authorized users can still read and modify a resource, but they can\’t delete the resource.
ReadOnly means authorized users can read a resource, but they can\’t delete or update the resource. Applying this
lock is similar to restricting all authorized users to the permissions granted by the Reader role.
Scenario:
User2 is a Security administrator.
Sub1 contains six resource groups named RG1, RG2, RG3, RG4, RG5, and RG6.
User2 creates the virtual networks shown in the following table.
QUESTION 3
You have 15 Azure virtual machines in a resource group named RG1.
All virtual machines run identical applications.
You need to prevent unauthorized applications and malware from running on the virtual machines.
What should you do?
A. Apply an Azure policy to RG1.
B. From Azure Security Center, configure adaptive application controls.
C. Configure Azure Active Directory (Azure AD) Identity Protection.
D. Apply a resource lock to RG1.
Correct Answer: B
Adaptive application control is an intelligent, automated end-to-end application whitelisting solution from Azure Security
Center. It helps you control which applications can run on your Azure and non-Azure VMs (Windows and Linux), which,
among other benefits, helps harden your VMs against malware. Security Center uses machine learning to analyze the
applications running on your VMs and helps you apply the specific whitelisting rules using this intelligence.
Reference: https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-application
QUESTION 4
You plan to deploy Azure container instances.
You have a containerized application that validates credit cards. The application is comprised of two containers: an
application container and a validation container.
The application container is monitored by the validation container. The validation container performs security checks by
making requests to the application container and waiting for responses after every transaction.
You need to ensure that the application container and the validation container are scheduled to be deployed together.
The containers must communicate to each other only on ports that are not externally exposed.
What should you include in the deployment?
A. application security groups
B. network security groups (NSGs)
C. management groups
D. container groups
Correct Answer: D
Azure Container Instances supports the deployment of multiple containers onto a single host using a container group. A
container group is useful when building an application sidecar for logging, monitoring, or any other configuration where a
service needs a second attached process.
Reference: https://docs.microsoft.com/en-us/azure/container-instances/container-instances-container-groups
QUESTION 5
You plan to use Azure Monitor Logs to collect logs from 200 servers that run Windows Server 2016.
You need to automate the deployment of the Log Analytics Agent to all the servers by using an Azure Resource
Manager template.
Correct Answer:
QUESTION 6
Your network contains an Active Directory forest named contoso.com. You have an Azure Directory (Azure AD) tenant
named contoso.com.
You plan to configure synchronization by using the Express Settings installation option in Azure AD Connect.
You need to identify which roles and groups are required to perform the planned configuration. The solution must use
the principle of least privilege.
Which two roles and groups should you identify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. the Domain Admins group in Active Directory
B. the Security administrator role in Azure AD
C. the Global administrator role in Azure AD
D. the User administrator role in Azure AD
E. the Enterprise Admins group in Active Directory
Correct Answer: CE
References: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions
QUESTION 7
You need to ensure that User2 can implement PIM. What should you do first?
A. Assign User2 the Global administrator role.
B. Configure authentication methods for contoso.com.
C. Configure the identity secure score for contoso.com.
D. Enable multi-factor authentication (MFA) for User2.
Correct Answer: A
To start using PIM in your directory, you must first enable PIM.
1. Sign in to the Azure portal as a Global Administrator of your directory.
You must be a Global Administrator with an organizational account (for example, @yourdomain.com), not a Microsoft
account (for example, @outlook.com), to enable PIM for a directory.
Scenario: Technical requirements include: Enable Azure AD Privileged Identity Management (PIM) for contoso.com
References:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-getting-started
QUESTION 8
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure subscription named Sub1.
You have an Azure Storage account named Sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in Sa1 by using several shared access signatures
(SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to Sa1.
Solution: You create a lock on Sa1.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
To revoke a stored access policy, you can either delete it, or rename it by changing the signed identifier. Changing the
signed identifier breaks the associations between any existing signatures and the stored access policy. Deleting or
renaming the stored access policy immediately affects all of the shared access signatures associated with it.
References: https://docs.microsoft.com/en-us/rest/api/storageservices/Establishing-a-Stored-Access-Policy
QUESTION 9
What is the membership of Group1 and Group2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Explanation:
Box 1: User1, User2, User3, User4
Contains “ON” is true for Montreal (User1), MONTREAL (User2), London (User 3), and Ontario (User4) as string and
regex operations are not case sensitive.
Box 2: Only User3
Match “*on” is only true for London (User3).
Scenario:
Contoso.com contains the users shown in the following table.
References: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
QUESTION 10
You have a hybrid configuration of Azure Active Directory (Azure AD). You have an Azure SQL Database instance that
is configured to support Azure AD authentication.
Database developers must connect to the database instance and authenticate by using their on-premises Active
Directory account.
You need to ensure that developers can connect to the instance by using Microsoft SQL Server Management Studio.
The solution must minimize authentication prompts.
Which authentication method should you recommend?
A. Active Directory – Password
B. Active Directory – Universal with MFA support
C. SQL Server Authentication
D. Active Directory – Integrated
Correct Answer: A
Use Active Directory password authentication when connecting with an Azure AD principal name using the Azure AD
managed domain.
Use this method to authenticate to SQL DB/DW with Azure AD for native or federated Azure AD users. A native user is
one explicitly created in Azure AD and being authenticated using user name and password, while a federated user is a
Windows user whose domain is federated with Azure AD. The latter method (using user and password) can be used
when a user wants to use their windows credential, but their local machine is not joined with the domain (for example,using a remote access). In this case, a Windows user can indicate their domain account and password and can
authenticate to SQL DB/DW using federated credentials.
Incorrect Answers:
D: Use Active Directory integrated authentication if you are logged in to Windows using your Azure Active Directory
credentials from a federated domain.
References: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure
QUESTION 11
You have an Azure subscription named Sub1. Sub1 contains an Azure virtual machine named VM1 that runs Windows
Server 2016.
You need to encrypt VM1 disks by using Azure Disk Encryption.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/encrypt-disks
QUESTION 12
You plan to use Azure Log Analytics to collect logs from 200 servers that run Windows Server 2016.
You need to automate the deployment of the Microsoft Monitoring Agent to all the servers by using an Azure Resource
Manager template.
How should you complete the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
QUESTION 13
You have an Azure subscription that contains the virtual machines shown in the following table.
On which virtual machines is the Log Analytics agent installed?
A. VM3 only
B. VM1 and VM3 only
C. VM3 and VM4 only
D. VM1, VM2, VM3, and VM4
Correct Answer: D
When automatic provisioning is On, Security Center provisions the Log Analytics Agent on all supported Azure VMs and
any new ones that are created.
Supported Operating systems include: Ubuntu 14.04 LTS (x86/x64), 16.04 LTS (x86/x64), and 18.04 LTS (x64) and
Windows Server 2008 R2, 2012, 2012 R2, 2016, version 1709 and 1803
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection
Click on Microsoft other exam practice.
The Benefits |Microsoft AZ-500 exam!
Speaking of advantages, it is clear that one of the greatest benefits of obtaining Azure Security Engineer Associate is Microsoft’s reputation. Recruiters value Microsoft credentials and do not hesitate to provide generous compensation to professionals who add them to their resumes.
Pass4itsure Exam Dumps | AZ-500 Practice Exam
Pass4itsure Discount Code 2020
The latest discount code “2020PASS” is provided below. AZ-500 dumps (AZ-500 braindumps) with a 12% off discount, pass the exam, come soon!
P.S
In short get the Microsoft Azure certification together with the aid of the AZ-500 braindumps – AZ-500 practice test of https://www.pass4itsure.com/az-500.html Q&As: 203.
2020 Latest Microsoft AZ-500 Exam Dumps (PDF) Free Share: https://drive.google.com/file/d/12zkKBfXav0fsM4_rMCLOPt1ZrLGbJUac/view?usp=sharing
