option
Cuestiones
ayuda
daypo
buscar.php

Practice Test Az-500

COMENTARIOS ESTADÍSTICAS RÉCORDS
REALIZAR TEST
Título del Test:
Practice Test Az-500

Descripción:
practice test of exam

Fecha de Creación: 2026/07/10

Categoría: Otros

Número Preguntas: 27

Valoración:(0)
COMPARTE EL TEST
Nuevo ComentarioNuevo Comentario
Comentarios
NO HAY REGISTROS
Temario:

You hace an Azure subscription that uses Microsoft Defender for Cloud You use accounts for the following cloud services - Alibaba Cloud -Amazon Web Services (AWS) -Google Cloud Platform What can you add to Defender for Cloud?. AWS only. Microsoft Cloud and AWS only. AWS and GCP only. Microsoft Cloud, AWS, and GCP.

You have an Azure subscription that contains an Azure API Management instance named ContosoAPI1 ContosoAPI1 is configured with the Basic V2 pricing tier You need to configure SSL 3.0 support for ContosoAPI1 What should you do first in the Azure Portal?. Under Certificates, add a certificate. Under APIs. add an API tag. Under Protocols + ciphers, select a backend protocol. Under Pricing Tier, change the pricing tier.

You have an Azure subscription that contains a Virtual Network named VNET1. The subscription contains an Azure App Service web app named App1 You have an Azure Front Door profile named AFD1 That has an Azure Web Application Firewall (WAF) policy. You need to ensure that all inbound traffic to App1 is filtered through AFD1 What should you do?. Configure Microsoft Entra application proxy. For App1, Enable virtual network integration. For Vnet1, configure network security group (NSG) rules. For App1, configure the HTTP headers filter setting.

You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a single subnet. The subscription contains a virtual machine named VM1 that is connected to VNet1. You plan to deploy an Azure SQL managed instance named SQL1. You need to ensure that VM1 can access SQL1. Which three components should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. a network security perimeter. a virtual network gateway. a subnet. a network security group (NSG). a route table.

You have the following resources: Group1: Security group Group2: Microsoft 365 group App1: App registration MI1: User-assigned managed identity You have the users shown in the following table: User1: Member of Group1 and Group2. Assigned Owner role for App1 and MI1. User2: Member of Group1 and Group2. Assigned Owner role for App1 and MI1. You create an Azure SQL managed instance named SQL1 and enable Microsoft Entra-only authentication. You need to ensure that both User1 and User2 are set as the Microsoft Entra admin for SQL1. Solution: You set App1 as the Microsoft Entra admin for SQL1. Does this meet the goal?. Yes. No.

You have an Azure subscription named Sub1 that contains the storage accounts shown in the following table. Name Resource group storage1 RG1 storage2 RG1 storage3 RG2 You need to ensure that Defender for Storage is enabled for all the storage accounts. Enable the Defender for Storage plan for Sub1. For storage3, assign the AzDefenderPlanAutoEnable tag and set the value to off. Enable the Defender for Storage plan for RG1. Enable Defender for Storage for storage3. For storage3, disable the customer-managed keys.

RC1 contains an application rule named Rule1 that has the following settings: Source IP Addresses: 10.0.0.0/24 Target FQDNs: www.microsoft.com, * Protocol: HTTP You discover that users can browse multiple public websites from VNet1. You need to ensure that only www.microsoft.com is accessible, and access to any other public website is blocked. What should you do?. Add a new application rule collection that has Priority set to 200 and Action set to Deny for *. Add a network rule collection that has Priority set to 50 and Action set to Deny for *. Remove the target FQDN of * from RC1. Add a NAT rule collection that translates traffic to www.microsoft.com.

You have a Microsoft Entra tenant. On January 3, you configure a Multifactor authentication registration policy that has the following settings: Assignments: All users Require Microsoft Entra ID multifactor authentication registration: Enabled Enforce policy: On On January 3, you create two new users named User1 and User2. On January 5, User1 authenticates to Microsoft Entra ID for the first time. On January 7, User2 authenticates to Microsoft Entra ID for the first time. On which date will User1 and User2 be forced to register for MFA?. User1. User2.

You have an Azure subscription that contains the custom roles shown in the following table. Role1: Microsoft Entra Role2: Azure In the Azure portal, you plan to create new custom roles by cloning existing roles. The new roles will be configured as shown in the following table: Role3: Role1 only Role4: Role2 and built-in Azure roles only. Role3. Role4.

You have an Azure subscription that contains a resource group named RG1 and is linked to a Microsoft Entra tenant. RG1 contains 10 virtual machines, a virtual network named VNET1, and a network security group (NSG) named NSG1. The tenant contains a security group named ServerAdmins. Members of the ServerAdmins group are able to access the virtual machines by using RDP. You need to ensure that NSG1 only allows RDP connections to the virtual machines for a maximum of 60 minutes when a member of ServerAdmins requests access. What should you configure?. an Azure policy assigned to RG1. a Microsoft Entra Privileged Identity Management (PIM) role assignment. a just-in-time (JIT) VM access policy in Microsoft Defender for Cloud. an Azure Bastion host on VNET1.

You have an Azure SQL database. You implement Always Encrypted. You need to ensure that application developers can retrieve and decrypt data in the database. Which two pieces of information should you provide to the developers? Each correct answer presents part of the solution. the column master key. user credentials. a stored access policy. a shared access signature (SAS). the column encryption key.

You have an Azure subscription that contains an Azure SQL database named SQL1. SQL1 contains the columns shown in the following table: Name Content Column1 Comments from a confidential investigation Column2 Government ID Numbers Column3 Images Column4 Videos You configure SQL1 to use Always Encrypted. You need to configure deterministic encryption.Which column supports deterministic encryption?. Column1. Column2. Column3. Column4.

You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry. You want to use the automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry. What should you create?. a Microsoft Entra user. a secret in Azure Key Vault. a Microsoft Entra group. a role assignment.

Select the correct answer on the list. The maximum number of additional stored access policies that you can add to cont1 is. The maximum number of additional immutable blob storage policies that you can add to cont1 is.

You have an Azure subscription named Subscription1 that is linked to a Microsoft Entra tenant named contoso.com and a resource group named RG1. You create a custom role named Role1 in contoso.com. Where can you use Role1 for permission delegation?". contoso.com only. contoso.com and RG1 only. contoso.com and Subscription1 only. contoso.com, RG1, and Subscription1.

You have a Microsoft Entra tenant named contoso.com. You have an existing application named App1. App1 will run as a service on a server that runs Windows Server. App1 will authenticate to contoso.com and access Microsoft Graph to read directory data. You need to configure the minimum required permissions to App1. Which three actions should you perform in sequence from the Azure portal?. Grant admin consent. Create an app registration. Add an application permission.

You have an Azure subscription that contains a resource group named RG1. RG1 contains a storage account named storage1. You assign two custom roles, Role1 and Role2, that are scoped to RG1. The permissions are shown in the following JSON code: (JSON code omitted for brevity as requested) For each of the following statements, select Yes if the statement is true. Otherwise, select No. User1 can read data in storage1. User2 can read data in storage1. User3 can restore storage1 from a backup in Azure Backup.

You have an Azure App Service web app named WebApp1. You upload a certificate to WebApp1. You need to make the certificate accessible to the app code of WebApp1. What should you do?. Configure the TLS/SSL binding for WebApp1. Add a user-assigned managed identity to WebApp1. Enable system-assigned managed identity for WebApp1. Add an app setting to the WebApp1 configuration.

You have an Azure virtual machine named VM1. In Microsoft Defender for Cloud, you get the following high-severity recommendation: "Install endpoint protection solutions on virtual machines". You need to resolve the issue causing the high-severity recommendation. What should you do?. Install and configure Microsoft Defender for Endpoint. Add the Network Watcher Agent for Windows extension to VM1. Add the Microsoft Antimalware extension to VM1. Install the Microsoft System Center Security Management Pack for Endpoint Protection on VM1.

You have an Azure subscription that uses Microsoft Defender for Cloud. You have an Amazon Web Services (AWS) account. You need to ensure that when you deploy a new AWS Elastic Compute Cloud (EC2) instance, the Microsoft Defender for Servers agent installs automatically. What should you configure first?. the Azure Connected Machine agent. the classic cloud connector. the native cloud connector. the Azure Monitor agent.

You have an Azure subscription that contains a Microsoft Defender External Attack Surface Management (Defender EASM) resource.Defender EASM contains the inventory assets shown in the following table. Name Type State VM1 Host Approved Inventory VM2 Host Dependency VM3 Host Monitor Only VM4 Host Candidate. Scanned daily. Display in the default dashboard chart.

You need to deploy Azure SQL databases by using an Azure Resource Manager (ARM) template. The databases will be configured as shown in the following table: Name Resource group TDE SQL2 RG2 Disabled SQL3 RG1 Disabled. SQL1 will have TDE enabled automatically. The deployment of SQL2 will fail. SQL3 will be deployed and marked as noncompliant.

You use Microsoft Defender for Cloud. The subscription contains an instance of Azure Database for PostgreSQL. You need to ensure that an alert is triggered when a suspected brute force attack on the database is detected. The solution must minimize administrative effort. What should you configure?. Microsoft Defender for open-source relational databases. The PostgreSQL Audit extension (pgAudit). The Azure Monitor activity log. An Azure Monitor alert rule.

You have an Azure subscription that contains the virtual networks shown in the following table: Name Azure region VNet1 East US VNet2 West US The subscription contains the resources shown in the following table: Name Description Connected to VM1 Virtual machine that has a public IP address VNet1 App1 Azure App Service web app VNet1 FW1 Azure Firewall VNet2 You create an Azure DDoS Protection plan that has the following settings: Name: DDos1 Region: East US For each of the following statements, select Yes if the statement is true. Otherwise, select No. DDos1 can protect VM1. DDos1 can protect App1. DDos1 can protect FW1.

Your on-premises network contains a Hyper-V virtual machine named VM1. You need to use Azure Arc to onboard VM1 to Microsoft Defender for Cloud. What should you install first?. the guest configuration agent. the Azure File Sync agent. the Azure Connected Machine agent. the Azure Monitor agent.

You have 15 Azure virtual machines in a resource group named RG1. All the virtual machines run identical applications. You need to prevent unauthorized applications and malware from running on the virtual machines. Authorized applications must be able to run on the virtual machines. What should you do?. Apply a resource lock to RG1. From Microsoft Defender for Cloud, configure adaptive application controls. Configure Microsoft Entra ID Protection. Apply an Azure policy to RG1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. You can create additional Microsoft Entra diagnostic settings. You can configure retention for locations where Setting4 stores logs. You can configure Setting2 to have Analytics1 and Analytics2 as destinations.

Denunciar Test