Latest 2021 Realistic Verified AZ-500 Dumps - 100% Free AZ-500 Exam Dumps
Get 2021 Updated Free Microsoft AZ-500 Exam Questions & Answer
Jobs, Responsibilities, and Expected Salary after Passing AZ-500 Exam
The Microsoft Certified: Azure Security Engineer Associate certification coming after acing AZ-500 test is the most direct way to get a job as an Azure security engineer. This role captures aspects such as managing the posture of security within an organization. Other responsibilities of such a specialist include identifying and solving vulnerabilities using varied security tools, implementing protection from threats, and countering escalating security incidents. In addition, you'll be working with a team devoted to ensuring the management of security within the cloud or hybrid environments. You can apply for any of the various job titles associated with Azure security. They include an Azure or cloud security engineer, a senior systems engineer, and a cloud security architect. Per year, cloud security engineers earn $96,800 on average based on what ZipRecruiter.com divulges.
NEW QUESTION 20
You have an Azure subscription that contains an Azure key vault and an Azure Storage account. The key vault contains customer-managed keys. The storage account is configured to use the customer-managed keys stored In the key vault.
You plan to store data in Azure by using the following services:
* Azure Files
* Azure Blob storage
* Azure Log Analytics
* Azure Table storage
* Azure Queue storage
Which two services data encryption by using the keys stored in the key vault? Each correct answer present a complete solution.
NOTE: Each correct selection is worth one point.
- A. Blob storage
- B. Table storage
- C. Queue storage
- D. Azure Files
Answer: A,C
NEW QUESTION 21
You have Azure Resource Manager templates that you use to deploy Azure virtual machines.
You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.
What should you use?
- A. device compliance policies in Microsoft Intune
- B. device configuration policies in Microsoft Intune
- C. application security groups
- D. an Azure Desired State Configuration (DSC) virtual machine extension
Answer: D
Explanation:
Section: [none]
Explanation:
You can use Azure Automation State Configuration to manage Azure VMs (both Classic and Resource Manager), on-premises VMs, Linux machines, AWS VMs, and on-premises physical machines.
Note: Azure Automation State Configuration provides a DSC pull server similar to the Windows Feature DSC- Service so that target nodes automatically receive configurations, conform to the desired state, and report back on their compliance. The built-in pull server in Azure Automation eliminates the need to set up and maintain your own pull server. Azure Automation can target virtual or physical Windows or Linux machines, in the cloud or on-premises.
Reference:
https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started
NEW QUESTION 22
What is the membership of Group1 and Group2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: User1, User2, User3, User4
Contains "ON" is true for Montreal (User1), MONTREAL (User2), London (User 3), and Ontario (User4) as string and regex operations are not case sensitive.
Box 2: Only User3
Match "*on" is only true for London (User3).
Scenario:
Contoso.com contains the users shown in the following table.
Contoso.com contains the security groups shown in the following table.
References:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
NEW QUESTION 23
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
You need to identify which initiatives and policies you can add to Subscription1 by using Azure Security Center.
What should you identify?
- A. Initiative1 and Initiative2 only
- B. Policy1 and Policy2 only
- C. Initiative1, Initiative2, Policy1, and Policy2
- D. Initiative1 only
Answer: C
Explanation:
Section: [none]
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/security-center/custom-security-policies
NEW QUESTION 24
You need to ensure that the Azure AD application registration and consent configurations meet the identity and access requirements.
What should you use in the Azure portal? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-user-consent
NEW QUESTION 25
You are troubleshooting a security issue for an Azure Storage account You enable Azure Storage Analytics logs and archive It to a storage account. What should you use to retrieve the diagnostics logs?
- A. Azure Storage Explorer
- B. Azure Monitor
- C. SQL query editor in Azure
- D. Azure Cosmos DB explorer
Answer: A
NEW QUESTION 26
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
The tenant contains the named locations shown in the following table.
You create the conditional access policies for a cloud app named App1 as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 27
You create an Azure subscription.
You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure AD roles.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation:
Step 1: Consent to PIM
Step: 2 Verify your identity by using multi-factor authentication (MFA) Click Verify my identity to verify your identity with Azure MFA. You'll be asked to pick an account.
Step 3: Sign up PIM for Azure AD roles
Once you have enabled PIM for your directory, you'll need to sign up PIM to manage Azure AD roles.
References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started
NEW QUESTION 28
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username: [email protected]
Azure Password: Ag1Bh9!#Bd
The following information is for technical support purposes only:
Lab Instance: 10598168
You need to add the network interface of a virtual machine named VM1 to an application security group named ASG1.
To complete this task, sign in to the Azure portal.
Answer:
Explanation:
See the explanation below.
* In the Search resources, services, and docs box at the top of the portal, begin typing the name of a virtual machine, VM1 that has a network interface that you want to add to, or remove from, an application security group.
* When the name of your VM appears in the search results, select it.
* Under SETTINGS, select Networking. Select Configure the application security groups, select the application security groups that you want to add the network interface to, or unselect the application security groups that you want to remove the network interface from, and then select Save.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
NEW QUESTION 29
You create an Azure subscription.
You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure AD roles.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation:
Step 1: Consent to PIM
Step: 2 Verify your identity by using multi-factor authentication (MFA) Click Verify my identity to verify your identity with Azure MFA. You'll be asked to pick an account.
Step 3: Sign up PIM for Azure AD roles
Once you have enabled PIM for your directory, you'll need to sign up PIM to manage Azure AD roles.
References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started
NEW QUESTION 30
You need to create a new Azure Active Directory (Azure AD) directory named 10317806.onmicrosoft.com.
The new directory must contain a user named user10317806 who is configured to sign in by using Azure Multi-Factor Authentication (MFA).
Answer:
Explanation:
See the explanation below.
Explanation
To create a new Azure AD tenant:
1. Browse to the Azure portal and sign in with an account that has an Azure subscription.
2. Select the plus icon (+) and search for Azure Active Directory
3. Select Azure Active Directory
4. Select Create.
5. Provide an Organization name (10317806) and an Initial domain name (10317806). Then select Create.
This will create the directory named
10317806.onmicrosoft.com.
6. After directory creation is complete, select the information box to manage your new directory.
To create the user:
1. In the Azure portal, make sure you are on the Azure Active Directory fly out.
If not, select the Azure Active Directory icon from the left services navigation.
2. Under Manage, select Users.
3. Select All users and then select
4. Provide a Name and User name (user10317806) for the user. When you're done, select Create.
To enable MFA:
1. In the Azure portal, make sure you are on the Azure Active Directory fly out.
If not, select the Azure Active Directory icon from the left services navigation.
2. Under Manage, select Users.
3. Click on the Multi-Factor Authentication
4. Tick the checkbox next to the user's name and click the
Reference:
https://docs.microsoft.com/en-us/power-bi/developer/create-an-azure-active-directory-tenant
NEW QUESTION 31
Your company has two offices in Seattle and New York. Each office connects to the Internet by using a NAT device. The offices use the IP addresses shown in the following table.
The company has an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.
The MFA service settings are configured as shown in the exhibit. (Click the Exhibit tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
References:
https://www.cayosoft.com/difference-enabling-enforcing-mfa/
NEW QUESTION 32
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create a policy definition and assignments that are scoped to resource groups.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
Section: [none]
Explanation/Reference:
https://4sysops.com/archives/apply-governance-policy-to-multiple-azure-subscriptions-with-management- groups/
NEW QUESTION 33
You have an Azure subscription that contains a web app named App1 and an Azure key vault named Vault1.
You need to configure App1 to store and access the secrets in Vault1.
How should you configure App1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet
NEW QUESTION 34
You are evaluating the effect of the application security groups on the network communication between the virtual machines in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: No. VM4 is in Subnet13 which has NSG3 attached to it.
VM1 is in ASG1. NSG3 would only allow ICMP pings from ASG2 but not ASG1. Only TCP traffic is allowed from ASG1.
NSG3 has the inbound security rules shown in the following table.
Box 2: Yes.
VM2 is in ASG2. Any protocol is allowed from ASG2 so ICMP ping would be allowed.
Box3. VM1 is in ASG1. TCP traffic is allowed from ASG1 so VM1 could connect to the web server as connections to the web server would be on ports TCP 80 or TCP 443.
NEW QUESTION 35
You have Azure Resource Manager templates that you use to deploy Azure virtual machines.
https://www.fast2test.com/AZ-500-practice-test.html 42
Valid Fast2test AZ-500 Exam PDF Dumps - New AZ-500 Real Exam Questions
You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.
What should you use?
- A. device compliance policies in Microsoft Intune
- B. device configuration policies in Microsoft Intune
- C. application security groups
- D. an Azure Desired State Configuration (DSC) virtual machine extension
Answer: D
Explanation:
The primary use case for the Azure Desired State Configuration (DSC) extension is to bootstrap a VM to the Azure Automation State Configuration (DSC) service. The service provides benefits that include ongoing management of the VM configuration and integration with other operational tools, such as Azure Monitoring.
Using the extension to register VM's to the service provides a flexible solution that even works across Azure subscriptions.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview
NEW QUESTION 36
......
Preparation Options
When you are preparing for Microsoft AZ-500, you need to ensure that you are using the right prep resources. You can use the training options that you can find on the official webpage, which should get you over the line. However, if you want to use other materials as well, you should consider utilizing exam dumps. With their help, you will get access to everything that you need to study for Microsoft AZ-500, because most of them are available along with video lectures, study guides, and practice tests. All of it can be used to your advantage.
AZ-500 Dumps PDF and Test Engine Exam Questions: https://testinsides.actualpdf.com/AZ-500-real-questions.html
