If you are looking for free AZ-500 dumps than here we have some sample question answers available. You can prepare from our Microsoft AZ-500 exam questions notes and prepare exam with this practice test. Check below our updated AZ-500 exam dumps.
DumpsGroup are top class study material providers and our inclusive range of AZ-500 Real exam questions would be your key to success in Microsoft Azure Security Engineer Associate Certification Exam in just first attempt. We have an excellent material covering almost all the topics of Microsoft AZ-500 exam. You can get this material in Microsoft AZ-500 PDF and AZ-500 practice test engine formats designed similar to the Real Exam Questions. Free AZ-500 questions answers and free Microsoft AZ-500 study material is available here to get an idea about the quality and accuracy of our study material.
Lab TaskTask 4You need to ensure that when administrators deploy resources by using an AzureResource Manager template, the deployment can access secrets in an Azure key vaultnamed KV31330471.
You have an Azure AD tenant.You plan to implement an authentication solution to meet the following requirements:• Require number matching.• Display the geographical location when signing in.Which authentication method should you include in the solution?
You have an Azure subscription that uses Microsoft Defender for Cloud.You have an Amazon Web Services (AWS) account.You need to ensure that when you deploy a new AWS Elastic Compute Cloud (EC2)instance, the Microsoft Defender for Servers agent installs automatically. What should you configure first?
Lab TaskTask 5A user named Debbie has the Azure app installed on her mobile device.You need to ensure that [email protected] is alerted when a resource lock is deleted.
You have an Azure subscription that contains a storage account and an Azure web appnamed App1.App1 connects to an Azure Cosmos DB database named Cosmos1 that uses a privateendpoint named Endpoint1. Endpoint1 has the default settings.You need to validate the name resolution to Cosmos1.Which DNS zone should you use?
Lab Taskuse the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the usernamebelow.To enter your password. place your cursor in the Enter password box and click on thepassword below.Azure Username: Userl [email protected] Password: GpOAe4@lDgIf the Azure portal does not load successfully in the browser, press CTRL-K to reload theportal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 28681041Task 8You need to prevent HTTP connections to the rg1lod28681041n1 Azure Storage account.
You have an Azure subscription that contains a Microsoft Defender External Attack SurfaceManagement (Defender EASM) resource named EASM1. You review the Attack SurfaceSummary dashboard. You need to identify the following insights:• Deprecated technologies that are no longer supported• Infrastructure that will soon expireWhich section of the dashboard should you review?
You have an Azure subscription that contains an Azure Data Lake Storage account namedsa1.You plan to deploy an app named App1 that will access sa1 and perform operations,including Read. List, Create Directory, and Delete Directory.You need to ensure that App1 can connect securely to sa1 by using a private endpointWhat is the minimum number of private endpoints required for sa1?
Lab TaskTask 1You need to ensure that connections from the Internet to VNET1\subnet0 are allowed onlyover TCP port 7777. The solution must use only currently deployed resources.
You are troubleshooting a security issue for an Azure Storage account You enable Azure Storage Analytics logs and archive It to a storage account. What should you use to retrievethe diagnostics logs?
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant. From the Azure portal, you register an enterprise application.Which additional resource will be created in Azure AD?
You have an Azure subscription that uses Microsoft Sentinel. You need to create a Microsoft Sentinel notebook that will use the Guided Investigation - Anomaly Lookup template.What should you create first?
You have an Azure Active Directory (Azure AD) tenant that contains a user named Admin1. Admin1 is assigned the Application developer role. You purchase a cloud app named App1 and register App1 in Azure AD. Admin1 reports that the option to enable token encryption for App1 is unavailable. You need to ensure that Admin1 can enable token encryption for App1 in the Azure portal. What should you do?
You need to create a new Azure Active Directory (Azure AD) directory named 12345678.onmicrosoft.com. The new directory must contain a new user named [email protected]. To complete this task, sign in to the Azure portal.
You have a web app hosted on an on-premises server that is accessed by using a URL of https://www.contoso.com. You plan to migrate the web app to Azure. You will continue touse https://www.contoso.com. You need to enable HTTPS for the Azure web app. What should you do first?
You need to ensure that a user named user2-12345678 can manage the properties of the virtual machines in the RG1lod12345678 resource group. The solution must use the principle of least privilege. To complete this task, sign in to the Azure portal.
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect. Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced. Solution: You recommend the use of password hash synchronization and seamless SSO. Does the solution meet the goal?
You have an Azure subscription that uses Azure Active Directory (Azure AD) Privileged Identity Management (PIM). A PIM user that is assigned the User Access Administrator role reports receiving an authorization error when performing a role assignment or viewing the list of assignments. You need to resolve the issue by ensuring that the PIM service principal has the correctpermissions for the subscription. The solution must use the principle of least privilege. Which role should you assign to the PIM service principle?
You have an Azure subscription name Sub1 that contains an Azure Policy definition named Policy1. Policy1 has the following settings: Definition location: Tenant Root GroupCategory: Monitoring You need to ensure that resources that are noncompliant with Policy1 are listed in the Azure Security Center dashboard. What should you do first?
You have an Azure Active Directory (Azure AD) tenant named contoso.comYou need to configure diagnostic settings for contoso.com. The solution must meet thefollowing requirements:• Retain loqs for two years.• Query logs by using the Kusto query language• Minimize administrative effort.Where should you store the logs?
You have an Azure Active Directory (Azure AD) tenant.You need to prevent nonprivileged Azure AD users from creating service principals inAzure AD.What should you do in the Azure Active Directory admin center of the tenant?
You have an Azure subscription named Sub1.In Azure Security Center, you have a workflow automation named WF1. WF1 is configuredto send an email message to a user named User1.You need to modify WF1 to send email messages to a distribution group named Alerts.What should you use to modify WF1?
You need to ensure that the rg1lod10598168n1 Azure Storage account is encrypted byusing a key stored in the KeyVault10598168 Azure key vault.To complete this task, sign in to the Azure portal.
You have an Azure subscription that contains 100 virtual machines and has Azure SecurityCenter Standard tier enabled.You plan to perform a vulnerability scan of each virtual machine.You need to deploy the vulnerability scanner extension to the virtual machines by using anAzure Resource Manager template.Which two values should you specify in the code to automate the deployment of theextension to the virtual machines? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
You have multiple development teams that will create apps in Azure.You plan to create a standard development environment that will be deployed for eachteam.You need to recommend a solution that will enforce resource locks across the developmentenvironments and ensure that the locks are applied in a consistent manner.What should you include in the recommendation?
You have an Azure Sentinel deployment.You need to create a scheduled query rule named Rule1.What should you use to define the query rule logic for Rule1?
You have an app that uses an Azure SQL database.You need to be notified if a SQL injection attack is launched against the database.What should you do?
Your company has an Active Directory forest with a single domain, namedweylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant withthe same name.After syncing all on-premises identities to Azure AD, you are informed that users with agivenName attribute starting with LAB should not be allowed to sync toAzure AD.Which of the following actions should you take?
Note: The question is included in a number of questions that depicts the identicalset-up. However, every question has a distinctive result. Establish if the solutionsatisfies the requirements.Your company has an Active Directory forest with a single domain, namedweylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant withthe same name.You have been tasked with integrating Active Directory and the Azure AD tenant. Youintend to deploy Azure AD Connect.Your strategy for the integration must make sure that password policies and user logonlimitations affect user accounts that are synced to the Azure AD tenant, and that theamount of necessary servers are reduced.Solution: You recommend the use of federation with Active Directory Federation Services(AD FS).Does the solution meet the goal?
Note: This question is part of a series of questions that present the same scenario.Each question in the series contains a unique solution that might meet the statedgoals. Some question sets might have more than one correct solution, while othersmight not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As aresult, these questions will not appear in the review screen.You have an Azure subscription named Sub1.You have an Azure Storage account named sa1 in a resource group named RG1.Users and applications access the blob service and the file service in sa1 by using severalshared access signatures (SASs) and stored access policies.You discover that unauthorized users accessed both the file service and the blob service.You need to revoke all access to sa1.Solution: You regenerate the Azure storage account access keys.Does this meet the goal?
You have an Azure subscription that contains two virtual machines named VM1 and VM2that run Windows Server 2019.You are implementing Update Management in Azure Automation.You plan to create a new update deployment named Update1.You need to ensure that Update! meets the following requirements:• Automatically applies updates to VM1 and VM2.• Automatically adds any new Windows Server 2019 virtual machines to Update1.What should you include in Update1?
You have been tasked with applying conditional access policies for your company’s currentAzure Active Directory (Azure AD).The process involves assessing the risk events and risk levels.Which of the following is the risk level that should be configured for users that have leakedcredentials?
You have 10 on-premises servers that run Windows Server 2019.You plan to implement Azure Security Center vulnerability scanning for the servers.What should you install on the servers first?
You have an Azure subscription that contains four Azure SQL managed instances.You need to evaluate the vulnerability of the managed instances to SQL injection attacks.What should you do first?
You have an Azure subscription that contains several Azure SQL databases and an AzureSentinelworkspace.You need to create a saved query in the workspace to find events reported by AdvancedThreat Protection for Azure SQL Database.What should you do?
You plan to deploy an app that will modify the properties of Azure Active Directory (AzureAD) users by using Microsoft Graph. You need to ensure that the app can access AzureAD. What should you configure first?
You have an Azure subscription.You plan to create a workflow automation in Azure Security Center that will automaticallyremediate a security vulnerability.What should you create first?
You have an Azure subscription that contains an Azure SQL database named sql1.You plan to audit sql1.You need to configure the audit log destination. The solution must meet the followingrequirements:Support querying events by using the Kusto query language.Minimize administrative effort.What should you configure?
You have a Microsoft 365 tenant that uses an Azure Active Directory (Azure AD) tenantThe Azure AD tenant syncs to an on-premises Active Directory domain by using aninstance of Azure AD Connect.You create a new Azure subscriptionYou discover that the synced on-premises user accounts cannot be assigned rotes in thenew subscription.You need to ensure that you can assign Azure and Microsoft 365 roles to the synced AzureAD user accounts.What should you do first?
Note: The question is included in a number of questions that depicts the identicalset-up. However, every question has a distinctive result. Establish if the solutionsatisfies the requirements.Your company has an Active Directory forest with a single domain, namedweylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant withthe same name.You have been tasked with integrating Active Directory and the Azure AD tenant. Youintend to deploy Azure AD Connect.Your strategy for the integration must make sure that password policies and user logonlimitations affect user accounts that are synced to the Azure AD tenant, and that theamount of necessary servers are reduced.Solution: You recommend the use of pass-through authentication and seamless SSO withpassword hash synchronization.Does the solution meet the goal?
Your company recently created an Azure subscription.You have been tasked with making sure that a specified user is able to implement AzureAD Privileged Identity Management (PIM).Which of the following is the role you should assign to the user?
You need to recommend which virtual machines to use to host App1. The solution mustmeet the technical requirements for KeyVault1.Which virtual machines should you use?
You have been tasked with configuring an access review, which you plan to assigned to a new collection of reviews. You also have to make sure that the reviews can be reviewed byresource owners.You start by creating an access review program and an access review control.You now need to configure the Reviewers.Which of the following should you set Reviewers to?
You plan to implement JIT VM access. Which virtual machines will be supported?
You need to meet the technical requirements for the finance department users.Which CAPolicy1 settings should you modify?
From Azure Security Center, you need to deploy SecPol1.What should you do first?
You need to encrypt storage1 to meet the technical requirements. Which key vaults canyou use?
You plan to configure Azure Disk Encryption for VM4 Which key vault can you use to storethe encryption key?
You have an Azure subscription linked to an Azure Active Directory Premium Plan 1 tenant.You plan to implement Azure Active Directory (Azure AD) Identity Protection.You need to ensure that you can configure a user risk policy and a sign-in risk policy.What should you do first?
Your network contains an on-premises Active Directory domain named adatum.com that syncs to AzureActive Directory (Azure AD). Azure AD Connect is installed on a domain member server named Server1.You need to ensure that a domain administrator for the adatum.com domain can modify the synchronizationoptions. The solution must use the principle of least privilege.Which Azure AD role should you assign to the domain administrator?
You have an Azure subscription named Subscription1.You need to view which security settings are assigned to Subscription1 by default.Which Azure policy or initiative definition should you review?
You have an Azure subscription.You plan to create a custom role-based access control (RBAC) role that will provide permission to read theAzure Storage account.Which property of the RBAC role definition should you configure?
You have an Azure Active Din-dory (Azure AD) tenant named contoso.com that contains a user named User1.You plan to publish several apps in the tenant.You need to ensure that User1 can grant admin consent for the published apps.Which two possible user roles can you assign to User! to achieve this goal? Each correct answer presents acomplete solution.NOTE: Each correct selection is worth one point.
You need to create a new Azure Active Directory (Azure AD) directory named 10317806.onmicrosoft.com.The new directory must contain a user named user10317806 who is configured to sign in by using AzureMulti-Factor Authentication (MFA).See the explanation below.
You have an Azure environment.You need to identify any Azure configurations and workloads that are non-compliant with ISO 27001standards. What should you use?
You have an Azure resource group that contains 100 virtual machines.You have an initiative named Initiative1 that contains multiple policy definitions. Initiative1 is assigned to theresource group.You need to identify which resources do NOT match the policy definitions.What should you do?
Note: This question is part of a series of questions that present the same scenario. Each question in theseries contains a unique solution that might meet the stated goals. Some question sets might have morethan one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, thesequestions will not appear in the review screen.You use Azure Security Center for the centralized policy management of three Azure subscriptions.You use several policy definitions to manage the security of the subscriptions.You need to deploy the policy definitions as a group to all three subscriptions.Solution: You create an initiative and an assignment that is scoped to the Tenant Root Group managementgroup.Does this meet the goal?
A user named Debbie has the Azure app installed on her mobile device.You need to ensure that [email protected] is alerted when a resource lock is deleted.To complete this task, sign in to the Azure portal.See the explanation below.You need to configure an alert rule in Azure Monitor.Type Monitor into the search box and select Monitor from the search results.Click on Alerts.Click on +New Alert Rule.In the Scope section, click on the Select resource link.In the Filter by resource type box, type locks and select Management locks (locks) from the filtered results.Select the subscription then click the Done button.In the Condition section, click on the Select condition link.Select the Delete management locks condition the click the Done button.In the Action group section, click on the Select action group link.Click the Create action group button to create a new action group.Give the group a name such as Debbie Mobile App (it doesn’t matter what name you enter for the exam) thenclick the Next: Notifications > button.In the Notification type box, select the Email/SMS message/Push/Voice option.In the Email/SMS message/Push/Voice window, tick the Azure app Push Notifications checkbox and [email protected] in the Azure account email field.Click the OK button to close the window.Enter a name such as Debbie Mobile App in the notification name box.Click the Review & Create button then click the Create button to create the action group.Back in the Create alert rule window, in the Alert rule details section, enter a name such as Management lockdeletion in the Alert rule name field.Click the Create alert rule button to create the alert rule.See the explanation below.
You have an Azure subscription that contains a user named Adminl1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer.Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center.You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1.What should you do?
You have an Azure subscription that contains several Azure SQL databases and an Azure Sentinel workspaceYou need to create a saved query in the workspace to find events reported by Advanced Threat Protection for Azure SQL Database. What should you do?
You have an Azure Active Directory (Azure AD) tenant and a root management group.You create 10 Azure subscriptions and add the subscriptions to the rout management group.You need to create an Azure Blueprints definition that will be stored in the root management group.What should you do first?
Dumpsgroup is a verified platform for certification preparation. Our expert professionals are working day and night to create the perfect Practice Exam so you can pass your exam with flying colors. We provide only the authentic and valid Practice Questions approved by IT Experts. Start your certification journey now!
www.dumpsgroup.com
1104 Long Street, NY, 11206, USA
Feel free to contact us, we are available 24/7.
