Exam Logo

Microsoft (AZ-500) Exam Questions And Answers page 13

You have an Azure subscription named Sub1 that contains the Azure key vaults shown in the following table:


In Sub1, you create a virtual machine that has the following configurations:

• Name: VM1
• Size: DS2v2
• Resource group: RG1
• Region: West Europe
• Operating system: Windows Server 2016

You plan to enable Azure Disk Encryption on VM1.

In which key vaults can you store the encryption key for VM1?
Manage security operations Secure data and applications
You have an Azure subscription that contains the virtual networks shown in the following table.


The Azure virtual machines on SpokeVNetSubnet0 can communicate with the computers on the on-premises network.

You plan to deploy an Azure firewall to HubVNet.

You create the following two routing tables:

• RT1: Includes a user-defined route that points to the private IP address of the Azure firewall as a next hop address
• RT2: Disables BGP route propagation and defines the private IP address of the Azure firewall as the default gateway

You need to ensure that traffic between SpokeVNetSubnet0 and the on-premises network flows through the Azure firewall.

To which subnet should you associate each route table? To answer, drag the appropriate subnets to the correct route tables. Each subnet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Manage security operations Secure data and applications
SIMULATION

You need to ensure that only devices connected to a 131.107.0.0/16 subnet can access data in the rg1lod10598168 Azure Storage account.

To complete this task, sign in to the Azure portal.
Implement platform protection Manage security operations
You have an Azure subscription that contains the virtual machines shown in the following table.


You create the Azure policies shown in the following table.


You create the resource locks shown in the following table.


For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Implement platform protection Manage security operations
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.


Contoso.com contains a group naming policy. The policy has a custom blocked word list rule that includes the word Contoso.

Which users can create a group named Contoso Sales in contoso.com? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Manage identity and access Manage security operations
You have an Azure subscription.

You enable Azure Active Directory (Azure AD) Privileged Identity Management (PIM).

Your company s security policy for administrator accounts has the following conditions:

• The accounts must use multi-factor authentication (MFA).
• The accounts must use 20-character complex passwords.
• The passwords must be changed every 180 days.
• The accounts must be managed by using PIM.

You receive multiple alerts about administrators who have not changed their password during the last 90 days.

You need to minimize the number of generated alerts.

Which PIM alert should you modify?
Manage identity and access Manage security operations
You have an Azure subscription that contains the Azure Log Analytics workspaces shown in the following table.


You create the virtual machines shown in the following table.


You plan to use Azure Sentinel to monitor Windows Defender Firewall on the virtual machines.

Which virtual machines you can connect to Azure Sentinel?
Manage security operations Secure data and applications
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.

You use several policy definitions to manage the security of the subscriptions.

You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create a policy initiative and an assignment that is scoped to the Tenant Root Group management group.

Does this meet the goal?
Implement platform protection Manage security operations
You have an Azure subscription that contains an Azure Container Registry named Registry1. The subscription uses the Standard use tier of Azure Security Center.

You upload several container images to Register1.

You discover that vulnerability security scans were not performed.

You need to ensure that the images are scanned for vulnerabilities when they are uploaded to Registry1.

What should you do?
Manage security operations Secure data and applications
You have an Azure subscription named Sub1.

You have an Azure Active Directory (Azure AD) group named Group1 that contains all the members of your IT team.

You need to ensure that the members of Group1 can stop, start, and restart the Azure virtual machines in Sub1. The solution must use the principle of least privilege.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Manage identity and access Manage security operations