Microsoft (AZ-500) Exam Questions And Answers page 21
SIMULATION
A user named Debbie has the Azure app installed on her mobile device.
You need to ensure that [email protected] is alerted when a resource lock is deleted.
To complete this task, sign in to the Azure portal.
A user named Debbie has the Azure app installed on her mobile device.
You need to ensure that [email protected] is alerted when a resource lock is deleted.
To complete this task, sign in to the Azure portal.
Implement platform protection
Manage security operations
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant.
From the Azure portal, you register an enterprise application.
Which additional resource will be created in Azure AD?
From the Azure portal, you register an enterprise application.
Which additional resource will be created in Azure AD?
an X.509 certificate
a managed identity
a user account
Manage identity and access
Manage security operations
You have an Azure subscription that contains an Azure key vault named Vault1.
On January 1, 2019, Vault1 stores the following secrets. All dates are in mm/dd/yy format.
When can each secret be used by an application? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
On January 1, 2019, Vault1 stores the following secrets. All dates are in mm/dd/yy format.
When can each secret be used by an application? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Manage security operations
Secure data and applications
You have an Azure subscription.
You create an Azure web app named Contoso1812 that uses an S1 App Service plan.
You plan to create a CNAME DNS record for www.contoso.com that points to Contoso1812.
You need to ensure that users can access Contoso1812 by using the https://www.contoso.com URL.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You create an Azure web app named Contoso1812 that uses an S1 App Service plan.
You plan to create a CNAME DNS record for www.contoso.com that points to Contoso1812.
You need to ensure that users can access Contoso1812 by using the https://www.contoso.com URL.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Turn on the system-assigned managed identity for Contoso1812.
Add a hostname to Contoso1812.
Scale out the App Service plan of Contoso1812.
Add a deployment slot to Contoso1812.
Scale up the App Service plan of Contoso1812.
Upload a PFX file to Contoso1812.
Manage security operations
Secure data and applications
You create a new Azure subscription.
You need to ensure that you can create custom alert rules in Azure Security Center.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to ensure that you can create custom alert rules in Azure Security Center.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Onboard Azure Active Directory (Azure AD) Identity Protection.
Create an Azure Storage account.
Implement Azure Advisor recommendations.
Create an Azure Log Analytics workspace.
Upgrade the pricing tier of Security Center to Standard.
Manage security operations
Secure data and applications
You plan to deploy Azure container instances.
You have a containerized application that is comprised of two containers: an application container and a validation container. The application container is monitored by the validation container. The validation container performs security checks by making requests to the application container and waiting for responses after every transaction.
You need to ensure that the application container and the validation container are scheduled to be deployed together. The containers must communicate to each other only on ports that are not externally exposed.
What should you include in the deployment?
You have a containerized application that is comprised of two containers: an application container and a validation container. The application container is monitored by the validation container. The validation container performs security checks by making requests to the application container and waiting for responses after every transaction.
You need to ensure that the application container and the validation container are scheduled to be deployed together. The containers must communicate to each other only on ports that are not externally exposed.
What should you include in the deployment?
application security groups
network security groups (NSGs)
management groups
container groups
Manage security operations
Secure data and applications
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
An administrator named Admin1 has access to the following identities:
• An OpenID-enabled user account
• A Hotmail account
• An account in contoso.com
• An account in an Azure AD tenant named fabrikam.com
You plan to use Azure Account Center to transfer the ownership of Sub1 to Admin1.
To which accounts can you transfer the ownership of Sub1?
An administrator named Admin1 has access to the following identities:
• An OpenID-enabled user account
• A Hotmail account
• An account in contoso.com
• An account in an Azure AD tenant named fabrikam.com
You plan to use Azure Account Center to transfer the ownership of Sub1 to Admin1.
To which accounts can you transfer the ownership of Sub1?
contoso.com only
contoso.com, fabrikam.com, and Hotmail only
contoso.com and fabrikam.com only
contoso.com, fabrikam.com, Hotmail, and OpenID-enabled user account
Manage identity and access
Manage security operations
You have two Azure virtual machines in the East US 2 region as shown in the following table.
You deploy and configure an Azure Key vault.
You need to ensure that you can enable Azure Disk Encryption on VM1 and VM2.
What should you modify on each virtual machine? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You deploy and configure an Azure Key vault.
You need to ensure that you can enable Azure Disk Encryption on VM1 and VM2.
What should you modify on each virtual machine? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Manage security operations
Secure data and applications
SIMULATION
You need to create a new Azure Active Directory (Azure AD) directory named 11641655.onmicrosoft.com and a user named User1 in the new directory. The solution must ensure that User1 is enabled for Azure Multi-Factor Authentication (MFA).
To complete this task, sign in to the Azure portal.
You need to create a new Azure Active Directory (Azure AD) directory named 11641655.onmicrosoft.com and a user named User1 in the new directory. The solution must ensure that User1 is enabled for Azure Multi-Factor Authentication (MFA).
To complete this task, sign in to the Azure portal.
Manage identity and access
Manage security operations
You have the Azure key vaults shown in the following table.
KV1 stores a secret named Secret1 and a key for a managed storage account named Key1.
You back up Secret1 and Key1.
To which key vaults can you restore each backup? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
KV1 stores a secret named Secret1 and a key for a managed storage account named Key1.
You back up Secret1 and Key1.
To which key vaults can you restore each backup? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Manage security operations
Secure data and applications
Comments