Exam Logo

Microsoft (AZ-500) Exam Questions And Answers page 28

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription named Sub1.

You have an Azure Storage account named sa1 in a resource group named RG1.

Users and applications access the blob service and the file service in sa1 by using several shared access signatures (SASs) and stored access policies.

You discover that unauthorized users accessed both the file service and the blob service.

You need to revoke all access to sa1.

Solution: You regenerate the Azure storage account access keys.

Does this meet the goal?
Manage identity and access Secure data and applications
You suspect that users are attempting to sign in to resources to which they have no access.

You need to create an Azure Log Analytics query to identify failed user sign-in attempts from the last three days. The results must only show users who had more than five failed sign-in attempts.

How should you configure the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Manage security operations Secure data and applications
Your company has an Azure SQL database that has Always Encrypted enabled.

You are required to make the relevant information available to application developers to allow them to access data in the database.

Which two of the following options should be made available? Answer by dragging the correct options from the list to the answer area.

Manage security operations Secure data and applications
You have an Azure subscription that contains the resources shown in the following table.


VM1 and VM2 are stopped.

You create an alert rule that has the following settings:

• Resource: RG1
• Condition: All Administrative operations
• Actions: Action groups configured for this alert rule: ActionGroup1
• Alert rule name: Alert1

You create an action rule that has the following settings:

• Scope: VM1
• Filter criteria: Resource Type = "Virtual Machines"
• Define on this scope: Suppression
• Suppression config: From now (always)
• Name: ActionRule1

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Note: Each correct selection is worth one point.

Secure data and applications
You have an Azure subscription that contains the resources shown in the following table.


An IP address of 10.1.0.4 is assigned to VM5. VM5 does not have a public IP address.

VM5 has just in time (JIT) VM access configured as shown in the following exhibit.


You enable JIT VM access for VM5.

NSG1 has the inbound rules shown in the following exhibit.


For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Manage security operations Secure data and applications
You need to perform the planned changes for OU2 and User1.

Which tools should you use? To answer, drag the appropriate tools to the correct resources. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Manage identity and access Manage security operations
You have an Azure subscription that contains the storage accounts shown in the following table.


You enable Azure Defender for Storage.

Which storage services of storage5 are monitored by Azure Defender for Storage, and which storage accounts are protected by Azure Defender for Storage? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Manage security operations Secure data and applications
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.

You use several policy definitions to manage the security of the subscriptions.

You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create a policy initiative and assignments that are scoped to resource groups.

Does this meet the goal?
Manage identity and access Implement platform protection
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription. The subscription contains 50 virtual machines that run Windows Server 2012 R2 or Windows Server 2016.

You need to deploy Microsoft Antimalware to the virtual machines.

Solution: You connect to each virtual machine and add a Windows feature.

Does this meet the goal?
Manage security operations Secure data and applications
You have an Azure subscription that contains a storage account named storage1 and several virtual machines. The storage account and virtual machines are in the same Azure region. The network configurations of the virtual machines are shown in the following table.


The virtual network subnets have service endpoints defined as shown in the following table.


You configure the following Firewall and virtual networks settings for storage1:

• Allow access from: Selected networks
• Virtual networks: VNET3\Subnet3
• Firewall Address range: 52.233.129.0/24

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Manage security operations Secure data and applications