Microsoft (AZ-500) Exam Questions And Answers page 34
You have an Azure subscription that contains virtual machines.
You enable just in time (JIT) VM access to all the virtual machines.
You need to connect to a virtual machine by using Remote Desktop.
What should you do first?
You enable just in time (JIT) VM access to all the virtual machines.
You need to connect to a virtual machine by using Remote Desktop.
What should you do first?
From Azure Active Directory (Azure AD) Privileged Identity Management (PIM), activate the Owner role for the virtual machine.
From the Azure portal, select the virtual machine, select Connect, and then select Request access.
From the Azure portal, select the virtual machine and add the Network Watcher Agent virtual machine extension.
Manage identity and access
Manage security operations
You have an Azure subscription that contains the resources shown in the following table.
VM1 and VM2 are stopped.
You create an alert rule that has the following settings:
• Resource: RG1
• Condition: All Administrative operations
• Actions: Action groups configured for this alert rule: ActionGroup1
• Alert rule name: Alert1
You create an action rule that has the following settings:
• Scope: VM1
• Filter criteria: Resource Type = "Virtual Machines"
• Define on this scope: Suppression
• Suppression config: From now (always)
• Name: ActionRule1
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Note: Each correct selection is worth one point.
VM1 and VM2 are stopped.
You create an alert rule that has the following settings:
• Resource: RG1
• Condition: All Administrative operations
• Actions: Action groups configured for this alert rule: ActionGroup1
• Alert rule name: Alert1
You create an action rule that has the following settings:
• Scope: VM1
• Filter criteria: Resource Type = "Virtual Machines"
• Define on this scope: Suppression
• Suppression config: From now (always)
• Name: ActionRule1
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Note: Each correct selection is worth one point.
Manage security operations
Secure data and applications
You have an Azure subscription that contains an Azure Container Registry named Registry1. Azure Defender is enabled in the subscription.
You upload several container images to Registry1.
You discover that vulnerability security scans were not performed.
You need to ensure that the container images are scanned for vulnerabilities when they are uploaded to Registry1.
What should you do?
You upload several container images to Registry1.
You discover that vulnerability security scans were not performed.
You need to ensure that the container images are scanned for vulnerabilities when they are uploaded to Registry1.
What should you do?
From the Azure portal, modify the Pricing tier settings.
From Azure CLI, lock the container images.
Upload the container images by using AzCopy.
Push the container images to Registry1 by using Docker.
Manage security operations
Secure data and applications
You have been tasked with enabling Advanced Threat Protection for an Azure SQL Database server.
Advanced Threat Protection must be configured to identify all types of threat detection.
Which of the following will happen if when a faulty SQL statement is generate in the database by an application?
Advanced Threat Protection must be configured to identify all types of threat detection.
Which of the following will happen if when a faulty SQL statement is generate in the database by an application?
A Potential SQL injection alert is triggered.
A Vulnerability to SQL injection alert is triggered.
An Access from a potentially harmful application alert is triggered.
A Brute force SQL credentials alert is triggered.
Manage security operations
Secure data and applications
You have an Azure subscription that contains an Azure key vault named Vault1.
On January 1, 2019, Vault1 stores the following secrets. All dates are in mm/dd/yy format.
When can each secret be used by an application? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
On January 1, 2019, Vault1 stores the following secrets. All dates are in mm/dd/yy format.
When can each secret be used by an application? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Manage security operations
Secure data and applications
You have an Azure subscription that is associated with an Azure Active Directory (Azure AD) tenant.
When a developer attempts to register an app named App1 in the tenant, the developer receives the error message shown in the following exhibit.
You need to ensure that the developer can register App1 in the tenant.
What should you do for the tenant?
When a developer attempts to register an app named App1 in the tenant, the developer receives the error message shown in the following exhibit.
You need to ensure that the developer can register App1 in the tenant.
What should you do for the tenant?
Modify the Directory properties.
Set Enable Security defaults to Yes.
Configure the Consent and permissions settings for enterprise applications.
Modify the User settings.
Manage identity and access
Manage security operations
You have 10 virtual machines on a single subnet that has a single network security group (NSG).
You need to log the network traffic to an Azure Storage account.
What should you do?
You need to log the network traffic to an Azure Storage account.
What should you do?
Install the Network Performance Monitor solution.
Create an Azure Log Analytics workspace.
Enable diagnostic logging for the NSG.
Enable NSG flow logs.
Manage security operations
Secure data and applications
You are troubleshooting a security issue for an Azure Storage account.
You enable the diagnostic logs for the storage account.
What should you use to retrieve the diagnostics logs?
You enable the diagnostic logs for the storage account.
What should you use to retrieve the diagnostics logs?
Azure Storage Explorer
SQL query editor in Azure
File Explorer in Windows
Azure Security Center
Implement platform protection
Manage security operations
You plan to create an Azure Kubernetes Service (AKS) cluster in an Azure subscription.
The manifest of the registered server application is shown in the following exhibit.
You need to ensure that the AKS cluster and Azure Active Directory (Azure AD) are integrated.
Which property should you modify in the manifest?
The manifest of the registered server application is shown in the following exhibit.
You need to ensure that the AKS cluster and Azure Active Directory (Azure AD) are integrated.
Which property should you modify in the manifest?
accessTokenAcceptedVersion
keyCredentials
groupMembershipClaims
acceptMappedClaims
Manage identity and access
Manage security operations
You have a Microsoft 365 tenant that uses an Azure Active Directory (Azure AD) tenant. The Azure AD tenant syncs to an on-premises Active Directory domain by using an instance of Azure AD Connect.
You create a new Azure subscription.
You discover that the synced on-premises user accounts cannot be assigned roles in the new subscription.
You need to ensure that you can assign Azure and Microsoft 365 roles to the synced Azure AD user accounts.
What should you do fist?
You create a new Azure subscription.
You discover that the synced on-premises user accounts cannot be assigned roles in the new subscription.
You need to ensure that you can assign Azure and Microsoft 365 roles to the synced Azure AD user accounts.
What should you do fist?
Configure the Azure AD tenant used by the new subscription to use pass-through authentication.
Configure the Azure AD tenant used by the new subscription to use federated authentication.
Change the Azure AD tenant used by the new subscription.
Configure a second instance of Azure AD Connect.
Manage identity and access
Manage security operations
Comments