Exam Logo

Microsoft (AZ-500) Exam Questions And Answers page 38

You have an Azure subscription.

You need to create and deploy an Azure policy that meets the following requirements:

• When a new virtual machine is deployed, automatically install a custom security extension.
• Trigger an autogenerated remediation task for non-compliant virtual machines to install the extension.

What should you include in the policy? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Manage security operations Secure data and applications
You create resources in an Azure subscription as shown in the following table.


VNET1 contains two subnets named Subnet1 and Subnet2. Subnet1 has a network ID of 10.0.0.0/24. Subnet2 has a network ID of 10.1.1.0/24.

Contoso1901 is configured as shown in the exhibit. (Click the Exhibit tab.)


For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Manage security operations Secure data and applications
You have an Azure subscription that contains the storage accounts shown in the following table.


You need to configure authorization access.

Which authorization types can you use for each storage account? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Manage identity and access Manage security operations
You have an Azure subscription that contains a virtual machine named VM1.

You create an Azure key vault that has the following configurations:

• Name: Vault5
• Region: West US
• Resource group: RG1

You need to use Vault5 to enable Azure Disk Encryption on VM1. The solution must support backing up VM1 by using Azure Backup.

Which key vault settings should you configure?
Manage security operations Secure data and applications
You have an Azure subscription that contains the virtual machines shown in the following table.


From Azure Security Center, you turn on Auto Provisioning.

You deploy the virtual machines shown in the following table.


On which virtual machines is the Log Analytics Agent installed?
Manage security operations Secure data and applications
You create resources in an Azure subscription as shown in the following table.


VNET1 contains two subnets named Subnet1 and Subnet2. Subnet1 has a network ID of 10.0.0.0/24. Subnet2 has a network ID of 10.1.1.0/24.

Contoso1901 is configured as shown in the exhibit. (Click the Exhibit tab.)


For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Manage security operations Secure data and applications
Your company recently created an Azure subscription.

You have been tasked with making sure that a specified user is able to implement Azure AD Privileged Identity Management (PIM).

Which of the following is the role you should assign to the user?
Manage identity and access Manage security operations
You have a hybrid configuration of Azure Active Directory (Azure AD) that has Single Sign-On (SSO) enabled. You have an Azure SQL Database instance that is configured to support Azure AD authentication.

Database developers must connect to the database instance from the domain joined device and authenticate by using their on-premises Active Directory account.

You need to ensure that developers can connect to the instance by using Microsoft SQL Server Management Studio. The solution must minimize authentication prompts.

Which authentication method should you recommend?
Manage identity and access Secure data and applications
You have an Azure subscription named Sub1 that contains the virtual machines shown in the following table.


You need to ensure that the virtual machines in RG1 have the Remote Desktop port closed until an authorized user requests access.

What should you configure?
Implement platform protection
You have been tasked with applying conditional access policies for your company s current Azure Active Directory (Azure AD).

The process involves assessing the risk events and risk levels.

Which of the following is the risk level that should be configured for users that have leaked credentials?
Manage identity and access Manage security operations