Microsoft (AZ-500) Exam Questions And Answers page 38
You have an Azure subscription.
You need to create and deploy an Azure policy that meets the following requirements:
• When a new virtual machine is deployed, automatically install a custom security extension.
• Trigger an autogenerated remediation task for non-compliant virtual machines to install the extension.
What should you include in the policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to create and deploy an Azure policy that meets the following requirements:
• When a new virtual machine is deployed, automatically install a custom security extension.
• Trigger an autogenerated remediation task for non-compliant virtual machines to install the extension.
What should you include in the policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Manage security operations
Secure data and applications
You create resources in an Azure subscription as shown in the following table.
VNET1 contains two subnets named Subnet1 and Subnet2. Subnet1 has a network ID of 10.0.0.0/24. Subnet2 has a network ID of 10.1.1.0/24.
Contoso1901 is configured as shown in the exhibit. (Click the Exhibit tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
VNET1 contains two subnets named Subnet1 and Subnet2. Subnet1 has a network ID of 10.0.0.0/24. Subnet2 has a network ID of 10.1.1.0/24.
Contoso1901 is configured as shown in the exhibit. (Click the Exhibit tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Manage security operations
Secure data and applications
You have an Azure subscription that contains the storage accounts shown in the following table.
You need to configure authorization access.
Which authorization types can you use for each storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure authorization access.
Which authorization types can you use for each storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Manage identity and access
Manage security operations
You have an Azure subscription that contains a virtual machine named VM1.
You create an Azure key vault that has the following configurations:
• Name: Vault5
• Region: West US
• Resource group: RG1
You need to use Vault5 to enable Azure Disk Encryption on VM1. The solution must support backing up VM1 by using Azure Backup.
Which key vault settings should you configure?
You create an Azure key vault that has the following configurations:
• Name: Vault5
• Region: West US
• Resource group: RG1
You need to use Vault5 to enable Azure Disk Encryption on VM1. The solution must support backing up VM1 by using Azure Backup.
Which key vault settings should you configure?
Secrets
Keys
Locks
Manage security operations
Secure data and applications
You have an Azure subscription that contains the virtual machines shown in the following table.
From Azure Security Center, you turn on Auto Provisioning.
You deploy the virtual machines shown in the following table.
On which virtual machines is the Log Analytics Agent installed?
From Azure Security Center, you turn on Auto Provisioning.
You deploy the virtual machines shown in the following table.
On which virtual machines is the Log Analytics Agent installed?
VM3 only
VM1 and VM3 only
VM3 and VM4 only
VM1, VM2, VM3, and VM4
Manage security operations
Secure data and applications
You create resources in an Azure subscription as shown in the following table.
VNET1 contains two subnets named Subnet1 and Subnet2. Subnet1 has a network ID of 10.0.0.0/24. Subnet2 has a network ID of 10.1.1.0/24.
Contoso1901 is configured as shown in the exhibit. (Click the Exhibit tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
VNET1 contains two subnets named Subnet1 and Subnet2. Subnet1 has a network ID of 10.0.0.0/24. Subnet2 has a network ID of 10.1.1.0/24.
Contoso1901 is configured as shown in the exhibit. (Click the Exhibit tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Manage security operations
Secure data and applications
Your company recently created an Azure subscription.
You have been tasked with making sure that a specified user is able to implement Azure AD Privileged Identity Management (PIM).
Which of the following is the role you should assign to the user?
You have been tasked with making sure that a specified user is able to implement Azure AD Privileged Identity Management (PIM).
Which of the following is the role you should assign to the user?
The Global administrator role.
The Security administrator role.
The Password administrator role.
The Compliance administrator role.
Manage identity and access
Manage security operations
You have a hybrid configuration of Azure Active Directory (Azure AD) that has Single Sign-On (SSO) enabled. You have an Azure SQL Database instance that is configured to support Azure AD authentication.
Database developers must connect to the database instance from the domain joined device and authenticate by using their on-premises Active Directory account.
You need to ensure that developers can connect to the instance by using Microsoft SQL Server Management Studio. The solution must minimize authentication prompts.
Which authentication method should you recommend?
Database developers must connect to the database instance from the domain joined device and authenticate by using their on-premises Active Directory account.
You need to ensure that developers can connect to the instance by using Microsoft SQL Server Management Studio. The solution must minimize authentication prompts.
Which authentication method should you recommend?
Active Directory - Password
Active Directory - Universal with MFA support
SQL Server Authentication
Active Directory - Integrated
Manage identity and access
Secure data and applications
You have an Azure subscription named Sub1 that contains the virtual machines shown in the following table.
You need to ensure that the virtual machines in RG1 have the Remote Desktop port closed until an authorized user requests access.
What should you configure?
You need to ensure that the virtual machines in RG1 have the Remote Desktop port closed until an authorized user requests access.
What should you configure?
Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
an application security group
Azure Active Directory (Azure AD) conditional access
just in time (JIT) VM access
Implement platform protection
You have been tasked with applying conditional access policies for your company s current Azure Active Directory (Azure AD).
The process involves assessing the risk events and risk levels.
Which of the following is the risk level that should be configured for users that have leaked credentials?
The process involves assessing the risk events and risk levels.
Which of the following is the risk level that should be configured for users that have leaked credentials?
None
Low
Medium
High
Manage identity and access
Manage security operations
Comments