Microsoft (AZ-500) Exam Questions And Answers page 44
You need to delegate the creation of RG2 and the management of permissions for RG1.
Which users can perform each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Which users can perform each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Manage identity and access
Implement platform protection
You have 20 Azure subscriptions and a security group named Group1. The subscriptions are children of the root management group.
Each subscription contains a resource group named RG1.
You need to ensure that for each subscription RG1 meets the following requirements:
• The members of Group1 are assigned the Owner role.
• The modification of permissions to RG1 is prevented.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Each subscription contains a resource group named RG1.
You need to ensure that for each subscription RG1 meets the following requirements:
• The members of Group1 are assigned the Owner role.
• The modification of permissions to RG1 is prevented.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Manage identity and access
Implement platform protection
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
You create an Azure role by using the following JSON file.
You assign Role1 to User1 for RG1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You create an Azure role by using the following JSON file.
You assign Role1 to User1 for RG1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Manage identity and access
Manage security operations
SIMULATION
You need to ensure that the events in the NetworkSecurityGroupRuleCounter log of the VNET01-Subnet0-NSG network security group (NSG) are stored in the logs11597200 Azure Storage account for 30 days.
To complete this task, sign in to the Azure portal.
You need to ensure that the events in the NetworkSecurityGroupRuleCounter log of the VNET01-Subnet0-NSG network security group (NSG) are stored in the logs11597200 Azure Storage account for 30 days.
To complete this task, sign in to the Azure portal.
Manage security operations
Secure data and applications
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named sub1.
You have an Azure Storage account named sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in sa1 by using several shared access signatures (SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to sa1.
Solution: You create a lock on sa1.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named sub1.
You have an Azure Storage account named sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in sa1 by using several shared access signatures (SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to sa1.
Solution: You create a lock on sa1.
Does this meet the goal?
No
Manage security operations
Secure data and applications
You have an Azure web app named WebApp1.
You upload a certificate to WebApp1.
You need to make the certificate accessible to the app code of WebApp1.
What should you do?
You upload a certificate to WebApp1.
You need to make the certificate accessible to the app code of WebApp1.
What should you do?
Add a user-assigned managed identity to WebApp1.
Add an app setting to the WebApp1 configuration.
Enable system-assigned managed identity for the WebApp1.
Configure the TLS/SSL binding for WebApp1.
Manage identity and access
Secure data and applications
You have been tasked with creating an Azure key vault using PowerShell. You have been informed that objects deleted from the key vault must be kept for a set period of 90 days.
Which two of the following parameters must be used in conjunction to meet the requirement? (Choose two.)
Which two of the following parameters must be used in conjunction to meet the requirement? (Choose two.)
EnabledForDeployment
EnablePurgeProtection
EnabledForTemplateDeployment
EnableSoftDelete
Manage security operations
Secure data and applications
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You need to configure diagnostic settings for contoso.com. The solution must meet the following requirements:
• Retain logs for two years.
• Query logs by using the Kusto query language.
• Minimize administrative effort.
Where should you store the logs?
You need to configure diagnostic settings for contoso.com. The solution must meet the following requirements:
• Retain logs for two years.
• Query logs by using the Kusto query language.
• Minimize administrative effort.
Where should you store the logs?
an Azure event hub
an Azure Log Analytics workspace
an Azure Storage account
Manage security operations
Secure data and applications
You have an Azure subscription that contains the virtual networks shown in the following table.
The Azure virtual machines on SpokeVNetSubnet0 can communicate with the computers on the on-premises network.
You plan to deploy an Azure firewall to HubVNet.
You create the following two routing tables:
• RT1: Includes a user-defined route that points to the private IP address of the Azure firewall as a next hop address
• RT2: Disables BGP route propagation and defines the private IP address of the Azure firewall as the default gateway
You need to ensure that traffic between SpokeVNetSubnet0 and the on-premises network flows through the Azure firewall.
To which subnet should you associate each route table? To answer, drag the appropriate subnets to the correct route tables. Each subnet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
The Azure virtual machines on SpokeVNetSubnet0 can communicate with the computers on the on-premises network.
You plan to deploy an Azure firewall to HubVNet.
You create the following two routing tables:
• RT1: Includes a user-defined route that points to the private IP address of the Azure firewall as a next hop address
• RT2: Disables BGP route propagation and defines the private IP address of the Azure firewall as the default gateway
You need to ensure that traffic between SpokeVNetSubnet0 and the on-premises network flows through the Azure firewall.
To which subnet should you associate each route table? To answer, drag the appropriate subnets to the correct route tables. Each subnet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Manage security operations
Secure data and applications
You are in the process of configuring an Azure policy via the Azure portal.
Your policy will include an effect that will need a managed identity for it to be assigned.
Which of the following is the effect in question?
Your policy will include an effect that will need a managed identity for it to be assigned.
Which of the following is the effect in question?
AuditIfNotExist
Disabled
DeployIfNotExist
EnforceOPAConstraint
Manage identity and access
Manage security operations
Comments