Microsoft Introduces Digital Badges for Certifications and Exams

Pass Microsoft, CompTIA, HP, IBM, Oracle exams with Pass4itsure

Free download the latest Microsoft AZ-500 practice exam[2020 up to date]

AZ-500 practice

Pass4itsure provides the latest updates to the Microsoft AZ-500 practice exam, which will help you pass this exam.AZ-500 dumps https://www.pass4itsure.com/az-500.htmlUpdated: Feb 24, 2020,Q&As: 142. This exam name is Microsoft Azure Security Technologies,Microsoft Certified: Azure Security Engineer Associate.

Free AZ-500 pdf dumps (practice exam) download from Google Drive:

[PDF] AZ-500 pdf dumps

https://drive.google.com/open?id=1leSnfyC6H4CqUzKErc3gR-JY0D45DiXx

Exam AZ-500

Measures your ability to accomplish the following technical tasks: manage identity and access; implement platform protection; manage security operations; and secure data and applications.

For more details about Microsoft AZ-500 Exam, visit https://docs.microsoft.com/en-us/learn/certifications/exams/az-500

You might be interested in other Microsoft certification exams!

Learn video: Azure Security Engineer Associate AZ-500 Exam

Here are some practice questions | 100% Success Rate

QUESTION 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure Subscription named Sub1.
You have an Azure Storage account named Sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in Sa1 by using several shared access signatures
(SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to Sa1.
Solution: You create a new stored access policy.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
To revoke a stored access policy, you can either delete it, or rename it by changing the signed identifier. Changing the
signed identifier breaks the associations between any existing signatures and the stored access policy. Deleting or
renaming the stored access policy immediately effects all of the shared access signatures associated with it.
References: https://docs.microsoft.com/en-us/rest/api/storageservices/Establishing-a-Stored-Access-Policy

QUESTION 2
You assign User8 the Owner role for RG4, RG5, and RG6.
In which resource groups can User8 create virtual networks and NSGs? To answer, select the appropriate options in the
answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Pass4itsure Microsoft AZ-500 exam questions q2

Correct Answer:

Pass4itsure Microsoft AZ-500 exam questions q2-2

Box 1: RG4 only Virtual Networks are not allowed for Rg5 and Rg6.
Box 2: Rg4,Rg5, and Rg6
Scenario:
Contoso has two Azure subscriptions named Sub1 and Sub2.
Sub1 contains six resource groups named RG1, RG2, RG3, RG4, RG5, and RG6.
You assign User8 the Owner role for RG4, RG5, and RG6
User8 city Sidney, Role:None
Note: A network security group (NSG) contains a list of security rules that allow or deny network traffic to resources
connected to Azure Virtual Networks (VNet). NSGs can be associated to subnets, individual VMs (classic), or individual
network interfaces (NIC) attached to VMs (Resource Manager).
References:
https://docs.microsoft.com/en-us/azure/governance/policy/overview

QUESTION 3
You have an Azure subscription that contains the virtual machines shown in the following table.

Pass4itsure Microsoft AZ-500 exam questions q3

You create the Azure policies shown in the following table.

Pass4itsure Microsoft AZ-500 exam questions q3-2

You create the resource locks shown in the following table.

Pass4itsure Microsoft AZ-500 exam questions q3-3

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.

Hot Area:

Pass4itsure Microsoft AZ-500 exam questions q3-4

Correct Answer:

Pass4itsure Microsoft AZ-500 exam questions q3-5

References: https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking

QUESTION 4
From the Azure portal, you are configuring an Azure policy.
You plan to assign policies that use the DeployIfNotExist, AuditIfNotExist, Append, and Deny effects.
Which effect requires a managed identity for the assignment?
A. AuditIfNotExist
B. Append
C. DeployIfNotExist
D. Deny
Correct Answer: C
When Azure Policy runs the template in the deployIfNotExists policy definition, it does so using a managed identity.
References: https://docs.microsoft.com/bs-latn-ba/azure/governance/policy/how-to/remediate-resources

QUESTION 5
You suspect that users are attempting to sign in to resources to which they have no access.
You need to create an Azure Log Analytics query to identify failed user sign-in attempts from the last three days. The
results must only show users who had more than five failed sign-in attempts.
How should you configure the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Pass4itsure Microsoft AZ-500 exam questions q5

Correct Answer:

Pass4itsure Microsoft AZ-500 exam questions q5-2

The following example identifies user accounts that failed to log in more than five times in the last day, and when they
last attempted to log in.
let timeframe = 1d; SecurityEvent | where TimeGenerated > ago(1d) | where AccountType == \\’User\\’ and EventID ==
4625 // 4625 – failed log in | summarize failed_login_attempts=count(), latest_failed_login=arg_max(TimeGenerated,
Account) by Account | where failed_login_attempts > 5 | project-away Account1
References: https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/examples

QUESTION 6
Your network contains an on-premises Active Directory domain named corp.contoso.com.
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named
contoso.com.
You sync all on-premises identities to Azure AD.
You need to prevent users who have a givenName attribute that starts with TEST from being synced to Azure AD. The
solution must minimize administrative effort.
What should you use?
A. Synchronization Rules Editor
B. Web Service Configuration Tool
C. the Azure AD Connect wizard
D. Active Directory Users and Computers
Correct Answer: A
Use the Synchronization Rules Editor and write attribute-based filtering rule.
References: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-change-theconfiguration

QUESTION 7
You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server 2016.
You need to implement a policy to ensure that each virtual machine has a custom antimalware virtual machine
extension installed.
How should you complete the policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Pass4itsure Microsoft AZ-500 exam questions q7

Correct Answer:

Pass4itsure Microsoft AZ-500 exam questions q7-2

Box 1: DeployIfNotExists
DeployIfNotExists executes a template deployment when the condition is met.
Box 2: Template
The details property of the DeployIfNotExists effects has all the subproperties that define the related resources to match
and the template deployment to execute.
Deployment [required]
This property should include the full template deployment as it would be passed to the Microsoft.Resources/deployment
References:
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects

QUESTION 8
You have the Azure Information Protection conditions shown in the following table.

Pass4itsure Microsoft AZ-500 exam questions q8

You have the Azure Information Protection labels shown in the following table.

Pass4itsure Microsoft AZ-500 exam questions q8-2

You need to identify how Azure Information Protection will label files.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Pass4itsure Microsoft AZ-500 exam questions q8-3

Correct Answer:

Pass4itsure Microsoft AZ-500 exam questions q8-4

Box 1: Label 2 only How multiple conditions are evaluated when they apply to more than one label
1. The labels are ordered for evaluation, according to their position that you specify in the policy: The label positioned
first has the lowest position (least sensitive) and the label positioned last has the highest position (most sensitive).
2. The most sensitive label is applied.
3. The last sublabel is applied.
Box 2: No Label
Automatic classification applies to Word, Excel, and PowerPoint when documents are saved, and apply to Outlook when
emails are sent. Automatic classification does not apply to Microsoft Notepad.
References:
https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-classification

QUESTION 9
You plan to use Azure Log Analytics to collect logs from 200 servers that run Windows Server 2016.
You need to automate the deployment of the Microsoft Monitoring Agent to all the servers by using an Azure Resource
Manager template.
How should you complete the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Pass4itsure Microsoft AZ-500 exam questions q9

Correct Answer:

Pass4itsure Microsoft AZ-500 exam questions q9-2

QUESTION 10
You have an Azure subscription that contains 100 virtual machines. Azure Diagnostics is enabled on all the virtual
machines.
You are planning the monitoring of Azure services in the subscription.
You need to retrieve the following details:
Identify the user who deleted a virtual machine three weeks ago.
Query the security events of a virtual machine that runs Windows Server 2016.
What should you use in Azure Monitor? To answer, drag the appropriate configuration settings to the correct details.
Each configuration setting may be used once, more than once, or not at all. You may need to drag the split bar between
panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Pass4itsure Microsoft AZ-500 exam questions q10

Correct Answer:

Pass4itsure Microsoft AZ-500 exam questions q10-2

QUESTION 11
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have a hybrid configuration of Azure Active Directory (AzureAD).
You have an Azure HDInsight cluster on a virtual network.
You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.
You need to configure the environment to support the planned authentication.
Solution: You deploy the On-premises data gateway to the on-premises network.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Instead, you connect HDInsight to your on-premises network by using Azure Virtual Networks and a VPN gateway.
Note: To allow HDInsight and resources in the joined network to communicate by name, you must perform the following
actions:
Create Azure Virtual Network.
Create a custom DNS server in the Azure Virtual Network.
Configure the virtual network to use the custom DNS server instead of the default Azure Recursive Resolver.
Configure forwarding between the custom DNS server and your on-premises DNS server.
References:

QUESTION 12
Your company uses Azure DevOps.
You need to recommend a method to validate whether the code meets the company\\’s quality standards and code
review standards.
What should you recommend implementing in Azure DevOps?
A. branch folders
B. branch permissions
C. branch policies
D. branch locking
Correct Answer: C
Branch policies help teams protect their important branches of development. Policies enforce your team\\’s code quality
and change management standards.
References: https://docs.microsoft.com/en-us/azure/devops/repos/git/branch-policies?view=azuredevopsandviewFallbackFrom=vsts

QUESTION 13
You have an Azure subscription.
You create an Azure web app named Contoso1812 that uses an S1 App service plan.
You create a DNS record for www.contoso.com that points to the IP address of Contoso1812.
You need to ensure that users can access Contoso1812 by using the https://www.contoso.com URL.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Turn on the system-assigned managed identity for Contoso1812.
B. Add a hostname to Contoso1812.
C. Scale out the App Service plan of Contoso1812.
D. Add a deployment slot to Contoso1812.
E. Scale up the App Service plan of Contoso1812.
Correct Answer: BE
B: You can configure Azure DNS to host a custom domain for your web apps. For example, you can create an Azure
web app and have your users access it using either www.contoso.com or contoso.com as a fully qualified domain name
(FQDN).
To do this, you have to create three records:
A root “A” record pointing to contoso.com A root “TXT” record for verification A “CNAME” record for the www name that
points to the A record
E: To map a custom DNS name to a web app, the web app\\’s App Service plan must be a paid tier (Shared, Basic,
Standard, Premium or Consumption for Azure Functions). I
Scale up the App Service plan: Select any of the non-free tiers (D1, B1, B2, B3, or any tier in the Production category).
References: https://docs.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domainaa

Check the more answers: https://www.pass4itsure.com/az-500.html

For Microsoft AZ-500 practice exam questions, Pass4itsure is the ideal choice. Good luck on your exam.

Microsoft Introduces Digital Badges for Certifications and Exams © 2018 Frontier Theme