[Dec 20, 2023] 100% Pass Guarantee for AZ-500 Dumps with Actual Exam Questions [Q106-Q123]

Share

[Dec 20, 2023] 100% Pass Guarantee for AZ-500 Dumps with Actual Exam Questions

Today Updated AZ-500 Exam Dumps Actual Questions


The Microsoft Azure Security Technologies certification exam is intended for security professionals who have a good understanding of Microsoft Azure and are familiar with security technologies, such as identity and access management, network security, and data protection. Candidates who pass AZ-500 exam will be able to demonstrate their ability to secure cloud resources and protect data in the cloud.


Microsoft AZ-500: Microsoft Azure Security Technologies is a certification exam that is designed for professionals who want to demonstrate their skills in securing Microsoft Azure cloud services. AZ-500 exam is aimed at security engineers, security analysts, and other professionals who are responsible for managing and implementing security controls in the Azure environment.

 

NEW QUESTION # 106
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
You are assigned the Global administrator role for the tenant. You are responsible for managing Azure Security Center settings.
You need to create a custom sensitivity label.
What should you do?

  • A. Elevate access for global administrators in Azure AD.
  • B. Create a custom sensitive information type.
  • C. Change Azure Security Center to use Standard-tier pricing.
  • D. Enable integration with Microsoft Cloud App Security.

Answer: B

Explanation:
Section: [none]
Explanation:
First, you need to create a new sensitive information type because you can't directly modify the default rules.
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/customize-a-built-in-sensitive-information-type


NEW QUESTION # 107
You have an Azure subscription that contains the following resources:
A network virtual appliance (NVA) that runs non-Microsoft firewall software and routes all outbound traffic from the virtual machines to the internet An Azure function that contains a script to manage the firewall rules of the NVA Azure Security Center standard tier enabled for all virtual machines An Azure Sentinel workspace
30 virtual machines
You need to ensure that when a high-priority alert is generated in Security Center for a virtual machine, an incident is created in Azure Sentinel and then a script is initiated to configure a firewall rule for the NVA.
How should you configure Azure Sentinel to meet the requirements? To answer, drag the appropriate components to the correct requirements. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/create-incidents-from-alerts
https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-security-center


NEW QUESTION # 108
You plan to use Azure Sentinel to create an analytic rule that will detect suspicious threats and automate responses.
Which components are required for the rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-custom
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook


NEW QUESTION # 109
You have an Azure subscription that contains the resources shown in the following table.

The subscription is linked to an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

You create the groups shown in the following table.

The membership rules for Group1 and Group2 are configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership


NEW QUESTION # 110
You have an Azure subscription that contains a storage account named storage1 and several virtual machines.
The storage account and virtual machines are in the same Azure region. The network configurations of the virtual machines are shown in the following table.

The virtual network subnets have service endpoints defined as shown in the following table.

You configure the following Firewall and virtual networks settings for storage1:
* Allow access from: Selected networks
* Virtual networks: VNET3\Subnet3
* Firewall - Address range: 52.233.129.0/24
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: No
VNet1 has a service endpoint configure for Azure Storage. However, the Azure storage does not allow access from VNet1 or the public IP address of VM1.
Box 2: Yes
VNet2 does not have a service endpoint configured. However, the Azure storage allows access from the public IP address of VM2.
Box 3: No
Azure storage allows access from VNet3. However, VNet3 does not have a service endpoint for Azure storage.
The Azure storage also does not allow access from the public IP of VM3.


NEW QUESTION # 111
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a hybrid configuration of Azure Active Directory (Azure AD).
You have an Azure HDInsight cluster on a virtual network.
https://www.fast2test.com/AZ-500-practice-test.html 10
Valid Fast2test AZ-500 Exam PDF Dumps - New AZ-500 Real Exam Questions
You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.
You need to configure the environment to support the planned authentication.
Solution: You deploy the On-premises data gateway to the on-premises network.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
Instead, you connect HDInsight to your on-premises network by using Azure Virtual Networks and a VPN gateway.
Note: To allow HDInsight and resources in the joined network to communicate by name, you must perform the following actions:
* Create Azure Virtual Network.
* Create a custom DNS server in the Azure Virtual Network.
* Configure the virtual network to use the custom DNS server instead of the default Azure Recursive Resolver.
* Configure forwarding between the custom DNS server and your on-premises DNS server.
References:
https://docs.microsoft.com/en-us/azure/hdinsight/connect-on-premises-network


NEW QUESTION # 112
You have a management group named Group1 that contains an Azure subscription named sub1. Sub1 has a subscription ID of 11111111-1234-1234-1234-1111111111.
You need to create a custom Azure role-based access control (RBAC) role that will delegate permissions to manage the tags on all the objects in Group1.
What should you include in the role definition of Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal#step-5-assignable-scopes


NEW QUESTION # 113
You have an Azure subscription that contains the storage accounts shown in the following table.

You need to configure authorization access.
Which authorization types can you use for each storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/storage/common/authorize-data-access


NEW QUESTION # 114
You have an Azure SQL Database server named SQL1.
You turn on Advanced Threat Protection for SQL1 to detect all threat detection types.
Which action will Advanced Threat Protection detect as a threat?

  • A. A user deletes more than 100 records from the same table.
  • B. A user attempts to sign in as SELECT * FROM table1.
  • C. A user updates more than 50 percent of the records in a table.
  • D. A user is added to the db_owner database role.

Answer: B

Explanation:
Advanced Threat Protection can detect potential SQL injections: This alert is triggered when an active exploit happens against an identified application vulnerability to SQL injection. This means the attacker is trying to inject malicious SQL statements using the vulnerable application code or stored procedures.
References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-threat-detection-overview


NEW QUESTION # 115
You need to deploy AKS1 to meet the platform protection requirements.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration


NEW QUESTION # 116
You have an Azure subscription that contains the virtual machines shown in the following table.

You create the Azure policies shown in the following table.

You create the resource locks shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 117
You create a new Azure subscription that is associated to a new Azure Active Directory (Azure AD) tenant.
You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the Microsoft Azure Management cloud app.
The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.)

The Grant settings for Portal Policy are configured as shown in the Grant exhibit. (Click the Grant tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition


NEW QUESTION # 118
You have an Azure Storage account named storage1 and an Azure virtual machine named VM1. VM1 has a premium SSD managed disk.
You need to enable Azure Disk Encryption for VM1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange then in the correct order.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault


NEW QUESTION # 119
You have an Azure key vault.
You need to delegate administrative access to the key vault to meet the following requirements:
Provide a user named User1 with the ability to set advanced access policies for the key vault.
Provide a user named User2 with the ability to add and delete certificates in the key vault.
Use the principle of least privilege.
What should you use to assign access to each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault


NEW QUESTION # 120
You have a web app named WebApp1.
You create a web application firewall (WAF) policy named WAF1.
You need to protect WebApp1 by using WAF1.
What should you do first?

  • A. Add an extension to WebApp1.
  • B. Deploy Azure Firewall.
  • C. Deploy an Azure Front Door.

Answer: C


NEW QUESTION # 121
You have an Azure subscription that contains the virtual machines shown in the following table.

You create the Azure policies shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking


NEW QUESTION # 122
You have an Azure Sentinel workspace that contains an Azure Active Directory (Azure AD) connector, an Azure Log Analytics query named Query1 and a playbook named Playbook1.
Query1 returns a subset of security events generated by Azure AD.
You plan to create an Azure Sentinel analytic rule based on Query1 that will trigger Playbook1.
You need to ensure that you can add Playbook1 to the new rule.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-custom
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook


NEW QUESTION # 123
......


The Microsoft AZ-500 exam measures the candidate's ability to secure the Azure platform, including virtual machines, applications, and data. It also tests the candidate's knowledge of Azure security services, such as Azure Security Center, Azure Active Directory, and Azure Information Protection. The AZ-500 exam is an essential step towards building a career in cloud security and is highly valued by employers seeking qualified Azure security engineers. With the demand for cloud security professionals on the rise, passing the AZ-500 exam is a great way to enhance your skills and advance your career in the field of cloud security.

 

AZ-500 exam dumps with real Microsoft questions and answers: https://www.exam4pdf.com/AZ-500-dumps-torrent.html

AZ-500 Exam in First Attempt Guaranteed: https://drive.google.com/open?id=1M6Mio3eiLAJBtwEFiBu3pAFDU2XkYl99