Download Free Latest Microsoft AZ-500 Practice Exam Questions

test2022-04-13T06:32:37+00:00

If you take the AZ-500 Microsoft Azure Security Technologies exam you will earn the Microsoft certified: Azure Security Enginer Associate certification. If you are preparing for AZ-500 exam, you should get AZ-500 practice exam questions to pass in the first try. Free demos are particularly important since they allow you to examine the exact quality of the AZ-500 practice material. You can freely download the AZ-500 free demo before purchasing. FreeTestShare AZ-500 practice exam questions are exactly the right study tools that contain genuine exam questions and answers to help you pass the AZ-500 exam on the first try!

HHere we’ve prepared some real AZ-500 exam questions. Have a try!

Page 1 of 8

1. CORRECT TEXT

The developers at your company plan to publish an app named App11641655 to Azure.

You need to ensure that the app is registered to Azure Active Directory (Azure AD). The registration must use the sign-on URLs of https://app.contoso.com.

To complete this task, sign in to the Azure portal and modify the Azure resources.

2. HOTSPOT

You have an Azure subscription named Subcription1 that contains the resources shown in the following table.

You have an Azure subscription named Subcription2 that contains the following resources:

✑ An Azure Sentinel workspace

✑ An Azure Event Grid instance

You need to ingest the CEF messages from the NVAs to Azure Sentinel. NOTE: Each correct selection is worth one point.

3. HOTSPOT

You have two Azure virtual machines in the East US2 region as shown in the following table.

You deploy and configure an Azure Key vault.

You need to ensure that you can enable Azure Disk Encryption on VM1 and VM2.

What should you modify on each virtual machine? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

4. You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.

You are assigned the Global administrator role for the tenant. You are responsible for managing Azure Security Center settings.

You need to create a custom sensitivity label.

What should you do first?

Create a custom sensitive information type.

Elevate access for global administrators in Azure A

Upgrade the pricing tier of the Security Center to Standard.

Enable integration with Microsoft Cloud App Security.

5. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a hybrid configuration of Azure Active Directory (AzureAD).

You have an Azure HDInsight cluster on a virtual network.

You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.

You need to configure the environment to support the planned authentication.

Solution: You create a site-to-site VPN between the virtual network and the on-premises network.

Does this meet the goal?

Yes

6. From Azure Security Center, you need to deploy SecPol1.

What should you do first?

Enable Azure Defender.

Create an Azure Management group.

Create an initiative.

Configure continuous export.

7. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.

You use several policy definitions to manage the security of the subscriptions.

You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create an initiative and an assignment that is scoped to the Tenant Root Group management group.

Does this meet the goal?

Yes

8. CORRECT TEXT

You need to ensure that a user named Danny11597200 can sign in to any SQL database on a Microsoft SQL server named web11597200 by using SQL Server Management Studio (SSMS) and Azure Active Directory (Azure AD) credentials.

To complete this task, sign in to the Azure portal.

9. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You create and enforce an Azure AD Identity Protection user risk policy that has the

following settings:

✑ Assignment: Include Group1, Exclude Group2

✑ Conditions: Sign-in risk of Medium and above

✑ Access: Allow access, Require password change

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

10. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.

You use several policy definitions to manage the security of the subscriptions.

You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create a policy definition and assignments that are scoped to resource groups.

Does this meet the goal?

Yes

Page 2 of 8

11. You have an Azure subscription that contains the virtual networks shown in the following table.

The subscription contains the virtual machines shown in the following table.

On NIC1, you configure an application security group named ASG1.

On which other network interfaces can you configure ASG1?

NIC2 only

NIC2, NIC3, NIC4, and NIC5

NIC2 and NIC3 only

NIC2, NIC3, and NIC4 only

12. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a hybrid configuration of Azure Active Directory (Azure AD).

You have an Azure HDInsight cluster on a virtual network.

You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.

You need to configure the environment to support the planned authentication.

Solution: You deploy an Azure AD Application Proxy.

Does this meet the goal?

Yes

13. CORRECT TEXT

You need to configure a weekly backup of an Azure SQL database named Homepage. The backup must be retained for eight weeks.

To complete this task, sign in to the Azure portal.

14. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

Azure AD Privileged Identity Management (PIM) is enabled for the tenant.

In PIM, the Password Administrator role has the following settings:

✑ Maximum activation duration (hours): 2

✑ Send email notifying admins of activation: Disable

✑ Require incident/request ticket number during activation: Disable

✑ Require Azure Multi-Factor Authentication for activation: Enable

✑ Require approval to activate this role: Enable

✑ Selected approver: Group1

You assign users the Password Administrator role as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

15. CORRECT TEXT

You need to enable Advanced Data Security for the SQLdb1 Azure SQL database. The solution must ensure that Azure Advanced Threat Protection (ATP) alerts are sent to [email protected].

To complete this task, sign in to the Azure portal and modify the Azure resources.

16. DRAG DROP

You have an Azure subscription.

You plan to create a storage account.

You need to use customer-managed keys to encrypt the tables in the storage account.

From Azure Cloud Shell, which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.

17. CORRECT TEXT

You need to ensure that when administrators deploy resources by using an Azure Resource Manager template, the deployment can access secrets in an Azure key vault named KV11597200.

To complete this task, sign in to the Azure portal.

18. DRAG DROP

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Subscription named Sub1. Sub1 contains an Azure virtual machine named VM1 that runs Windows Server 2016.

You need to encrypt VM1 disks by using Azure Disk Encryption.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

19. DRAG DROP

You need to configure an access review. The review will be assigned to a new collection of reviews and reviewed by resource owners.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

20. HOTSPOT

You plan to implement an Azure function named Function1 that will create new storage accounts for containerized application instances.

You need to grant Function1 the minimum required privileges to create the storage accounts. The solution must minimize administrative effort.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Page 3 of 8

21. HOTSPOT

You have a management group named Group1 that contains an Azure subscription named sub1. Sub1 has a subscription ID of 11111111-1234-1234-1234-1111111111.

You need to create a custom Azure role-based access control (RBAC) role that will delegate permissions to manage the tags on all the objects in Group1.

What should you include in the role definition of Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

22. You have an Azure Active Directory (Azure AD) tenant named Contoso.com and an Azure Service (AKS) cluster AKS1.

You discover that AKS1 cannot be accessed by using accounts from Contoso.com

You need to ensure AKS1 can be accessed by using accounts from Contoso.com The solution must minimize administrative effort.

What should you do first?

From Azure recreate AKS1,

From AKS1, upgrade the version of Kubermetes.

From Azure AD, implement Azure AD Premium P2.

From Azure AD, configure the User settings

23. CORRECT TEXT

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: [email protected]

Azure Password: Ag1Bh9!#Bd

The following information is for technical support purposes only:

Lab Instance: 10598168

You need to prevent administrative users from accidentally deleting a virtual network named VNET1. The administrative users must be allowed to modify the settings of VNET1.

To complete this task, sign in to the Azure portal.

24. HOTSPOT

You are evaluating the security of the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

25. You have an Azure virtual machine named VM1.

From Azure Security Center, you get the following high-severity recommendation: “Install endpoint protection solutions on virtual machine”.

You need to resolve the issue causing the high-severity recommendation.

What should you do?

Add the Microsoft Antimalware extension to VM1.

Install Microsoft System Center Security Management Pack for Endpoint Protection on VM1.

Add the Network Watcher Agent for Windows extension to VM1.

Onboard VM1 to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).

26. You have an Azure subscription that contains virtual machines.

You enable just in time (JIT) VM access to all the virtual machines.

You need to connect to a virtual machine by using Remote Desktop.

What should you do first?

From Azure Directory (Azure AD) Privileged Identity Management (PIM), activate the Security administrator user role.

From Azure Active Directory (Azure AD) Privileged Identity Management (PIM), activate the Owner role for the virtual machine.

From the Azure portal, select the virtual machine, select Connect, and then select Request access.

From the Azure portal, select the virtual machine and add the Network Watcher Agent virtual machine extension.

27. You have an Azure Active Directory (Azure AD) tenant named contoso.com

You need to configure diagnostic settings for contoso.com.

The solution must meet the following requirements:

• Retain loqs for two years.

• Query logs by using the Kusto query language

• Minimize administrative effort.

Where should you store the logs?

an Azure Log Analytics workspace

an Azure event hub

an Azure Storage account

28. HOTSPOT

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You create an Azure role by using the following JSON file.

You assign Role1 to User1 for RG1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

29. You onboard Azure Sentinel. You connect Azure Sentinel to Azure Security Center.

You need to automate the mitigation of incidents in Azure Sentinel. The solution must minimize administrative effort.

What should you create?

an alert rule

a playbook

a function app

a runbook

30. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription named Sub1.

You have an Azure Storage account named Sa1 in a resource group named RG1.

Users and applications access the blob service and the file service in Sa1 by using several shared access signatures (SASs) and stored access policies.

You discover that unauthorized users accessed both the file service and the blob service.

You need to revoke all access to Sa1.

Solution: You create a lock on Sa1.

Does this meet the goal?

Yes

Page 4 of 8

31. HOTSPOT

You have an Azure subscription that contains an Azure Sentinel workspace.

Azure Sentinel is configured to ingest logs from several Azure workloads. A third-party service management platform is used to manage incidents.

You need to identify which Azure Sentinel components to configure to meet the following requirements:

✑ When Azure Sentinel identifies a threat, an incident must be created.

✑ A ticket must be logged in the service management platform when an incident is created in Azure Sentinel.

Which component should you identify for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

32. You have 10 virtual machines on a single subnet that has a single network security group (NSG).

You need to log the network traffic to an Azure Storage account.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Install the Network Performance Monitor solution.

Enable Azure Network Watcher.

Enable diagnostic logging for the NS

Enable NSG flow logs.

Create an Azure Log Analytics workspace.

33. HOTSPOT

You have the hierarchy of Azure resources shown in the following exhibit.

You create the Azure Blueprints definitions shown in the following table.

To which objects can you assign Blueprint1 and Blueprint2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

34. You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.

The User administrator role is assigned to a user named Admin1.

An external partner has a Microsoft account that uses the [email protected] sign in.

Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following

error message: “Unable to invite user [email protected] Generic authorization exception.”

You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.

What should you do?

From the Roles and administrators blade, assign the Security administrator role to Admin1.

From the Organizational relationships blade, add an identity provider.

From the Custom domain names blade, add a custom domain.

From the Users blade, modify the External collaboration settings.

35. You have an Azure Active Directory (Azure AD) tenant and a root management group.

You create 10 Azure subscriptions and add the subscriptions to the rout management group.

You need to create an Azure Blueprints definition that will be stored in the root management group.

What should you do first?

Add an Azure Policy definition to the root management group.

Modify the role-based access control (RBAC) role assignments for the root management group.

Create a user-assigned identity.

Create a service principal.

36. CORRECT TEXT

You plan to connect several Windows servers to the WS11641655 Azure Log Analytics workspace.

You need to ensure that the events in the System event logs are collected automatically to the workspace after you connect the Windows servers.

To complete this task, sign in to the Azure portal and modify the Azure resources.

37. DRAG DROP

You create an Azure subscription with Azure AD Premium P2.

You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure roles.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

38. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains three security groups named Group1, Group2, and Group3 and the users shown in the following table.

Group3 is a member of Group2.

In contoso.com, you register an enterprise application named App1 that has the following settings:

✑ Owners: User1

✑ Users and groups: Group2

You configure the properties of App1 as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select no. NOTE: Each correct selection is worth one point.

39. HOTSPOT

You create a new Azure subscription that is associated to a new Azure Active Directory (Azure AD) tenant.

You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the Microsoft Azure Management cloud app.

The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.)

The Grant settings for Portal Policy are configured as shown in the Grant exhibit. (Click the Grant tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

40. CORRECT TEXT

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: [email protected]

Azure Password: Ag1Bh9!#Bd

The following information is for technical support purposes only:

Lab Instance: 10598168

The developers at your company plan to create a web app named App10598168 and to publish the app to https://www.contoso.com.

You need to perform the following tasks:

✑ Ensure that App10598168 is registered to Azure Active Directory (Azure AD).

✑ Generate a password for App10598168.

To complete this task, sign in to the Azure portal.

Page 5 of 8

41. You have an Azure subscription that contains an Azure SQL database named sql1.

You plan to audit sql1.

You need to configure the audit log destination.

The solution must meet the following requirements:

✑ Support querying events by using the Kusto query language.

✑ Minimize administrative effort.

What should you configure?

an event hub

a storage account

a Log Analytics workspace

42. You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant.

From the Azure portal, you register an enterprise application.

Which additional resource will be created in Azure AD?

a service principal

509 certificate

a managed identity

a user account

43. You need to recommend which virtual machines to use to host App1. The solution must meet the technical requirements for KeyVault1.

Which virtual machines should you use?

VM1 only

VM1 and VM2 only

VM1, VM2, and VM4 only

VM1, VM2, VM3. and VM4

44. HOTSPOT

Which virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

45. HOTSPOT

STION NO: 37 HOTSPOT

You network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant.

The tenant contains the users shown in the following table.

The tenant contains the groups shown in the following table.

You configure a multi-factor authentication (MFA) registration policy that and the following settings:

• Assignments:

• Include: Group1

• Exclude Group2

• Controls: Require Azure MFA registration

• Enforce Policy: On

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

46. You have an Azure subscription named Sub1.

In Azure Security Center, you have a workflow automation named WF1. WF1 is configured to send an email message to a user named User1.

You need to modify WF1 to send email messages to a distribution group named Alerts.

What should you use to modify WF1?

Azure Application Insights

Azure Monitor

Azure Logic Apps Designer

Azure DevOps

47. You have an Azure subscription that contains an Azure key vault named Vault1.

In Vault1, you create a secret named Secret1.

An application developer registers an application in Azure Active Directory (Azure AD).

You need to ensure that the application can use Secret1.

What should you do?

In Azure AD, create a role.

In Azure Key Vault, create a key.

In Azure Key Vault, create an access policy.

In Azure AD, enable Azure AD Application Proxy.

48. HOTSPOT

Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure Active Directory (Azure AD).

The Azure AD tenant contains the users shown in the following table.

You configure the Authentication methods C Password Protection settings for adatum.com as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

49. You have an Azure Container Registry named ContReg1 that contains a container image named image1.

You enable content trust for ContReg1.

After content trust is enabled, you push two images to ContReg1 as shown in the following table.

Which images are trusted images?

image1 and image2 only

image2 only

image1, image2, and image3

50. HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.

You create the Azure Storage accounts shown in the following table.

You need to configure auditing for SQL1.

Which storage accounts and Log Analytics workspaces can you use as the audit log destination? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Page 6 of 8

51. You have an Azure subscription that contains the virtual machines shown in the following table.

All the virtual networks are peered.

You deploy Azure Bastion to VNET2.

Which virtual machines can be protected by the bastion host?

VM1, VM2, VM3, and VM4

VM1, VM2, and VM3 only

VM2 and VM4 only

VM2 only

52. DRAG DROP

You have an Azure subscription that contains 100 virtual machines. Azure Diagnostics is enabled on all the virtual machines.

You are planning the monitoring of Azure services in the subscription.

You need to retrieve the following details:

✑ Identify the user who deleted a virtual machine three weeks ago.

✑ Query the security events of a virtual machine that runs Windows Server 2016.

What should you use in Azure Monitor? To answer, drag the appropriate configuration settings to the correct details. Each configuration setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

53. You have three on-premises servers named Server1, Server2, and Server3 that run Windows Server1 and Server2 and located on the Internal network. Server3 is located on

the premises network. All servers have access to Azure.

From Azure Sentinel, you install a Windows firewall data connector.

You need to collect Microsoft Defender Firewall data from the servers for Azure Sentinel.

What should you do?

Create an event subscription from Server1, Server2 and Server3

Install the On-premises data gateway on each server.

Install the Microsoft Agent on each server.

Install the Microsoft Agent on Server1 and Server2 install the on-premises data gateway on Server3.

54. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.

You use several policy definitions to manage the security of the subscriptions.

You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create a policy initiative and assignments that are scoped to resource groups.

Does this meet the goal?

Yes

55. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

You create and enforce an Azure AD Identity Protection sign-in risk policy that has the following settings:

✑ Assignments: Include Group1, exclude Group2

✑ Conditions: Sign-in risk level: Medium and above

✑ Access Allow access, Require multi-factor authentication

You need to identify what occurs when the users sign in to Azure AD.

What should you identify for each user? To answer, select the appropriate options in the

answer area. NOTE: Each correct selection is worth one point.

56. HOTSPOT

You have a network security group (NSG) bound to an Azure subnet.

You run Get-AzureRmNetworkSecurityRuleConfig and receive the output shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

57. HOTSPOT

You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.

You plan to implement an application that will consist of the resources shown in the following table.

Users will authenticate by using their Azure AD user account and access the Cosmos DB account by using resource tokens.

You need to identify which tasks will be implemented in CosmosDB1 and WebApp1.

Which task should you identify for each resource? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

58. HOTSPOT

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.

The tenant contains the users shown in the following table.

You create a resource group named RG1.

Which users can modify the permissions for RG1 and which users can create virtual networks in RG1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

59. HOTSPOT

You have an Azure subscription that contains the alerts shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

60. You have an Azure subscription named Sub1. Sub1 contains a virtual network named VNet1 that contains one subnet named Subnet1.

You create a service endpoint for Subnet1.

Subnet1 contains an Azure virtual machine named VM1 that runs Ubuntu Server 18.04.

You need to deploy Docker containers to VM1. The containers must be able to access Azure Storage resources and Azure SQL databases by using the service endpoint.

Create an application security group and a network security group (NSG).

Edit the docker-compose.yml file.

Install the container network interface (CNI) plug-in.

Page 7 of 8

61. CORRECT TEXT

You need to ensure that User2-11641655 has all the key permissions for KeyVault11641655.

To complete this task, sign in to the Azure portal and modify the Azure resources.

62. DRAG DROP

You need to configure SQLDB1 to meet the data and application requirements.

Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

63. Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory Azure (Azure AD) tenant named contoso.com.

The company develops a mobile application named App1. App1 uses the OAuth 2 implicit grant type to acquire Azure AD access tokens.

You need to register App1 in Azure AD.

What information should you obtain from the developer to register the application?

a redirect URI

a reply URL

a key

an application ID

64. HOTSPOT

You are evaluating the security of the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

65. You have an Azure Active Directory (Azure AD) tenant.

You need to prevent nonprivileged Azure AD users from creating service principals in Azure AD.

What should you do in the Azure Active Directory admin center of the tenant?

From the Properties Wade, set Enable Security defaults to Yes.

From the Properties blade, set Access management fen Azure resources to No

From the User settings blade, set Users can register applications to No

From the User settings blade, set Restrict access to Azure AD administration portal to Yes.

66. DRAG DROP

You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) data connector.

You are threat hunting suspicious traffic from a specific IP address.

You need to annotate an intermediate event stored in the workspace and be able to reference the IP address when navigating through the investigation graph.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

67. ON NO: 114

You have an Azure subscription that contains a user named User1 and an Azure Container Registry named ConReg1.

You enable content trust for ContReg1.

You need to ensure that User1 can create trusted images in ContReg1. The solution must use the principle of least privilege.

Which two roles should you assign to User1? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

AcrQuarantineReader

Contributor

AcrPush

AcrImageSigner

AcrQuarantineWriter

68. You have an Azure subscription that contains the Azure virtual machines shown in the following table.

You create an MDM Security Baseline profile named Profile1.

You need to identify to which virtual machines Profile1 can be applied.

Which virtual machines should you identify?

VM1 only

VM1, VM2, and VM3 only

VM1 and VM3 only

VM1, VM2, VM3, and VM4

69. You have an Azure web app named webapp1.

You need to configure continuous deployment for webapp1 by using an Azure Repo.

What should you create first?

an Azure Application Insights service

an Azure DevOps organization

an Azure Storage account

an Azure DevTest Labs lab

70. DRAG DROP

You have an Azure subscription named Sub1 that contains an Azure Log Analytics workspace named LAW1.

You have 500 Azure virtual machines that run Windows Server 2016 and are enrolled in LAW1.

You plan to add the System Update Assessment solution to LAW1.

You need to ensure that System Update Assessment-related logs are uploaded to LAW1 from 100 of the virtual machines only.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Page 8 of 8

71. HOTSPOT

You have an Azure Sentinel workspace that contains an Azure Active Directory (Azure AD) connector, an Azure Log Analytics query named Query1 and a playbook named Playbook1.

Query1 returns a subset of security events generated by Azure AD.

You plan to create an Azure Sentinel analytic rule based on Query1 that will trigger Playbook1.

You need to ensure that you can add Playbook1 to the new rule.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.