Practice Free Microsoft AZ-500 Exam Questions Online, AZ-500 Free Demo

Question 31 Selectable Answer

You have an Azure subscription that contains an Azure Files share named share1 and a user named User1. Identity-based authentication is configured for share1.
User1 attempts to access share1 from a Windows 10 device by using SMB.
Which type of token will Azure Files use to authorize the request?

A. OAuth 20
B. JSON Web Token (JWT)
C. Kerberos
D. SAML

Answer:
Explanation:
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable?tabs=azure-portal

Question 32 Written Answer

HOTSPOT
You have an Azure Subscription that is linked to an Azure Active Directory (Azure AD).
The tenant contains the users shown in the following table.

You have an Azure key vault named Vault1 that has Purge protection set to Disabled.
Vault1 contains the access policies shown in the following table.

You create role assignments for Vault1 as shown in the following table.

For each of the following statements, Yes if the statement is true, Otherwise, select No. NOTE: Each correct selection is worth one point.

Answer:

Question 33 Written Answer

HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

In Azure AD Privileged Identity Management (PIM), the Role settings for the Contributor role are configured as shown in the exhibit. (Click the Exhibit tab.)

You assign users the Contributor role on May 1, 2019 as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Answer:

Explanation:
References: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-assign-roles

Question 34 Written Answer

DRAG DROP
You need to configure an access review. The review will be assigned to a new collection of reviews and reviewed by resource owners.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:
Step 1: Create an access review program
Step 2: Create an access review control
Step 3: Set Reviewers to Group owners In the Reviewers section, select either one or more people to review all the users in scope. Or you can select to have the members review their own access. If the resource is a group, you can ask the group owners to review.

References:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review
https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-programs-controls

Question 35 Written Answer

HOTSPOT
You are evaluating the security of VM1, VM2, and VM3 in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Answer:

Question 36 Selectable Answer

You have been tasked with applying conditional access policies for your company’s current Azure Active Directory (Azure AD).
The process involves assessing the risk events and risk levels.
Which of the following is the risk level that should be configured for users that have leaked credentials?

A. None
B. Low
C. Medium
D. High

Answer:
Explanation:
These six types of events are categorized in to 3 levels of risks C High, Medium & Low:

Table
Description automatically generated
Reference: http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/

Question 37 Written Answer

HOTSPOT
You have an Azure subscription that has a managed identity named identity and is linked to an Azure Active Directory (Azure AD) tenant.
The tenant contains the resources shown in the following table.

Which resources can be added to AU1 and AU2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Question 38 Written Answer

HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.

You create the Azure Storage accounts shown in the following table.

You need to configure auditing for SQL1.
Which storage accounts and Log Analytics workspaces can you use as the audit log destination? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Question 39 Written Answer

HOTSPOT
You have the role assignments shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Answer:

Question 40 Selectable Answer

You have an Azure subscription that contains an Azure SQL database named sql1. You plan to audit sql1. You need to configure the audit log destination.
The solution must meet the following requirements:
- Support querying events by using the Kusto query language.
- Minimize administrative effort.
What should you configure?

A. an event hub
B. a storage account
C. a Log Analytics workspace

Answer:
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-log-analytics- wizard

Question 41 Selectable Answer

You have an Azure virtual machine named VM1.
From Azure Security Center, you get the following high-severity recommendation: “Install endpoint protection solutions on virtual machine” .
You need to resolve the issue causing the high-severity recommendation.
What should you do?

A. Add the Microsoft Antimalware extension to VM1.
B. Install Microsoft System Center Security Management Pack for Endpoint Protection on VM1.
C. Add the Network Watcher Agent for Windows extension to VM1.
D. Onboard VM1 to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).

Answer:
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/security-center/security-center-endpoint-protection

Question 42 Selectable Answer

You have an Azure AD tenant that contains 500 users and an administrative unit named AU1.
From the Azure Active Directory admin center, you plan to add the users to AU1 by using Bulk add members.
You need to create and upload a file for the bulk add.
What should you include in the file?

A. only the display name of each user
B. only the user principal name (UPN) of each user
C. only the object identifier of each user
D. only the user principal name (UPN) and object identifier of each user
E. Only the user principal name (UPN) and display name of each user

Answer:

Question 43 Written Answer

HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.

The subscription is linked to an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

You create the groups shown in the following table.

The membership rules for Group1 and Group2 are configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Text
Description automatically generated
Reference: https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership

Question 44 Selectable Answer

You have an Azure subscription that contains a user named Adminl1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer.
Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center.
You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1.
What should you do?

A. Create and configure an additional public IP address for VM 1.
B. Replace the Basic Load Balancer with an Azure Standard Load Balancer.
C. Assign an Azure Active Directory Premium Plan 1 license to Admin1.
D. Create and configure a network security group (NSG).

Answer:
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-config-asc%2Cjit-request-asc

Question 45 Written Answer

HOTSPOT
You have an Azure subscription that contains an Azure key vault named ContosoKey1.
You create users and assign them roles as shown in the following table.

You need to identify which users can perform the following actions:
- Delegate permissions for ContsosKey1.
- Configure network access to ContosoKey1.
Which users should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Reference: https://docs.microsoft.com/en-gb/azure/key-vault/general/rbac-guide

Test Online Free Microsoft AZ-500 Exam Questions and Answers