1. Home
  2. AZ-500 Free Questions
Free Demo Questions

Test Online Free Microsoft AZ-500 Exam Questions and Answers

Practice a live sample before buying full access. This page keeps the free AZ-500 question set organized by page so visitors and search engines can reach the canonical -questions.html URL directly.

Updated Aug 09, 2025 91 Questions 7 Pages
Get AZ-500 Full Access
Page 4 of 7
Previous Page
Next Page
Question 46 Written Answer
CORRECT TEXT
You have a Microsoft Sentinel deployment.
You need to connect a third-party security solution to the deployment. The third-party solution will send Common Event Format (CER-formatted messages.
What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Answer:

Question 47 Written Answer
HOTSPOT
You have an Azure subscription named Sub1 that contains the resource groups shown in the following table.



You create the Azure Policy definition shown in the following exhibit.



You assign the policy to Sub1.
You plan to create the resources shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.


Answer:

Question 48 Written Answer
HOTSPOT
You create a new Azure subscription that is associated to a new Azure Active Directory (Azure AD) tenant.
You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the Microsoft Azure Management cloud app.
The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.)



The Grant settings for Portal Policy are configured as shown in the Grant exhibit. (Click the Grant tab.)



For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.


Answer:


Explanation:
Box 1: No
The Contoso location is excluded
Box 2: NO
Box 3: NO
Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
Question 49 Written Answer
DRAG DROP
You create an Azure subscription.
You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure AD roles.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Answer:


Explanation:
Step 1: Consent to PIM



Step: 2 Verify your identity by using multi-factor authentication (MFA) Click Verify my identity to verify your identity with Azure MFA. You'll be asked to pick an account.
Step 3: Sign up PIM for Azure AD roles
Once you have enabled PIM for your directory, you'll need to sign up PIM to manage Azure AD roles.
References: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started
Question 50 Selectable Answer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create an initiative and an assignment that is scoped to the Tenant Root Group management group.
Does this meet the goal?

Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview
https://4sysops.com/archives/apply-governance-policy-to-multiple-azure-subscriptions-with-management-groups/
Question 51 Selectable Answer
You need to ensure that users can access VM0. The solution must meet the platform protection requirements.
What should you do?

Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-dnat
Question 52 Selectable Answer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to rt As a result, these questions will not appear in the review screen. You have an Azure subscription named Sub1. You have an Azure Storage account named Sa1 in a resource group named RG1. Users and applications access the blob service and the file service in Sal by using several shared access signatures {SASs) and stored access policies. You discover that unauthorized users accessed both the rile service and the blob service. You need to revoke all access to Sa1.
Solution: You regenerate the access keys.
Does this meet the goal?

Answer:
Explanation:
To revoke a stored access policy, you can either delete it, or rename it by changing the signed identifier. Changing the signed identifier breaks the associations between any existing signatures and the stored access policy. Deleting or renaming the stored access policy immediately effects all of the shared access signatures associated with it.
References: https://docs.microsoft.com/en-us/rest/api/storageservices/Establishing-a-Stored-Access-Policy
Question 53 Selectable Answer
You have an Azure subscription.
You create an Azure web app named Contoso1812 that uses an S1 App service plan. You create a DNS record for www.contoso.com that points to the IP address of Contoso1812.
You need to ensure that users can access Contoso1812 by using the https://www.contoso.com URL.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Answer:
Explanation:
B: You can configure Azure DNS to host a custom domain for your web apps. For example, you can create an Azure web app and have your users access it using either www.contoso.com or contoso.com as a fully qualified domain name (FQDN).
To do this, you have to create three records:
A root "A" record pointing to contoso.com A root "TXT" record for verification
A "CNAME" record for the www name that points to the A record
F: To use HTTPS, you need to upload a PFX file to the Azure Web App.
The PFX file will contain the SSL certificate required for HTTPS.
References: https://docs.microsoft.com/en-us/azure/dns/dns-web-sites-custom- Domain
Question 54 Selectable Answer
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain.
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to deploy Azure AD Connect and to integrate Active Directory and the Azure AD tenant. You need to recommend an integration solution that meets the following requirements:
Ensures that password policies and user logon restrictions apply to user accounts that are synced
to the Tenant Minimizes the number of servers required for the solution.
Which authentication method should you include in the recommendation?

Answer:
Explanation:
Question 55 Written Answer
CORRECT TEXT
You have an Azure subscription that contains the storage accounts shown in the following, table.



You enable Microsoft Defender for Storage.
Which storage services of storages are monitored by Microsoft Defender for Storage, and which storage accounts are protected by Microsoft Defender for Storage? To answer, select the appropriate options in the answer area.


Answer:

Question 56 Selectable Answer
You have an Azure subscription that contains a virtual network.
The virtual network contains the subnets shown in the following table.



The subscription contains the virtual machines shown in the following table.



You enable just in time (JIT) VM access for all the virtual machines.
You need to identify which virtual machines are protected by JIT.
Which virtual machines should you identify?

Answer:
Explanation:
An NSG needs to be enabled, either at the VM level or the subnet level.
Reference: https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time
Question 57 Written Answer
HOTSPOT
You have an Azure subscription that contains an Azure key vault named Vault1.
On January 1, 2019, Vault1 stores the following secrets.



Which can each secret be used by an application? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Answer:


Explanation:
Box 1: Never
Password1 is disabled.
Box 2: Only between March 1, 2019 and May 1,
Password2:



Reference: https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/set-azurekeyvaultsecretattribute
Question 58 Selectable Answer
You have a web app named WebApp1.
You create a web application firewall (WAF) policy named WAF1.
You need to protect WebApp1 by using WAF1.
What should you do first?

Answer:
Explanation:
References: https://docs.microsoft.com/en-us/azure/frontdoor/quickstart-create-front-door
Question 59 Selectable Answer
You plan to create an Azure Kubernetes Service (AKS) cluster in an Azure subscription.
The manifest of the registered server application is shown in the following exhibit.



You need to ensure that the AKS cluster and Azure Active Directory (Azure AD) are integrated.
Which property should you modify in the manifest?

Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration-cli
https://www.codeproject.com/Articles/3211864/Operation-and-Maintenance-of-AKS-Applications
Question 60 Written Answer
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.



You perform the following tasks:
Create a managed identity named Managed1.
Create a Microsoft 365 group named Group1.
You need to identify which service principals were created and which identities can be assigned the Reader role for RG1.
What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Answer:

Showing page 4 of 7
Previous Page
Next Page

All copyrights reserved 2026 PassQuestion NETWORK CO.,LIMITED. All Rights Reserved.

Passquestion doesn't offer Real Microsoft, Amazon, Cisco Exam Questions. All Passquestion content is sourced from the Internet.