Effective Microsoft AZ-500 practice exam for free 2020

Where can I download the Microsoft AZ-500 practice exam?Examinationsite providing latest updates for Microsoft AZ-500 practice exam which will help you to pass this exam.https://www.pass4itsure.com/az-500.html The AZ-500 questions & answers covers all the knowledge points of the real exam.

Latest Microsoft AZ-500 PDF Dumps 2020 https://drive.google.com/open?id=1leSnfyC6H4CqUzKErc3gR-JY0D45DiXx

Microsoft AZ-500 PDF Dumps https://drive.google.com/open?id=17GeyCcZWEXKhRE90O0UtqE2TG48HqSYZ

Microsoft AZ-500 practice exam for free 2020

Exam AZ-500: Microsoft Azure Security Technologies: measures your ability to accomplish the following technical tasks: manage identity and access; implement platform protection; manage security operations; and secure data and applications.

https://docs.microsoft.com/en-us/learn/certifications/exams/az-500

The following learning resources will help you.

  • Online training – explore free learning paths, courses and hands-on learning on Microsoft Learn
  • Instructor-led Training-AZ-500: Microsoft Azure Security Technology
  • Pass4itsure Microsoft AZ-500 exam practice questions

Microsoft AZ-500 exam practice | Youtube

(1-13) Microsoft AZ-500 exam practice questions:

QUESTION 1
You are evaluating the security of the network communication between the virtual machines in Sub2. For each of the
following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth
one point.
Hot Area:

Pass4itsure AZ-500 exam questions-q1

Correct Answer:

Pass4itsure AZ-500 exam questions-q1-2

Box 1: Yes
NSG1 has the inbound security rules shown in the following table.

Pass4itsure AZ-500 exam questions-q1-3

NSG2 has the inbound security rules shown in the following table.

Pass4itsure AZ-500 exam questions-q1-4

Box 2: Yes
Box 3: No
Note:
Sub2 contains the virtual machines shown in the following table.

Pass4itsure AZ-500 exam questions-q1-5

Sub2 contains the network security groups (NSGs) shown in the following table.

Pass4itsure AZ-500 exam questions-q1-6

QUESTION 2
You need to meet the identity and access requirements for Group1. What should you do?
A. Add a membership rule to Group1.
B. Delete Group1. Create a new group named Group1 that has a membership type of Office 365. Add users and
devices to the group.
C. Modify the membership rule of Group1.
D. Change the membership type of Group1 to Assigned. Create two groups that have dynamic memberships. Add the
new groups to Group1.
Correct Answer: B
Incorrect Answers:
A, C: You can create a dynamic group for devices or for users, but you can\\’t create a rule that contains both users and
devices.
D: For assigned group you can only add individual members.
Scenario:
Litware identifies the following identity and access requirements: All San Francisco users and their devices must be
members of Group1.
The tenant currently contain this group:

Pass4itsure AZ-500 exam questions-q2

References: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal

QUESTION 3

Pass4itsure AZ-500 exam questions-q3

You create an Azure Log Analytics workspace named Analytics1 in RG1 in the East US region.
Which virtual machines can be enrolled in Analytics1?
A. VM1 only
B. VM1, VM2, and VM3 only
C. VM1, VM2, VM3, and VM4
D. VM1 and VM4 only
Correct Answer: A
Note: Create a workspace
In the Azure portal, click All services. In the list of resources, type Log Analytics. As you begin typing, the list filters
based on your input. Select Log Analytics.
Click Create, and then select choices for the following items:
Provide a name for the new Log Analytics workspace, such as DefaultLAWorkspace. OMS workspaces are now
referred to as Log Analytics workspaces.
Select a Subscription to link to by selecting from the drop-down list if the default selected is not appropriate.
For Resource Group, select an existing resource group that contains one or more Azure virtual machines.
Select the Location your VMs are deployed to. For additional information, see which regions Log Analytics is available
in.
Incorrect Answers:
B, C: A Log Analytics workspace provides a geographic location for data storage. VM2 and VM3 are at a different
location.
D: VM4 is a different resource group.
References: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/manage-access

QUESTION 4
You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server 2016.
You need to implement a policy to ensure that each virtual machine has a custom antimalware virtual machine
extension installed.
How should you complete the policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Pass4itsure AZ-500 exam questions-q4

Correct Answer:

Pass4itsure AZ-500 exam questions-q4-2

Box 1: DeployIfNotExists
DeployIfNotExists executes a template deployment when the condition is met.
Box 2: Template
The details property of the DeployIfNotExists effects has all the subproperties that define the related resources to match
and the template deployment to execute.
Deployment [required]
This property should include the full template deployment as it would be passed to the Microsoft.Resources/deployment
References:
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects

QUESTION 5
You have an Azure subscription that contains the virtual networks shown in the following table.

Pass4itsure AZ-500 exam questions-q5

The Azure virtual machines on SpokeVNetSubnet0 can communicate with the computers on the on-premises network.
You plan to deploy an Azure firewall to HubVNet.
You create the following two routing tables:
RT1: Includes a user-defined route that points to the private IP address of the Azure firewall as a next hop address RT2:
Disables BGP route propagation and defines the private IP address of the Azure firewall as the default gateway
You need to ensure that traffic between SpokeVNetSubnet0 and the on-premises network flows through the Azure
firewall.
To which subnet should you associate each route table? To answer, drag the appropriate subnets to the correct route
tables. Each subnet may be used once, more than once, or not at all. You may need to drag the split bar between panes
or
scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Pass4itsure AZ-500 exam questions-q5-2

Correct Answer:

Pass4itsure AZ-500 exam questions-q5-3

QUESTION 6
Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant
named contoso.com.
The company develops an application named App1. App1 is registered in Azure AD.
You need to ensure that App1 can access secrets in Azure Key Vault on behalf of the application users.
What should you configure?
A. an application permission without admin consent
B. a delegated permission without admin consent
C. a delegated permission that requires admin consent
D. an application permission that requires admin consent
Correct Answer: B
Delegated permissions – Your client application needs to access the web API as the signed-in user, but with access
limited by the selected permission. This type of permission can be granted by a user unless the permission requires
administrator consent.
Incorrect Answers:
A, D: Application permissions – Your client application needs to access the web API directly as itself (no user context).
This type of permission requires administrator consent and is also not available for public (desktop and mobile) client
applications.
References:
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis

QUESTION 7
You need to configure an access review. The review will be assigned to a new collection of reviews and reviewed by
resource owners.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.
Select and Place:

Pass4itsure AZ-500 exam questions-q7

Correct Answer:

Pass4itsure AZ-500 exam questions-q7-2

Step 1: Create an access review program Step 2: Create an access review control Step 3: Set Reviewers to Group
owners
In the Reviewers section, select either one or more people to review all the users in scope. Or you can select to have
the members review their own access. If the resource is a group, you can ask the group owners to review.

Pass4itsure AZ-500 exam questions-q7-3

References:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review
https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-programs-controls

QUESTION 8
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named
contoso.com.
You are assigned the Global administrator role for the tenant. You are responsible for managing Azure Security Center
settings.
You need to create a custom sensitivity label.
What should you do first?
A. Create a custom sensitive information type.
B. Elevate access for global administrators in Azure AD.
C. Upgrade the pricing tier of the Security Center to Standard.
D. Enable integration with Microsoft Cloud App Security.
Correct Answer: A
First, you need to create a new sensitive information type because you can\\’t directly modify the default rules.
References: https://docs.microsoft.com/en-us/office365/securitycompliance/customize-a-built-in-sensitive-informationtype

QUESTION 9
You need to configure SQLDB1 to meet the data and application requirements.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from
the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Pass4itsure AZ-500 exam questions-q9

Correct Answer:

Pass4itsure AZ-500 exam questions-q9-2

Step 1: Connect to SQLDB1 by using Microsoft SQL Server Management Studio (SSMS)
Step 2: In SQLDB1, create contained database users.
Create a contained user in the database that represents the VM\\’s system-assigned identity.
Step 3: In Azure AD,create a system-assigned managed identity.
A system-assigned identity for a Windows virtual machine (VM) can be used to access an Azure SQL server. Managed
Service Identities are automatically managed by Azure and enable you to authenticate to services that support Azure
AD
authentication, without needing to insert credentials into your code.
References:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-accesssq

QUESTION 10
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure Subscription named Sub1.
You have an Azure Storage account named Sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in Sa1 by using several shared access signatures
(SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to Sa1.
Solution: You generate new SASs.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Instead you should create a new stored access policy.
To revoke a stored access policy, you can either delete it, or rename it by changing the signed identifier. Changing the
signed identifier breaks the associations between any existing signatures and the stored access policy. Deleting or
renaming the stored access policy immediately affects all of the shared access signatures associated with it.
References: https://docs.microsoft.com/en-us/rest/api/storageservices/Establishing-a-Stored-Access-Policy

QUESTION 11
You have an Azure subscription named Sub1.
You create a virtual network that contains one subnet. On the subnet, you provision the virtual machines shown in the
following table.

Pass4itsure AZ-500 exam questions-q11

Currently, you have not provisioned any network security groups (NSGs).
You need to implement network security to meet the following requirements:
Allow traffic to VM4 from VM3 only.
Allow traffic from the Internet to VM1 and VM2 only.
Minimize the number of NSGs and network security rules.
How many NSGs and network security rules should you create? To answer, select the appropriate options in the answer
area.
NOTE: Each correct selection is worth one point.
Hot Area:

Pass4itsure AZ-500 exam questions-q11-2

Correct Answer:

Pass4itsure AZ-500 exam questions-q11-3

NSGs: 2 Network security rules: 3 Not 2: You cannot specify multiple service tags or application groups) in a security
rule.
References: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

QUESTION 12
Exhibit tab.)
You are testing an Azure Kubernetes Service (AKS) cluster. The cluster is configured as shown in the exhibit. (Click the

Pass4itsure AZ-500 exam questions-q12

You plan to deploy the cluster to production. You disable HTTP application routing.
You need to implement application routing that will provide reverse proxy and TLS termination for AKS services by using
a single IP address.
What should you do?
A. Create an AKS Ingress controller.
B. Install the container network interface (CNI) plug-in.
C. Create an Azure Standard Load Balancer.
D. Create an Azure Basic Load Balancer.
Correct Answer: A
An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and TLS termination
for Kubernetes services.
References: https://docs.microsoft.com/en-us/azure/aks/ingress-tls Topic 3, Manage security operations

QUESTION 13
You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as
shown in the following table.

Pass4itsure AZ-500 exam questions-q13

You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6.
Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate
options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Pass4itsure AZ-500 exam questions-q13-2

Correct Answer:

Pass4itsure AZ-500 exam questions-q13-3

Update1: VM1 and VM2 only
VM3: Windows Server 2016 West US RG2
Update2: VM4 and VM5 only
VM6: CentOS 7.5 East US RG1
For Linux, the machine must have access to an update repository. The update repository can be private or public.
References: https://docs.microsoft.com/en-us/azure/automation/automation-update-management

Pass4itsure Discount code 2020

Pass4itsure coupon 2020

Free Microsoft AZ-500 PDF Dumps 2020 https://drive.google.com/open?id=1leSnfyC6H4CqUzKErc3gR-JY0D45DiXx

Microsoft AZ-500 PDF Dumps https://drive.google.com/open?id=17GeyCcZWEXKhRE90O0UtqE2TG48HqSYZ

As far as the Microsoft AZ-500 practice exam questions are concerned https://www.pass4itsure.com/az-500.html is the ideal choice. Good Luck.