Latest Microsoft Azure Security AZ-500 Exam Question, 100% free

Vcekey provides stable and reliable Azure dumps for all Microsoft modules. Pass our latest update dump and pass any Microsoft exam. The best price (12% off) for buying az-500 exam questions pdf + dumps. https://www.pass4itsure.com/az-500.html Is a trusted company that provides online, real, real and real Microsoft dumps.

Real AZ-500 Exam Questions with 100% Money back Guarantee.

Free AZ-500 Exam PDF Dumps https://drive.google.com/open?id=1leSnfyC6H4CqUzKErc3gR-JY0D45DiXx

Exam AZ-500: Microsoft Azure Security Technologies

manage identity and access;
implement platform protection;
manage security operations;
and secure data and applications.

https://docs.microsoft.com/en-us/learn/certifications/exams/az-500

Microsoft AZ-500 Practice Exams Dumps Question Answers

Listed below are question answers in the AZ-500 eaxm:

QUESTION 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure Subscription named Sub1.
You have an Azure Storage account named Sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in Sa1 by using several shared access signatures
(SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to Sa1.
Solution: You generate new SASs.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Instead you should create a new stored access policy.
To revoke a stored access policy, you can either delete it, or rename it by changing the signed identifier. Changing the
signed identifier breaks the associations between any existing signatures and the stored access policy. Deleting or
renaming the stored access policy immediately affects all of the shared access signatures associated with it.
References: https://docs.microsoft.com/en-us/rest/api/storageservices/Establishing-a-Stored-Access-Policy

QUESTION 2
Your company uses Azure DevOps.
You need to recommend a method to validate whether the code meets the company\\’s quality standards and code
review standards.
What should you recommend implementing in Azure DevOps?
A. branch folders
B. branch permissions
C. branch policies
D. branch locking
Correct Answer: C
Branch policies help teams protect their important branches of development. Policies enforce your team\\’s code quality
and change management standards.
References: https://docs.microsoft.com/en-us/azure/devops/repos/git/branch-policies?view=azuredevopsandviewFallbackFrom=vsts

QUESTION 3
You plan to use Azure Log Analytics to collect logs from 200 servers that run Windows Server 2016.
You need to automate the deployment of the Microsoft Monitoring Agent to all the servers by using an Azure Resource
Manager template.
How should you complete the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

vcekey az-500 exam questions-q3

Correct Answer:

vcekey az-500 exam questions-q3-2

QUESTION 4
Your company plans to create separate subscriptions for each department. Each subscription will be associated to the
same Azure Active Directory (Azure AD) tenant.
You need to configure each subscription to have the same role assignments. What should you use?
A. Azure Security Center
B. Azure Policy
C. Azure AD Privileged Identity Management (PIM)
D. Azure Blueprints
Correct Answer: D
Just as a blueprint allows an engineer or an architect to sketch a project\\’s design parameters, Azure Blueprints
enables cloud architects and central information technology groups to define a repeatable set of Azure resources that
implements and adheres to an organization\\’s standards, patterns, and requirements.
Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such
as: Role Assignments Policy Assignments Azure Resource Manager templates Resource Groups
Reference: https://docs.microsoft.com/en-us/azure/governance/blueprints/overview

QUESTION 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have a hybrid configuration of Azure Active Directory (Azure AD).
You have an Azure HDInsight cluster on a virtual network.
You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.
You need to configure the environment to support the planned authentication.
Solution: You deploy Azure Active Directory Domain Services (Azure AD DS) to the Azure subscription.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Instead, you connect HDInsight to your on-premises network by using Azure Virtual Networks and a VPN gateway.
Note: To allow HDInsight and resources in the joined network to communicate by name, you must perform the following
actions:
Create Azure Virtual Network.
Create a custom DNS server in the Azure Virtual Network.
Configure the virtual network to use the custom DNS server instead of the default Azure Recursive Resolver.
Configure forwarding between the custom DNS server and your on-premises DNS server.
References:
https://docs.microsoft.com/en-us/azure/hdinsight/connect-on-premises-network

QUESTION 6
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure Subscription. The subscription contains 50 virtual machines that run Windows Server 2012 R2 or
Windows Server 2016.
You need to deploy Microsoft Antimalware to the virtual machines.
Solution: You add an extension to each virtual machine.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
You can use Visual Studio to enable and configure the Microsoft Antimalware service. This entails selecting Microsoft
Antimalware extension from the dropdown list under Installed Extensions and click Add to configure with default
antimalware configuration.
References: https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware

QUESTION 7
You have an Azure subscription that contains 100 virtual machines. Azure Diagnostics is enabled on all the virtual
machines.
You are planning the monitoring of Azure services in the subscription.
You need to retrieve the following details:
Identify the user who deleted a virtual machine three weeks ago.
Query the security events of a virtual machine that runs Windows Server 2016.
What should you use in Azure Monitor? To answer, drag the appropriate configuration settings to the correct details.
Each configuration setting may be used once, more than once, or not at all. You may need to drag the split bar between
panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

vcekey az-500 exam questions-q7

Correct Answer:

vcekey az-500 exam questions-q7-2

QUESTION 8
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com.
The company is developing an application named App1. App1 will run as a service on server that runs Windows Server
2016. App1 will authenticate to contoso.com and access Microsoft Graph to read directory data.
You need to delegate the minimum required permissions to App1.
Which three actions should you perform in sequence from the Azure portal? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

vcekey az-500 exam questions-q8

Correct Answer:

vcekey az-500 exam questions-q8-2

Step 1: Create an app registration
First the application must be created/registered.
Step 2: Add an application permission
Application permissions are used by apps that run without a signed-in user present.
Step 3: Grant permissions
Incorrect Answers:
Delegated permission
Delegated permissions are used by apps that have a signed-in user present.
Application Proxy: Azure Active Directory\\’s Application Proxy provides secure remote access to on-premises web applications.
References:
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent

QUESTION 9
You need to create Role1 to meet the platform protection requirements.
How should you complete the role definition of Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

vcekey az-500 exam questions-q9

Correct Answer:

vcekey az-500 exam questions-q9-2

Scenario: A new custom RBAC role named Role1 must be used to delegate the administration of the managed disks in
Resource Group1. Role1 must be available only for Resource Group1.
Azure RBAC template managed disks “Microsoft.Storage/”
References:
https://blogs.msdn.microsoft.com/azureedu/2017/02/11/new-managed-disk-storage-option-for-your-azure-vms/

QUESTION 10
You need to ensure that you can meet the security operations requirements. What should you do first?
A. Turn on Auto Provisioning in Security Center.
B. Integrate Security Center and Microsoft Cloud App Security.
C. Upgrade the pricing tier of Security Center to Standard.
D. Modify the Security Center workspace configuration.
Correct Answer: C
  The Standard tier extends the capabilities of the Free tier to workloads running in private and other public clouds,
providing unified security management and threat protection across your hybrid cloud workloads. The Standard tier also
adds
advanced threat detection capabilities, which uses built-in behavioral analytics and machine learning to identify attacks
and zero-day exploits, access and application controls to reduce exposure to network attacks and malware, and more.
Scenario: Security Operations Requirements
Litware must be able to customize the operating system security configurations in Azure Security Center.
References:
https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing

QUESTION 11
You create resources in an Azure subscription as shown in the following table.

vcekey az-500 exam questions-q11

VNET1 contains two subnets named Subnet1 and Subnet2. Subnet1 has a network ID of 10.0.0.0/24. Subnet2 has a
network ID of 10.1.1.0/24. Contoso1901 is configured as shown in the exhibit. (Click the Exhibit tab.)

vcekey az-500 exam questions-q11-2

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.
Hot Area:

vcekey az-500 exam questions-q11-3

Correct Answer:

vcekey az-500 exam questions-q11-4

Box 1: Yes
Access from Subnet1 is allowed.
Box 2: No
No access from Subnet2 is allowed.
Box 3: Yes
Access from IP address 193.77.10.2 is allowed

QUESTION 12
You create a new Azure subscription that is associated to a new Azure Active Directory (Azure AD) tenant.
You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the
Microsoft Azure Management cloud app.
The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.)

vcekey az-500 exam questions-q12

The Grant settings for Portal Policy are configured as shown in the Grant exhibit. (Click the Grant tab.)

vcekey az-301 exam questions-q12-2

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.
Hot Area:

vcekey az-500 exam questions-q12-3

Correct Answer:

vcekey az-500 exam questions-q12-4

Box 1: No The Contoso location is excluded
Box 2: Yes
Box 3: Yes Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

QUESTION 13
You have an Azure web app named webapp1.
You need to configure continuous deployment for webapp1 by using an Azure Repo.
What should you create first?
A. an Azure Application Insights service
B. an Azure DevOps organizations
C. an Azure Storage account
D. an Azure DevTest Labs lab
Correct Answer: B
To use Azure Repos, make sure your Azure DevOps organization is linked to your Azure subscription.
Reference: https://docs.microsoft.com/en-us/azure/app-service/deploy-continuous-deployment

Get Updated Microsoft Azure AZ-301 Exam Dumps — Study Tips For Success

[2020] Pass4itsure discount code

Pass4itsure-discount-code-2020

Free AZ-500 Exam PDF Dumps https://drive.google.com/open?id=1leSnfyC6H4CqUzKErc3gR-JY0D45DiXx

Pass Microsoft Azure az-500 Exam with authentic az-500 exam dumps.Free latest shared az-500 dumps,az-500 video,exam practice questions.For more complete dumps, https://www.pass4itsure.com/az-500.html use the discount code “2020PASS” to get a 12% discount.