microsoft az-500 practice test

Microsoft Azure Security Technologies

Note: Test Case questions are at the end of the exam
Last exam update: Jun 14 ,2024
Page 1 out of 22. Viewing questions 1-15 out of 336

Question 1 Topic 9, Mixed Questions

HOTSPOT
You have an Azure subscription that contains the following resources:
An Azure key vault

An Azure SQL database named Database1

Two Azure App Service web apps named AppSrv1 and AppSrv2 that are configured to use system-assigned managed

identities and access Database1
You need to implement an encryption solution for Database1 that meets the following requirements:
The data in a column named Discount in Database1 must be encrypted so that only AppSrv1 can decrypt the data.


AppSrv1 and AppSrv2 must be authorized by using managed identities to obtain cryptographic keys.
How should you configure the encryption settings for Database1? To answer, select the appropriate options in the answer
area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/always-encrypted-azure-key-vault-configure?tabs=azure-
powershell

Discussions
0 / 1000

Question 2 Topic 9, Mixed Questions

DRAG DROP
You have an Azure subscription.
You plan to create a storage account.
You need to use customer-managed keys to encrypt the tables in the storage account.
From Azure Cloud Shell, which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from
the list of cmdlets to the answer area and arrange them in the correct order.
Select and Place:

Answer:

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-configure-key-vault?tabs=powershell

Discussions
0 / 1000

Question 3 Topic 9, Mixed Questions

You have an Azure subscription that contains an Azure SQL database named sql1.
You plan to audit sql1.
You need to configure the audit log destination. The solution must meet the following requirements:
Support querying events by using the Kusto query language. Minimize administrative effort.


What should you configure?

  • A. an event hub
  • B. a storage account
  • C. a Log Analytics workspace
Answer:

C

User Votes:
A
50%
B
50%
C
50%

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-log-analytics-wizard

Discussions
vote your answer:
A
B
C
0 / 1000

Question 4 Topic 9, Mixed Questions

You have a web app named WebApp1.
You create a web application firewall (WAF) policy named WAF1.
You need to protect WebApp1 by using WAF1.
What should you do first?

  • A. Deploy an Azure Front Door.
  • B. Add an extension to WebApp1.
  • C. Deploy Azure Firewall.
Answer:

A

User Votes:
A
50%
B
50%
C
50%

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/frontdoor/quickstart-create-front-door

Discussions
vote your answer:
A
B
C
0 / 1000

Question 5 Topic 9, Mixed Questions

SIMULATION
You need to ensure that the rg1lod1234578n1 Azure Storage account is encrypted by using a key stored in the
KeyVault12345678 Azure key vault.
To complete this task, sign in to the Azure portal.

Answer:

See the explanation below.

User Votes:

Explanation:
Step 1: To enable customer-managed keys in the Azure portal, follow these steps:
1. Navigate to your storage account rg1lod1234578n1
2. On the Settings blade for the storage account, click Encryption. Select the Use your own key option, as shown in the
following figure.

Step 2: Specify a key from a key vault
To specify a key from a key vault, first make sure that you have a key vault that contains a key. To specify a key from a key
vault, follow these steps:
4. Choose the Select from Key Vault option.
5. Choose the key vault KeyVault1234578 containing the key you want to use.
6. Choose the key from the key vault.

Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-encryption-keys-portal

Discussions
vote your answer:
0 / 1000

Question 6 Topic 9, Mixed Questions

DRAG DROP
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains a user named
User1.
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com. The
tenant contains an Azure Storage account named storage1. Storage1 contains an Azure file share named share1.
Currently, the domain and the tenant are not integrated.
You need to ensure that User1 can access share1 by using his domain credentials.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the
answer area and arrange them in the correct order.
Select and Place:

Answer:

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-enable

Discussions
0 / 1000

Question 7 Topic 9, Mixed Questions

SIMULATION
You need to prevent HTTP connections to the rg1lod1234578n1 Azure Storage account.
To complete this task, sign in to the Azure portal.

Answer:

See the explanation below.

User Votes:

Explanation:
The "Secure transfer required" feature is now supported in Azure Storage account. This feature enhances the security of
your storage account by enforcing all requests to your account through a secure connection. This feature is disabled by
default.
1. In Azure Portal select you Azure Storage account rg1lod12345678n1.
2. Select Configuration, and Secure Transfer required.

Reference:
https://techcommunity.microsoft.com/t5/Azure/quot-Secure-transfer-required-quot-is-available-in-Azure-Storage/m-p/82475

Discussions
vote your answer:
0 / 1000

Question 8 Topic 9, Mixed Questions

HOTSPOT
You have an Azure Active Directory (Azure AD) tenant named contoso1812.onmicrosoft.com that contains the users shown
in the following table.

You create an Azure Information Protection label named Label1. The Protection settings for Label1 are configured as shown
in the exhibit. (Click the Exhibit tab.)

Label1 is applied to a file named File1.
For each of the following statements, select Yes if the statement is true, Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Discussions
0 / 1000

Question 9 Topic 9, Mixed Questions

HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.

User1 is a member of Group1. Group1 and User2 are assigned the Key Vault Contributor role for Vault1.
On January 1, 2019, you create a secret in Vault1. The secret is configured as shown in the exhibit. (Click the Exhibit tab.)

User2 is assigned an access policy to Vault1. The policy has the following configurations:
Key Management Operations: Get, List, and Restore

Cryptographic Operations: Decrypt and Unwrap Key

Secret Management Operations: Get, List, and Restore

Group1 is assigned an access policy to Vault1. The policy has the following configurations:
Key Management Operations: Get and Recover

Secret Management Operations: List, Backup, and Recover

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Discussions
0 / 1000

Question 10 Topic 9, Mixed Questions

You have an Azure subscription named Sub1 that contains the Azure key vaults shown in the following table:

In Sub1, you create a virtual machine that has the following configurations:
Name: VM1

Size: DS2v2

Resource group: RG1

Region: West Europe

Operating system: Windows Server 2016

You plan to enable Azure Disk Encryption on VM1.
In which key vaults can you store the encryption key for VM1?

  • A. Vault1 or Vault3 only
  • B. Vault1, Vault2, Vault3, or Vault4
  • C. Vault1 only
  • D. Vault1 or Vault2 only
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
In order to make sure the encryption secrets dont cross regional boundaries, Azure Disk Encryption needs the Key Vault
and the VMs to be co-located in the same region. Create and use a Key Vault that is in the same region as the VM to be
encrypted.
Reference:
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-prerequisites

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11 Topic 9, Mixed Questions

You have an Azure subscription named Sub1 that contains the resources shown in the following table.

You need to ensure that you can provide VM1 with secure access to a database on SQL1 by using a contained database
user.
What should you do?

  • A. Enable a managed identity on VM1.
  • B. Create a secret in KV1.
  • C. Configure a service endpoint on SQL1.
  • D. Create a key in KV1.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12 Topic 9, Mixed Questions

You have an Azure subscription that contains a virtual machine named VM1.
You create an Azure key vault that has the following configurations:
Name: Vault5

Region: West US

Resource group: RG1

You need to use Vault5 to enable Azure Disk Encryption on VM1. The solution must support backing up VM1 by using Azure
Backup.
Which key vault settings should you configure?

  • A. Access policies
  • B. Secrets
  • C. Keys
  • D. Locks
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13 Topic 9, Mixed Questions

DRAG DROP
You have an Azure subscription named Sub1. Sub1 contains an Azure virtual machine named VM1 that runs Windows
Server 2016.
You need to encrypt VM1 disks by using Azure Disk Encryption.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the
answer area and arrange them in the correct order.
Select and Place:

Answer:

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/encrypt-disks

Discussions
0 / 1000

Question 14 Topic 9, Mixed Questions

You have an Azure subscription that contains four Azure SQL managed instances.
You need to evaluate the vulnerability of the managed instances to SQL injection attacks.
What should you do first?

  • A. Create an Azure Sentinel workspace.
  • B. Enable Advanced Data Security.
  • C. Add the SQL Health Check solution to Azure Monitor.
  • D. Create an Azure Advanced Threat Protection (ATP) instance.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15 Topic 9, Mixed Questions

HOTSPOT
You have an Azure subscription that contains an Azure key vault named ContosoKey1.
You create users and assign them roles as shown in the following table.

You need to identify which users can perform the following actions:
Delegate permissions for ContosoKey1.

Configure network access to ContosoKey1.

Which users should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Explanation:
Reference: https://docs.microsoft.com/en-gb/azure/key-vault/general/rbac-guide

Discussions
0 / 1000
To page 2