microsoft az-500 online test

Microsoft Azure Security Technologies

What students need to know about the az-500 exam

  • Total 336 Questions & Answers
  • Has case studies
  • Passing score: 700

Question 1 Topic 1, Case Study 1Case Study Question View Case

You need to meet the identity and access requirements for Group1.
What should you do?

  • A. Add a membership rule to Group1.
  • B. Delete Group1. Create a new group named Group1 that has a group type of Microsoft 365. Add users and devices to the group.
  • C. Modify the membership rule of Group1.
  • D. Change the membership type of Group1 to Assigned. Create two groups that have dynamic memberships. Add the new groups to Group1.
Answer:

D

Explanation:
When you create dynamic groups, they can either contain users or devices. Hence here we need to create two separate
dynamic groups and assign those groups to an Assigned group.
Incorrect Answers:
A, C: You can create a dynamic group for devices or users, but you can't create a rule that contains both users and devices.
Scenario:
Litware identifies the following identity and access requirements: All San Francisco users and their devices must be
members of Group1. The tenant currently contains this group:

Reference: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal

Discussions

Question 2 Topic 1, Case Study 1Case Study Question View Case

HOTSPOT
You need to ensure that the Azure AD application registration and consent configurations meet the identity and access
requirements.
What should you use in the Azure portal? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-user-consent
Manage identity and access

Discussions

Question 3 Topic 2, Case Study 2Case Study Question View Case

DRAG DROP
You need to perform the planned changes for OU2 and User1.
Which tools should you use? To answer, drag the appropriate tools to the correct resources. Each tool may be used once,
more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Answer:

Discussions

Question 4 Topic 2, Case Study 2Case Study Question View Case

You need to meet the technical requirements for the finance department users.
Which CAPolicy1 settings should you modify?

  • A. Cloud apps or actions
  • B. Conditions
  • C. Grant
  • D. Session
Answer:

D

Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-
lifetime

Discussions

Question 5 Topic 2, Case Study 2Case Study Question View Case

HOTSPOT
You need to delegate the creation of RG2 and the management of permissions for RG1.
Which users can perform each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Explanation:
Box 1: Admin3 only
The Contributor role has the necessary write permissions to create the resource group.
Box 2: Admin4 only
You need Owner level access to be able to manage permissions. The Contributor role can do most things but cannot modify
permissions on existing objects.

Discussions

Question 6 Topic 3, Case Study 3Case Study Question View Case

You plan to configure Azure Disk Encryption for VM4.
Which key vault can you use to store the encryption key?

  • A. KeyVault1
  • B. KeyVault2
  • C. KeyVault3
Answer:

A

Explanation:
The key vault needs to be in the same subscription and same region as the VM.
VM4 is in West US. KeyVault1 is the only key vault in the same region as the VM.
Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault

Discussions

Question 7 Topic 3, Case Study 3Case Study Question View Case

You need to encrypt storage1 to meet the technical requirements.
Which key vaults can you use?

  • A. KeyVault2 and KeyVault3 only
  • B. KeyVault1 only
  • C. KeyVault1 and KeyVault3 only
  • D. KeyVault1, KeyVault2, and KeyVault3
Answer:

B

Explanation:
The storage account and the key vault must be in the same region and in the same Azure Active Directory (Azure AD)
tenant, but they can be in different subscriptions. Storage1 is in the West US region. KeyVault1 is the only key vault in the
same region.
Reference: https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview

Discussions

Question 8 Topic 3, Case Study 3Case Study Question View Case

HOTSPOT
You implement the planned changes for ASG1 and ASG2.
In which NSGs can you use ASG1, and the network interfaces of which virtual machines can you assign to ASG2?
Hot Area:

Answer:

Discussions

Question 9 Topic 3, Case Study 3Case Study Question View Case

You plan to implement JIT VM access.
Which virtual machines will be supported?

  • A. VM2, VM3, and VM4 only
  • B. VM1, VM2, VM3, and VM4
  • C. VM1 and VM3 only
  • D. VM1 only
Answer:

C

Discussions

Question 10 Topic 4, Case Study 4Case Study Question View Case

DRAG DROP
You need to deploy AKS1 to meet the platform protection requirements.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the
answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Select and Place:

Answer:

Explanation:
Scenario: Azure AD users must be to authenticate to AKS1 by using their Azure AD credentials. Litewire plans to deploy
AKS1, which is a managed AKS (Azure Kubernetes Services) cluster.
Step 1: Create a server application
To provide Azure AD authentication for an AKS cluster, two Azure AD applications are created. The first application is a
server component that provides user authentication.
Step 2: Create a client application
The second application is a client component that's used when you're prompted by the CLI for authentication. This client
application uses the server application for the actual authentication of the credentials provided by the client.
Step 3: Deploy an AKS cluster.
Use the az group create command to create a resource group for the AKS cluster. Use the az aks create command to deploy
the AKS cluster.
Step 4: Create an RBAC binding.
Before you use an Azure Active Directory account with an AKS cluster, you must create role-binding or cluster role-binding.
Roles define the permissions to grant, and bindings apply them to desired users. These assignments can be applied to a
given namespace, or across the entire cluster.
Reference:
https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration

Discussions
To page 2