AZ-500 Dumps Free Test Engine Player Verified Updated [Jul 30, 2022]

Q&As with Explanations Verified & Correct Answers

Certification Path of Microsoft AZ-500 Exam

The Microsoft AZ-500 exam is the stepping stone to Azure Security Architect certification. So trying this exam is really helpful in building your career in cloud security. Digital certification provides valuable information about the target market for this certification. Head down toward the path of certifications provided by Microsoft and choose right certification for yourself. Resources from the Microsoft institute is really beneficial for the preparation of this exam. Complete Microsoft Security Architect Certification path in 4 simple steps. Reference the information provided by the Microsoft institute for this exam. Microsoft AZ-500 certification path starts with AZ-500 exam. Peoples who have the AZ-500 exam certification are extremely valuable in the market. Microsoft AZ-500 exam dumps are designed to prepare the candidates for this exam. Task based learning will help you master the material for the exam. Displayed questions and answers with explanations will help you master the content for this exam. Tough questions and answers for AZ-500 will help you master the information for this exam.

Marks for the AZ-500 exam are designed to be high. Interactive format of exam AZ-500 is a great feature. Posture of Microsoft AZ-500 exam material is designed to be rewarding. Reach the high score and land a huge salary by scoring above 80% in the AZ-500 exam. Uncertified people are waiting to take the AZ-500 exam. Position of candidates who pass Microsoft AZ-500 exam is very high. Objects of this exam are difficult to achieve without the study material. Individuals who pass the AZ-500 exam are highly desirable in the market. Sections of the AZ-500 exam are conveniently labeled.

For more info visit:

Microsoft AZ-500 Exam Reference

 

NEW QUESTION 109
You need to ensure that the Azure AD application registration and consent configurations meet the identity and access requirements.
What should you use in the Azure portal? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-user-consent

 

NEW QUESTION 110
You need to ensure that the Azure AD application registration and consent configurations meet the identity and access requirements.
What should you use in the Azure portal? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-user-consent

 

NEW QUESTION 111
You need to create an Azure key vault. The solution must ensure that any object deleted from the key vault be retained for 90 days.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: -EnablePurgeProtection
If specified, protection against immediate deletion is enabled for this vault; requires soft delete to be enabled as well.
Box 2: -EnableSoftDelete
Specifies that the soft-delete functionality is enabled for this key vault. When soft-delete is enabled, for a grace period, you can recover this key vault and its contents after it is deleted.
References:
https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/new-azurermkeyvault

 

NEW QUESTION 112
You need to deploy an Azure firewall to a virtual network named VNET3.
To complete this task, sign in to the Azure portal and modify the Azure resources.
This task might take several minutes to complete. You can perform other tasks while the task completes.

Answer:

Explanation:
See the explanation below.
Explanation
To add an Azure firewall to a VNET, the VNET must first be configured with a subnet named AzureFirewallSubnet (if it doesn't already exist).
Configure VNET3.
* In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET3. Alternatively, browse to Virtual Networks in the left navigation pane.
* In the Overview section, note the Location (region) and Resource Group of the virtual network. We'll need these when we add the firewall.
* Click on Subnets.
* Click on + Subnet to add a new subnet.
* Enter AzureFirewallSubnet in the Name box. The subnet must be named AzureFirewallSubnet.
* Enter an appropriate IP range for the subnet in the Address range box.
* Click the OK button to create the subnet.
Add the Azure Firewall.
* In the settings of VNET3 click on Firewall.
* Click the Click here to add a new firewall link.
* The Resource group will default to the VNET3 resource group. Leave this default.
* Enter a name for the firewall in the Name box.
* In the Region box, select the same region as VNET3.
* In the Public IP address box, select an available public IP address if one exists, or click Add new to add
* a new public IP address.
* Click the Review + create button.
* Review the settings and click the Create button to create the firewall.
Reference:
https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal

 

NEW QUESTION 113
You need to ensure that you can meet the security operations requirements.
What should you do first?

• A. Modify the Security Center workspace configuration.
• B. Upgrade the pricing tier of Security Center to Standard.
• C. Integrate Security Center and Microsoft Cloud App Security.
• D. Turn on Auto Provisioning in Security Center.

Answer: B

Explanation:
Explanation
The Standard tier extends the capabilities of the Free tier to workloads running in private and other public clouds, providing unified security management and threat protection across your hybrid cloud workloads. The Standard tier also adds advanced threat detection capabilities, which uses built-in behavioral analytics and machine learning to identify attacks and zero-day exploits, access and application controls to reduce exposure to network attacks and malware, and more.
Scenario: Security Operations Requirements
Litware must be able to customize the operating system security configurations in Azure Security Center.
References:
https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing

 

NEW QUESTION 114
You have the Azure virtual networks shown in the following table.

You have the Azure virtual machines shown in the following table.

The firewalls on all the virtual machines allow ping traffic.
NSG1 is configured as shown in the following exhibit.
Inbound security rules

Outbound security rules

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: Yes
VM1 and VM3 are on peered VNets. The firewall rules with a source of ASG1 and ASG2 allow 'any' traffic on 'any' protocol so pings are allowed between VM1 and VM3.
Box 2: No
VM2 and VM4 are on separate VNets and the VNets are not peered. Therefore, the pings would have to go over the Internet. VM4 does have a public IP and the firewall allows pings. However, for VM2 to be able to ping VM4, VM2 would also need a public IP address. In Azure, pings don't go out through the default gateway as they would in a physical network. For an Azure VM to ping external IPs, the VM must have a public IP address assigned to it.
Box 3: Yes
VM3 has a public IP address and the firewall allows traffic on port 3389.

 

NEW QUESTION 115
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.
After syncing all on-premises identities to Azure AD, you are informed that users with a givenName attribute starting with LAB should not be allowed to sync to Azure AD.
Which of the following actions should you take?

• A. You should configure a DNAT rule on the Firewall.
• B. You should make use of Active Directory Users and Computers to create an attribute-based filtering rule.
• C. You should make use of the Synchronization Rules Editor to create an attribute-based filtering rule.
• D. You should configure a network traffic filtering rule on the Firewall.

Answer: C

Explanation:
Use the Synchronization Rules Editor and write attribute-based filtering rule.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-change-the-configuration

 

NEW QUESTION 116
You need to ensure that you can meet the security operations requirements.
What should you do first?

• A. Modify the Security Center workspace configuration.
• B. Upgrade the pricing tier of Security Center to Standard.
• C. Integrate Security Center and Microsoft Cloud App Security.
• D. Turn on Auto Provisioning in Security Center.

Answer: B

Explanation:
Explanation/Reference:
Explanation:
The Standard tier extends the capabilities of the Free tier to workloads running in private and other public
clouds, providing unified security management and threat protection across your hybrid cloud workloads.
The Standard tier also adds advanced threat detection capabilities, which uses built-in behavioral analytics
and machine learning to identify attacks and zero-day exploits, access and application controls to reduce
exposure to network attacks and malware, and more.
Scenario: Security Operations Requirements
Litware must be able to customize the operating system security configurations in Azure Security Center.
References:
https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing
Question Set 3

 

NEW QUESTION 117
You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server
2016.
You need to implement a policy to ensure that each virtual machine has a custom antimalware virtual machine extension installed.
How should you complete the policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: DeployIfNotExists
DeployIfNotExists executes a template deployment when the condition is met.
Box 2: Template
The details property of the DeployIfNotExists effects has all the subproperties that define the related resources to match and the template deployment to execute.
Deployment [required]
This property should include the full template deployment as it would be passed to the Microsoft.Resources/deployment References:
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects

 

NEW QUESTION 118
You have an Azure subscription named Sub1.
You have an Azure Active Directory (Azure AD) group named Group1 that contains all the members of your IT team.
You need to ensure that the members of Group1 can stop, start, and restart the Azure virtual machines in Sub1. The solution must use the principle of least privilege.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Reference:
https://www.petri.com/cloud-security-create-custom-rbac-role-microsoft-azure

 

NEW QUESTION 119
You need to meet the technical requirements for VNetwork1.
What should you do first?

• A. Create a new subnet on VNetwork1.
• B. Remove the NSGs from Subnet11 and Subnet13.
• C. Associate an NSG to Subnet12.
• D. Configure DDoS protection for VNetwork1.
  https://www.fast2test.com/AZ-500-practice-test.html 36
  Valid Fast2test AZ-500 Exam PDF Dumps - New AZ-500 Real Exam Questions

Answer: A

Explanation:
From scenario: Deploy Azure Firewall to VNetwork1 in Sub2.
Azure firewall needs a dedicated subnet named AzureFirewallSubnet.
References:
https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal
https://www.fast2test.com/AZ-500-practice-test.html 37
Valid Fast2test AZ-500 Exam PDF Dumps - New AZ-500 Real Exam Questions
Implement platform protection
Question Set 3

 

NEW QUESTION 120
You have a file named File1.yaml that contains the following contents.

You create an Azure container instance named container1 by using File1.yaml.
You need to identify where you can access the values of Variable1 and Variable2.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Reference:
https://docs.microsoft.com/en-us/azure/container-instances/container-instances-environment-variables

 

NEW QUESTION 121
You need to ensure that the Azure AD application registration and consent configurations meet the identity and access requirements.
What should you use in the Azure portal? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-user-consent

 

NEW QUESTION 122
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Subscription named Sub1. Sub1 contains an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to encrypt VM1 disks by using Azure Disk Encryption.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/encrypt-disks

 

NEW QUESTION 123
You have an Azure subscription that contains the virtual networks shown in the following table.

The Azure virtual machines on SpokeVNetSubnet0 can communicate with the computers on the on-premises network.
You plan to deploy an Azure firewall to HubVNet.
You create the following two routing tables:
* RT1: Includes a user-defined route that points to the private IP address of the Azure firewall as a next hop address
* RT2: Disables BGP route propagation and defines the private IP address of the Azure firewall as the default gateway You need to ensure that traffic between SpokeVNetSubnet0 and the on-premises network flows through the Azure firewall.
To which subnet should you associate each route table? To answer, drag the appropriate subnets to the correct route tables. Each subnet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

 

NEW QUESTION 124
You need to configure an access review. The review will be assigned to a new collection of reviews and reviewed by resource owners.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Explanation

Step 1: Create an access review program
Step 2: Create an access review control
Step 3: Set Reviewers to Group owners
In the Reviewers section, select either one or more people to review all the users in scope. Or you can select to have the members review their own access. If the resource is a group, you can ask the group owners to review.

References:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review
https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-programs-controls

 

NEW QUESTION 125
SIMULATION
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username: [email protected]
Azure Password: Ag1Bh9!#Bd
The following information is for technical support purposes only:
Lab Instance: 10598168




The developers at your company plan to create a web app named App10598168 and to publish the app to https://www.contoso.com.
You need to perform the following tasks:
* Ensure that App10598168 is registered to Azure Active Directory (Azure AD).
* Generate a password for App10598168.
To complete this task, sign in to the Azure portal.

• A. Step 1: Register the Application
  1. Sign in to your Azure Account through the Azure portal.
  2. Select Azure Active Directory.
  3. Select App registrations.
  4. Select New registration.
  
  6. Click Register
  Step 2: Create a new application secret
  If you choose not to use a certificate, you can create a new application secret.
  7 Select Certificates & secrets.
  8. Select Client secrets -> New client secret.
  9. Provide a description of the secret, and a duration. When done, select Add.
  After saving the client secret, the value of the client secret is displayed. Copy this value because you aren't able to retrieve the key later. You provide the key value with the application ID to sign in as the application. Store the key value where your application can retrieve it.
• B. Step 1: Register the Application
  1. Sign in to your Azure Account through the Azure portal.
  2. Select Azure Active Directory.
  3. Select App registrations.
  4. Select New registration.
  5. Name the application App10598168 . Select a supported account type, which determines who can use the application. Under Redirect URI, select Web for the type of application you want to create. Enter the URI: https://www.contoso.com , where the access token is sent to.
  6. Click Register
  Step 2: Create a new application secret
  If you choose not to use a certificate, you can create a new application secret.
  7 Select Certificates & secrets.
  8. Select Client secrets -> New client secret.
  9. Provide a description of the secret, and a duration. When done, select Add.
  After saving the client secret, the value of the client secret is displayed. Copy this value because you aren't able to retrieve the key later. You provide the key value with the application ID to sign in as the application. Store the key value where your application can retrieve it.

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal

 

NEW QUESTION 126
You have an Azure web app named webapp1.
You need to configure continuous deployment for webapp1 by using an Azure Repo.
What should you create first?

• A. an Azure Application Insights service
• B. an Azure DevOps organization
• C. an Azure DevTest Labs lab
• D. an Azure Storage account

Answer: B

 

NEW QUESTION 127
......

Microsoft AZ-500 Exam Syllabus Topics:

Topic	Details
Manage identity and access (30-35%)
Manage Azure Active Directory identities	- configure security for service principals - manage Azure AD directory groups - manage Azure AD users - manage administrative units - configure password writeback - configure authentication methods including password hash and Pass Through Authentication (PTA), OAuth, and passwordless - transfer Azure subscriptions between Azure AD tenants
Configure secure access by using Azure AD	- monitor privileged access for Azure AD Privileged Identity Management (PIM) - configure Access Reviews - Configure PIM - implement Conditional Access policies including Multi-Factor Authentication (MFA) - configure Azure AD identity protection
Manage application access	- create App Registration - configure App Registration permission scopes - manage App Registration permission consent - manage API access to Azure subscriptions and resources
Manage access control	- configure subscription and resource permissions - configure resource group permissions - configure custom RBAC roles - identify the appropriate role apply principle of least privilege - interpret permissions check access
Implement platform protection (15-20%)
Implement advanced network security	- secure the connectivity of virtual networks (VPN authentication, Express Route encryption) - configure Network Security Groups (NSGs) and Application Security Groups (ASGs) - create and configure Azure Firewall - implement Azure Firewall Manager - configure Azure Front Door service as an Application Gateway - configure a Web Application Firewall (WAF) on Azure Application Gateway - configure Azure Bastion - configure a firewall on a storage account, Azure SQL, KeyVault, or App Service - implement Service Endpoints - implement DDoS protection
Configure advanced security for compute	- configure endpoint protection - configure and monitor system updates for VMs - configure authentication for Azure Container Registry - configure security for different types of containers implement vulnerability management configure isolation for AKS configure security for container registry - implement Azure Disk Encryption - configure authentication and security for Azure App Service configure SSL/TLS certs configure authentication for Azure Kubernetes Service configure automatic updates
Manage security operations (25-30%)
Monitor security by using Azure Monitor	- create and customize alerts - monitor security logs by using Azure Monitor - configure diagnostic logging and log retention
Monitor security by using Azure Security Center	- evaluate vulnerability scans from Azure Security Center - configure Just in Time VM access by using Azure Security Center - configure centralized policy management by using Azure Security Center - configure compliance policies and evaluate for compliance by using Azure Security Center - configure workflow automation by using Azure Security Center
Monitor security by using Azure Sentinel	- create and customize alerts - configure data sources to Azure Sentinel - evaluate results from Azure Sentinel - configure a playbook
Configure security policies	- configure security settings by using Azure Policy - configure security settings by using Azure Blueprint

 

Verified AZ-500 dumps Q&As Latest AZ-500 Download: https://prepaway.dumptorrent.com/AZ-500-braindumps-torrent.html