AZ-500 : Microsoft Azure Security Technologies 2024 Exam

AZ-500 Dumps
AZ-500 Braindumps
AZ-500 Real Questions
AZ-500 Practice Test
AZ-500 Actual Questions


Microsoft
AZ-500
Microsoft Azure Security Technologies 2023
https://killexams.com/pass4sure/exam-detail/AZ-500

Question: 114
You have an Azure web app named webapp1.
You need to configure continuous deployment for webapp1 by using an Azure Repo.
What should you create first?
A. an Azure Application Insights service
B. an Azure DevOps organization
C. an Azure Storage account
D. an Azure DevTest Labs lab
Answer: B
Question: 115
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
In Azure AD Privileged Identity Management (PIM), the Role settings for the Contributor role are configured as
shown in the exhibit. (Click the Exhibit tab.)




You assign users the Contributor role on May 1, 2019 as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.


Answer:

Explanation:
References: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-
roles-assign-roles
Question: 116
CORRECT TEXT
You plan to connect several Windows servers to the WS11641655 Azure Log Analytics workspace.
You need to ensure that the events in the System event logs are collected automatically to the workspace after you
connect the Windows servers.
To complete this task, sign in to the Azure portal and modify the Azure resources.
Answer: Azure Monitor can collect events from the Windows event logs or Linux Syslog and performance counters
that you specify for longer term analysis and reporting, and take action when a particular condition is detected. Follow
these steps to configure collection of events from the Windows system log and Linux Syslog, and several common
performance counters to start with.
Data collection from Windows VM
Question: 117
You have 10 virtual machines on a single subnet that has a single network security group (NSG).
You need to log the network traffic to an Azure Storage account.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct
selection is worth one point.
A. Install the Network Performance Monitor solution.
B. Enable Azure Network Watcher.
C. Enable diagnostic logging for the NS
E. Enable NSG flow logs.
F. Create an Azure Log Analytics workspace.
Answer: B,D
Explanation:
A network security group (NSG) enables you to filter inbound traffic to, and outbound traffic from, a virtual machine
(VM). You can log network traffic that flows through an NSG with Network Watcher’s NSG flow log capability.
Steps include:
Create a VM with a network security group
Enable Network Watcher and register the Microsoft. Insights provider
Enable a traffic flow log for an NSG, using Network Watcher’s NSG flow log capability
Download logged data
View logged data
Reference: https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal
Question: 118
You have an Azure Active Din-dory (Azure AD) tenant named contoso.com that contains a user named User1.
You plan to publish several apps in the tenant.
You need to ensure that User1 can grant admin consent for the published apps.
Which two possible user roles can you assign to User! to achieve this goal? Each correct answer presents a complete
solution. NOTE: Each correct selection is worth one point.
A. Application developer
B. Security administrator
C. Application administrator
D. User administrator
E. Cloud application administrator
Answer: C,E
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent
Question: 119
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.
When a developer attempts to register an app named App1 in the tenant, the developer receives the error message
shown in the following exhibit.



You need to ensure that the developer can register App1 in the tenant.
What should you do for the tenant?
A. Modify the User settings
B. Set Enable Security default to Yes.
C. Modify the Directory properties.
D. Configure the Consent and permissions settings for enterprise applications.
Answer: A
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are-
added
Question: 120
You plan to implement JIT VM access.
Which virtual machines will be supported?
A. VM1 and VM3 only
B. VM1. VM2. VM3, and VM4
C. VM2, VM3, and VM4 only
D. VM1 only
Answer: A
Question: 121
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant
named contoso.com.
You are assigned the Global administrator role for the tenant. You are responsible for managing Azure Security Center
settings.
You need to create a custom sensitivity label.
What should you do first?
A. Create a custom sensitive information type.
B. Elevate access for global administrators in Azure A
D. Upgrade the pricing tier of the Security Center to Standard.
E. Enable integration with Microsoft Cloud App Security.
Answer: A
Explanation:
First, you need to create a new sensitive information type because you can’t directly modify the default rules.
References: https://docs.microsoft.com/en-us/office365/securitycompliance/customize-a-built-in-sensitive-
information-type
Question: 122
CORRECT TEXT
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username: [email protected]
Azure Password: Ag1Bh9!#Bd
The following information is for technical support purposes only:
Lab Instance: 10598168


You need to collect all the audit failure data from the security log of a virtual machine named VM1 to an Azure
Storage account.
To complete this task, sign in to the Azure portal.
This task might take several minutes to complete You can perform other tasks while the task completes.
Answer: Step 1: Create a workspace
Azure Monitor can collect data directly from your Azure virtual machines into a Log Analytics workspace for detailed
analysis and correlation.
Question: 123
DRAG DROP
You have an Azure subscription named Sub1 that contains an Azure Log Analytics workspace named LAW1.
You have 500 Azure virtual machines that run Windows Server 2016 and are enrolled in LAW1.
You plan to add the System Update Assessment solution to LAW1.
You need to ensure that System Update Assessment-related logs are uploaded to LAW1 from 100 of the virtual
machines only.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.


Answer:

Explanation:
References: https://docs.microsoft.com/en-us/azure/azure-monitor/insights/solution-targeting
Question: 124
You have an Azure subscription.
You configure the subscription to use a different Azure Active Directory (Azure AD) tenant.
What are two possible effects of the change? Each correct answer presents a complete solution. NOTE: Each correct
selection is worth one point.
A. Role assignments at the subscription level are lost.
B. Virtual machine managed identities are lost.
C. Virtual machine disk snapshots are lost.
D. Existing Azure resources are deleted.
Answer: A,B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-
associated-directory
Question: 125
CORRECT TEXT
You plan to connect several Windows servers to the WS11641655 Azure Log Analytics workspace.
You need to ensure that the events in the System event logs are collected automatically to the workspace after you
connect the Windows servers.
To complete this task, sign in to the Azure portal and modify the Azure resources.
Answer: Azure Monitor can collect events from the Windows event logs or Linux Syslog and performance counters
that you specify for longer term analysis and reporting, and take action when a particular condition is detected. Follow
these steps to configure collection of events from the Windows system log and Linux Syslog, and several common
performance counters to start with.
Data collection from Windows VM
Question: 126
You plan to create an Azure Kubernetes Service (AKS) cluster in an Azure subscription.
The manifest of the registered server application is shown in the following exhibit.



You need to ensure that the AKS cluster and Azure Active Directory (Azure AD) are integrated.
Which property should you modify in the manifest?
A. accessTokenAcceptedVersion
B. keyCredentials
C. groupMembershipClaims
D. acceptMappedClaims
Answer: C
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration-cli
https://www.codeproject.com/Articles/3211864/Operation-and-Maintenance-of-AKS-Applications

User: Lara***** While most candidates spend months preparing for the AZ-500 exam, I was able to complete it in just one day. I credit my success to killexams.com, which gave me the confidence to take the test. The website provided me with all the necessary materials, and I am grateful for their support.

User: Nelya***** I can vouch that Killexams.com material is reliable, as I passed the az-500 exam with over 90% correct answers. The questions in their material are regularly updated, and the company has helped me more than once. As a regular user, I hope to receive a discount for my next package deal.

User: Alfred***** I am glad that you found the tips and tricks provided by Killexams helpful in preparing for your upcoming AZ-500 exam. Its reassuring to know that the exam simulator was beneficial in understanding the principles and concepts required to excel in the exam. Its always encouraging to hear positive feedback from users who have had a great experience with our IT exam prep material.

User: Tanita***** The Killexams.com website provided me access to several exam training materials for the AZ-500 exam. I was initially unsure which one to choose, but the samples on the website helped me select the quality one. I purchased the Killexams.com practice tests, which helped me understand the essential concepts and answer all questions in a timely manner. I am happy to have Killexams.com as my coach.

User: Lily***** I am thrilled to share that I passed my AZ-500 certification exam with a remarkable score of 91%. The practice tests provided by Killexams.com were incredibly helpful as they were very similar to the actual exam. I am grateful for their superb help and will continue to use their practice tests for my future certifications. I was hopeless and believed that I could not become IT certified, but a friend recommended Killexams.com to me. I attempted their online study guides for my AZ-500 exam and was able to score 91% in the exam. I owe a lot to Killexams.com for this success.

---