Practice Free AZ-500 Exam Online Questions
DRAG DROP
You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) data connector.
You are threat hunting suspicious traffic from a specific IP address.
You need to annotate an intermediate event stored in the workspace and be able to reference the IP address when navigating through the investigation graph.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/sentinel/bookmarks
Your network contains an Active Directory forest named contoso.com. You have an Azure Directory (Azure AD) tenant named contoso.com.
You plan to configure synchronization by using the Express Settings installation option in Azure AD Connect.
You need to identify which roles and groups are required to perform the planned configurations. The solution must use the principle of least privilege.
Which two roles and groups should you identify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . the Domain Admins group in Active Directory
- B . the Security administrator role in Azure AD
- C . the Global administrator role in Azure AD
- D . the User administrator role in Azure AD
- E . the Enterprise Admins group in Active Directory
CE
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions
You have a Azure subscription that contains an Azure Container Registry named Registry1. The subscription uses the Standard use tier of Azure Security Center.
You upload several container images to Register1.
You discover that vulnerability security scans were not performed
You need to ensured that the images are scanned for vulnerabilities when they are uploaded to Registry1.
What should you do?
- A . From the Azure portal modify the Pricing tier settings.
- B . From Azure CLI, lock the container images.
- C . Upload the container images by using AzCopy
- D . Push the container images to Registry1 by using Docker
A
Explanation:
Reference: https://charbelnemnom.com/scan-container-images-in-azure-container-registry-with-azure-security-center/
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that contains two administrative units named AU1 and AU2.
Users are assigned to the administrative units as shown in the following table.
Lab Task
use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password. place your cursor in the Enter password box and click on the password below.
Azure Username: Userl [email protected]
Azure Password: GpOAe4@lDg
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 28681041
Task 7
You need to collect all the audit failure data from the security log of a virtual machine named VM1 to an Azure Storage account. To complete this task, sign in to the Azure portal.
In the Azure portal, search for and select the virtual machine named VM1.
In the left pane, select Diagnostic settings.
Select Add diagnostic setting.
In the Add diagnostic setting pane, enter the following information:
Name: Enter a name for the diagnostic setting.
Destination: Select Storage account.
Storage account: Select the storage account you want to use.
Logs: Select Windows Event Logs.
Categories: Select Security.
Event types: Select Audit Failure.
Select Save.
Lab Task
use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password. place your cursor in the Enter password box and click on the password below.
Azure Username: Userl [email protected]
Azure Password: GpOAe4@lDg
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 28681041
Task 4
You need to ensure that a user named user2-28681041 can manage the properties of the virtual machines in the RG1lod28681041 resource group. The solution must use the principle of least privilege.
In the Azure portal, search for and select the resource group named RG1lod28681041.
In the left pane, select Access control (IAM).
Select Add.
In the Add role assignment pane, enter the following information:
Role: Select the appropriate role for your scenario. For example, Virtual Machine Contributor.
Assign access to: Select User, group, or service principal.
Select: Enter the name of the user you want to assign the role to. For example, user2-28681041.
Select Save.
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
You company has an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to create several security alerts by using Azure Monitor.
You need to prepare the Azure subscription for the alerts.
What should you create first?
- A . An Azure Storage account
- B . an Azure Log Analytics workspace
- C . an Azure event hub
- D . an Azure Automation account
B
Explanation:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-create-workspace
HOTSPOT
You need to create Role1 to meet the platform protection requirements.
How should you complete the role definition of Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
1) Microsoft.Compute/
2) disks
3) /subscrption/{subscriptionId}/resourceGroups/{Resource Group Id}
A new custom RBAC role named Role1 must be used to delegate the administration of the managed disks in Resource Group1. Role1 must be available only for Resource Group1.
You have an Azure subscription that contains an Azure web app named 1 and a virtual machine named VM1. VM1 runs Microsoft SQL Server and is connected to a virtual network named VNet1. App1, VM1, and Vent are in the US Central Azure region.
You need to ensure that App1 can connect to VM1. The solution must minimize costs.
- A . NAT gateway integration
- B . Azure Front Door
- C . regional virtual network integration
- D . gateway-required virtual network integration
- E . Azure Application Gateway integration
You have an Azure web app named webapp1.
You need to configure continuous deployment for webapp1 by using an Azure Repo.
What should you create first?
- A . an Azure Application Insights service
- B . an Azure DevOps organizations
- C . an Azure Storage account
- D . an Azure DevTest Labs lab
B
Explanation:
To use Azure Repos, make sure your Azure DevOps organization is linked to your Azure subscription.
Reference: https://docs.microsoft.com/en-us/azure/app-service/deploy-continuous-deployment