Back

Practice Free AZ-500 Exam Online Questions

Question #11

DRAG DROP

You have an Azure Storage account named storage1 and an Azure virtual machine named VM1. VM1 has a premium SSD managed disk.

You need to enable Azure Disk Encryption for VM1.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange then in the correct order.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault

Question #12

You have an Azure subscription that contains several Azure SQL databases and an Azure Sentinel workspace.

You need to create a saved query in the workspace to find events reported by Advanced Threat Protection for Azure SQL Database.

What should you do?

  • A . From Azure CLI run the Get-AzOperationalInsightsworkspace cmdlet.
  • B . From the Azure SQL Database query editor, create a Transact-SQL query.
  • C . From the Azure Sentinel workspace, create a Kusto Query Language query.
  • D . From Microsoft SQL Server Management Studio (SSMS), create a Transact-SQL query.

Reveal Solution Hide Solution

Correct Answer: C
Question #13

You have an Azure subscription.

You plan to create a workflow automation in Azure Security Center that will automatically remediate a security vulnerability.

What should you create first?

  • A . a managed identity
  • B . an automation account
  • C . an Azure function app
  • D . an alert rule
  • E . an Azure logic app

Reveal Solution Hide Solution

Correct Answer: E
E

Explanation:

Reference: https://docs.microsoft.com/en-us/azure/security-center/workflow-automation
Question #14

You have an Azure Active Din-dory (Azure AD) tenant named contoso.com that contains a user named User1.

You plan to publish several apps in the tenant.

You need to ensure that User1 can grant admin consent for the published apps.

Which two possible user roles can you assign to User! to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

  • A . Application developer
  • B . Security administrator
  • C . Application administrator
  • D . User administrator
  • E . Cloud application administrator

Reveal Solution Hide Solution

Correct Answer: CE
CE

Explanation:

Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent
Question #15

You have an Azure subscription that contains an Azure key vault and an Azure Storage account. The key vault contains customer-managed keys. The storage account is configured to use the customer-managed keys stored In the key vault.

You plan to store data in Azure by using the following services:

* Azure Files

* Azure Blob storage

* Azure Log Analytics

* Azure Table storage

* Azure Queue storage

Which two services data encryption by using the keys stored in the key vault? Each correct answer present a complete solution. NOTE: Each correct selection is worth one point.

  • A . Queue storage
  • B . Table storage
  • C . Azure Files
  • D . Blob storage

Reveal Solution Hide Solution

Correct Answer: C, D
C, D

Explanation:

https://docs.microsoft.com/en-us/azure/storage/common/account-encryption-key-create?tabs=portal
Question #16

DRAG DROP

You have five Azure subscriptions linked to a single Azure Active Directory (Azure AD) tenant.

You create an Azure Policy initiative named SecurityPolicyInitiative1.

You identify which standard role assignments must be configured on all new resource groups.

You need to enforce SecurityPolicyInitiative1 and the role assignments when a new resource group is created.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/governance/blueprints/create-blueprint-portal

https://docs.microsoft.com/en-us/azure/azure-australia/azure-policy

Question #17

Topic 4, Mix Questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Subscription named Sub1.

You have an Azure Storage account named Sa1 in a resource group named RG1.

Users and applications access the blob service and the file service in Sa1 by using several shared access signatures (SASs) and stored access policies.

You discover that unauthorized users accessed both the file service and the blob service.

You need to revoke all access to Sa1.

Solution: You generate new SASs.

Does this meet the goal?

  • A . Yes
  • B . No

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Instead you should create a new stored access policy.

To revoke a stored access policy, you can either delete it, or rename it by changing the signed identifier.

Changing the signed identifier breaks the associations between any existing signatures and the stored access policy. Deleting or renaming the stored access policy immediately affects all of the shared access signatures associated with it.

Reference: https://docs.microsoft.com/en-us/rest/api/storageservices/Establishing-a-Stored-Access-Policy
Question #18

You have an Azure subscription that is linked to an Azure AD tenant and contains the resources shown in the following table.

Which resources can be assigned the Contributor role for VM1?

  • A . Managed1 and App1 only
  • B . Group1 and Managed1 only
  • C . Group1. Managed1, and VM2only
  • D . Group1, Managed1, VM1. and App1 only

Reveal Solution Hide Solution

Correct Answer: A
Question #19

HOTSPOT

You plan to implement an Azure function named Function1 that will create new storage accounts for containerized application instances.

You need to grant Function1 the minimum required privileges to create the storage accounts. The solution must minimize administrative effort.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/howto-assign-access-portal

Question #20

HOTSPOT

You have an Azure Storage account that contains a blob container named container1 and a client application named App1.

You need to enable App1 access to container1 by using Azure Active Directory (Azure AD) authentication.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

Reference:

https://azure.microsoft.com/en-in/blog/announcing-the-preview-of-aad-authentication-for-storage/

https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/storage/common/storage-auth-aad-rbac-portal.md