Practice Free AZ-500 Exam Online Questions
DRAG DROP
You have an Azure subscription that contains the following resources:
– A virtual network named VNET1 that contains two subnets named Subnet1 and Subnet2.
– A virtual machine named VM1 that has only a private IP address and connects to Subnet1.
You need to ensure that Remote Desktop connections can be established to VM1 from the internet.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange then in the correct order.
DRAG DROP
You have an Azure subscription.
You plan to create a storage account.
You need to use customer-managed keys to encrypt the tables in the storage account.
From Azure Cloud Shell, which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-configure-key-vault?tabs=powershell
HOTSPOT
You have an Azure Subscription that is connected to an on-premises datacenter and contains the resources shown in the following table.
You need to configure virtual network service endpoints for VNet1 and VNet2.
The solution must meet the following requirements:
• The virtual machines that connect to the subnet of VNet1 must access storage1, storage2, and Azure AD by using the Microsoft backbone network.
• The virtual machines that connect to the subnet of VNet2 must access storage1 and KeyVault1 by using the Microsoft backbone network.
• The virtual machines must use the Microsoft backbone network to communicate between VNet1 and VNet2.
How many service endpoints should you configure for each virtual network? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You have an Azure subscription that contains the virtual machines shown in the following table.
You create the Azure policies shown in the following table.
You create the resource locks shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant and a user named User1.
The App registrations settings for the tenant are configured as shown in the following exhibit.
You plan to deploy an app named App1.
You need to ensure that User1 can register App1 in Azure AD. The solution must use the principle of least privilege.
Which role should you assign to User1?
- A . App Configuration Data Owner for the subscription
- B . Managed Application Contributor for the subscription
- C . Cloud application administrator in Azure AD
- D . Application developer in Azure AD.
D
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task
HOTSPOT
You have an Azure AD tenant named contoso.com that has Azure AD Premium P1 licenses.
You need to create a group named Group1 that will be assigned the Global reader role.
Which portal should you use to create Group1 and which type of group should you create? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point
Explanation:
https://learn.microsoft.com/en-us/azure/active-directory/roles/groups-create-eligible
Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
The company develops an application named App1. App1 is registered in Azure AD.
You need to ensure that App1 can access secrets in Azure Key Vault on behalf of the application users.
What should you configure?
- A . an application permission without admin consent
- B . a delegated permission without admin consent
- C . a delegated permission that requires admin consent
- D . an application permission that requires admin consent
B
Explanation:
Delegated permissions – Your client application needs to access the web API as the signed-in user, but with access limited by the selected permission. This type of permission can be granted by a user unless the permission requires administrator consent.
Incorrect Answers:
A, D: Application permissions – Your client application needs to access the web API directly as itself (no user context). This type of permission requires administrator consent and is also not available for public (desktop and mobile) client applications.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis
HOTSPOT
You have a management group named MG1 that contains an Azure subscription and a resource group named RG1. RG1 contains a virtual machine named VM1.
You have the custom Azure roles shown in the following table.
The permissions for Role1 are shown in the following role definition file.
You assign the roles to the users shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No NOTE: Each correct selection is worth one point.
HOTSPOT
You have a file named File1.yaml that contains the following contents.
You create an Azure container instance named container1 by using File1.yaml.
You need to identify where you can access the values of Variable1 and Variable2.
What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/container-instances/container-instances-environment-variables
You are configuring an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container
Registry.
You need to use the auto-generated service principal to authenticate to the Azure Container Registry.
What should you create?
- A . an Azure Active Directory (Azure AD) group
- B . an Azure Active Directory (Azure AD) role assignment
- C . an Azure Active Directory (Azure AD) user
- D . a secret in Azure Key Vault
B
Explanation:
When you create an AKS cluster, Azure also creates a service principal to support cluster operability with other Azure resources. You can use this auto-generated service principal for authentication with an ACR registry. To do so, you need to create an Azure AD role assignment that grants the cluster’s service principal access to the container registry.
Reference: https://docs.microsoft.com/bs-latn-ba/azure/container-registry/container-registry-auth-aks