Try Free Microsoft Azure Security Technologies AZ-500 Dumps Online

test2022-06-30T06:37:13+00:00

To aid all candidates appearing for Microsoft Azure Security Technologies exam, FreeTestShare provides 100% authentic AZ-500 Dumps that will not only help you pass the Microsoft AZ-500 exam, but will also allow you to operate at the highest level in the industry. We guarantee that you will have a better understanding of the Microsoft AZ-500 exam topics and patterns. All AZ-500 Dumps have been corrected and updated to ensure 100% validity. FreeTestShare offers a free practice test for the AZ-500 exam to demonstrate the dump validity.

Test yourself with these AZ-500 practice exam questions now!

Page 1 of 8

1. You have an Azure subscription that contains the Azure Log Analytics workspaces shown in the following table.

You create the virtual machines shown in the following table.

You plan to use Azure Sentinel to monitor Windows Defender Firewall on the virtual machines.

Which virtual machines you can connect to Azure Sentinel?

VM1 and VM3 only

VM1 Only

VM1 and VM2 only

VM1, VM2, VM3 and VM4

2. You have Azure Resource Manager templates that you use to deploy Azure virtual machines.

You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.

What should you use?

device compliance policies in Microsoft Intune

Azure Automation State Configuration

application security groups

Azure Advisor

3. HOTSPOT

You plan to use Azure Sentinel to create an analytic rule that will detect suspicious threats and automate responses.

Which components are required for the rule? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

4. You have an Azure web app named WebApp1.

You upload a certificate to WebApp1.

You need to make the certificate accessible to the app code of WebApp1.

What should you do?

Add a user-assigned managed identity to WebApp1.

Add an app setting to the WebApp1 configuration.

Enable system-assigned managed identity for the WebApp1.

Configure the TLS/SSL binding for WebApp1.

5. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

The tenant contains the users shown in the following table.

You configure an access review named Review1 as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

6. DRAG DROP

You have an Azure subscription that contains the virtual networks shown in the following table.

The Azure virtual machines on SpokeVNetSubnet0 can communicate with the computers on the on-premises network.

You plan to deploy an Azure firewall to HubVNet.

You create the following two routing tables:

✑ RT1: Includes a user-defined route that points to the private IP address of the Azure firewall as a next hop address

✑ RT2: Disables BGP route propagation and defines the private IP address of the Azure firewall as the default gateway

You need to ensure that traffic between SpokeVNetSubnet0 and the on-premises network flows through the Azure firewall.

To which subnet should you associate each route table? To answer, drag the appropriate subnets to the correct route tables. Each subnet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

7. You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.

You need to use automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry.

What should you create?

a secret in Azure Key Vault

a role assignment

an Azure Active Directory (Azure AD) user

an Azure Active Directory (Azure AD) group

8. You need to ensure that users can access VM0. The solution must meet the platform protection requirements.

What should you do?

Move VM0 to Subnet1.

On Firewall, configure a network traffic filtering rule.

Assign RT1 to AzureFirewallSubnet.

On Firewall, configure a DNAT rule.

9. You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant.

From the Azure portal, you register an enterprise application.

Which additional resource will be created in Azure AD?

a service principal

509 certificate

a managed identity

a user account

10. CORRECT TEXT

You need to ensure that connections from the Internet to VNET1subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.

To complete this task, sign in to the Azure portal.

Page 2 of 8

11. DRAG DROP

You are implementing conditional access policies.

You must evaluate the existing Azure Active Directory (Azure AD) risk events and risk levels to configure and implement the policies.

You need to identify the risk level of the following risk events:

✑ Users with leaked credentials

✑ Impossible travel to atypical locations

✑ Sign ins from IP addresses with suspicious activity

Which level should you identify for each risk event? To answer, drag the appropriate levels to the correct risk events. Each level may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

12. DRAG DROP

You have an Azure subscription named Sub1 that contains an Azure Storage account named Contosostorage1 and an Azure key vault named Contosokeyvault1.

You plan to create an Azure Automation runbook that will rotate the keys of Contosostorage1 and store them in Contosokeyvault1.

You need to implement prerequisites to ensure that you can implement the runbook.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

13. HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.

An IP address of 10.1.0.4 is assigned to VM5. VM5 does not have a public IP address.

VM5 has just in time (JIT) VM access configured as shown in the following exhibit.

You enable JIT VM access for VM5.

NSG1 has the inbound rules shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

14. Your network contains an Active Directory forest named contoso.com. You have an Azure Directory (Azure AD) tenant named contoso.com.

You plan to configure synchronization by using the Express Settings installation option in Azure AD Connect.

You need to identify which roles and groups are required to perform the planned configurations. The solution must use the principle of least privilege.

Which two roles and groups should you identify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

the Domain Admins group in Active Directory

the Security administrator role in Azure AD

the Global administrator role in Azure AD

the User administrator role in Azure AD

the Enterprise Admins group in Active Directory

15. You plan to configure Azure Disk Encryption for VM4 Which key vault can you use to store the encryption key?

KeyVault1

KeyVault3

KeyVault2

16. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result these questions will not appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.

You use several policy definitions to manage the security of the subscriptions.

You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create a policy initiative and assignments that are scoped to resource groups.

Does this meet the goal?

Yes

17. HOTSPOT

You implement the planned changes for ASG1 and ASG2.

In which NSGs can you use ASG1. and the network interfaces of which virtual machines can you assign to ASG2?

18. You have an Azure subscription named Sub1.

In Azure Security Center, you have a security playbook named Play1. Play1 is configured to send an email message to a user named User1.

You need to modify Play1 to send email messages to a distribution group named Alerts.

What should you use to modify Play1?

Azure DevOps

Azure Application Insights

Azure Monitor

Azure Logic Apps Designer

19. DRAG DROP

You need to deploy AKS1 to meet the platform protection requirements.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

20. HOTSPOT

You need to configure support for Azure Sentinel notebooks to meet the technical requirements.

What is the minimum number of Azure container registries and Azure Machine Learning workspaces required?

Page 3 of 8

21. You need to meet the technical requirements for VNetwork1.

What should you do first?

Create a new subnet on VNetwork1.

Remove the NSGs from Subnet11 and Subnet13.

Associate an NSG to Subnet12.

Configure DDoS protection for VNetwork1.

22. HOTSPOT

You are evaluating the effect of the application security groups on the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

23. You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.

The User administrator role is assigned to a user named Admin1.

An external partner has a Microsoft account that uses the [email protected] sign in.

Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following

error message: “Unable to invite user [email protected] Generic authorization exception.”

You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.

What should you do?

From the Roles and administrators blade, assign the Security administrator role to Admin1.

From the Organizational relationships blade, add an identity provider.

From the Custom domain names blade, add a custom domain.

From the Users blade, modify the External collaboration settings.

24. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to rt As a result, these questions will not appear in the review screen.

You have an Azure subscription named Sub1.

You have an Azure Storage account named Sa1 in a resource group named RG1.

Users and applications access the blob service and the file service in Sal by using several shared access signatures {SASs) and stored access policies.

You discover that unauthorized users accessed both the rile service and the blob service.

You need to revoke all access to Sa1.

Solution: You regenerate the access keys.

Does this meet the goal?

Yes

25. CORRECT TEXT

You need to configure a virtual network named VNET2 to meet the following requirements:

✑ Administrators must be prevented from deleting VNET2 accidentally.

✑ Administrators must be able to add subnets to VNET2 regularly.

To complete this task, sign in to the Azure portal and modify the Azure resources.

26. HOTSPOT

You have an Azure subscription named Sub1.

You create a virtual network that contains one subnet.

On the subnet, you provision the virtual machines shown in the following table.

Currently, you have not provisioned any network security groups (NSGs).

You need to implement network security to meet the following requirements:

✑ Allow traffic to VM4 from VM3 only.

✑ Allow traffic from the Internet to VM1 and VM2 only.

✑ Minimize the number of NSGs and network security rules.

How many NSGs and network security rules should you create? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

27. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.

You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.

Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced.

Solution: You recommend the use of pass-through authentication and seamless SSO with password hash synchronization.

Does the solution meet the goal?

Yes

28. You have the Azure virtual machines shown in the following table.

For which virtual machine can you enable Update Management?

VM2 and VM3 only

VM2, VM3, and VM4 only

VM1, VM2, and VM4 only

VM1, VM2, VM3, and VM4

VM1, VM2, and VM3 only

29. HOTSPOT

You are evaluating the security of VM1, VM2, and VM3 in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

30. CORRECT TEXT

You need to enable Advanced Data Security for the SQLdb1 Azure SQL database. The solution must ensure that Azure Advanced Threat Protection (ATP) alerts are sent to [email protected].

To complete this task, sign in to the Azure portal and modify the Azure resources.

Page 4 of 8

31. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

The tenant contains the named locations shown in the following table.

You create the conditional access policies for a cloud app named App1 as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

32. HOTSPOT

You need to deploy Microsoft Antimalware to meet the platform protection requirements.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

33. CORRECT TEXT

You need to prevent administrators from performing accidental changes to the Homepage app service plan.

To complete this task, sign in to the Azure portal.

34. You are troubleshooting a security issue for an Azure Storage account You enable Azure Storage Analytics logs and archive It to a storage account.

What should you use to retrieve the diagnostics logs?

Azure Storage Explorer

SQL query editor in Azure

Azure Monitor

Azure Cosmos DB explorer

35. CORRECT TEXT

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: [email protected]

Azure Password: Ag1Bh9!#Bd

The following information is for technical support purposes only:

Lab Instance: 10598168

You need to create a new Azure Active Directory (Azure AD) directory named 10598168.onmicrosoft.com. The new directory must contain a user named [email protected] who is configured to sign in by using Azure Multi-Factor Authentication (MFA).

To complete this task, sign in to the Azure portal.

36. You have an Azure subscription that contains the resources shown in the following table.

You need to ensure that ServerAdmins can perform the following tasks:

✑ Create virtual machines in RG1 only.

✑ Connect the virtual machines to the existing virtual networks in RG2 only.

The solution must use the principle of least privilege.

Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

a custom RBAC role for RG2

the Network Contributor role for RG2

the Contributor role for the subscription

a custom RBAC role for the subscription

the Network Contributor role for RG1

the Virtual Machine Contributor role for RG1

37. HOTSPOT

You have two Azure virtual machines in the East US2 region as shown in the following table.

You deploy and configure an Azure Key vault.

You need to ensure that you can enable Azure Disk Encryption on VM1 and VM2.

What should you modify on each virtual machine? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

38. CORRECT TEXT

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: [email protected]

Azure Password: Ag1Bh9!#Bd

The following information is for technical support purposes only:

Lab Instance: 10598168

You need to prevent HTTP connections to the rg1lod10598168n1 Azure Storage account.

To complete this task, sign in to the Azure portal.

39. HOTSPOT

You have an Azure subscription that contains the virtual machines shown in the following table.

You create the Azure policies shown in the following table.

You create the resource locks shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

40. HOTSPOT

You create a new Azure subscription that is associated to a new Azure Active Directory (Azure AD) tenant.

You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the Microsoft Azure Management cloud app.

The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.)

The Grant settings for Portal Policy are configured as shown in the Grant exhibit. (Click the Grant tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Page 5 of 8

41. HOTSPOT

You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.

You plan to implement an application that will consist of the resources shown in the following table.

Users will authenticate by using their Azure AD user account and access the Cosmos DB account by using resource tokens.

You need to identify which tasks will be implemented in CosmosDB1 and WebApp1.

Which task should you identify for each resource? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

42. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Subscription. The subscription contains 50 virtual machines that run Windows Server 2012 R2 or Windows Server 2016.

You need to deploy Microsoft Antimalware to the virtual machines.

Solution: You add an extension to each virtual machine.

Does this meet the goal?

Yes

43. CORRECT TEXT

You plan to use Azure Disk Encryption for several virtual machine disks.

You need to ensure that Azure Disk Encryption can retrieve secrets from the KeyVault11641655 Azure key vault.

To complete this task, sign in to the Azure portal and modify the Azure resources.

44. HOTSPOT

You have a management group named Group1 that contains an Azure subscription named sub1. Sub1 has a subscription ID of 11111111-1234-1234-1234-1111111111.

You need to create a custom Azure role-based access control (RBAC) role that will delegate permissions to manage the tags on all the objects in Group1.

What should you include in the role definition of Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

45. HOTSPOT

You need to create an Azure key vault. The solution must ensure that any object deleted from the key vault be retained for 90 days.

How should you complete the command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

46. You have an Azure subscription that contains an Azure SQL database named sql1.

You plan to audit sql1.

You need to configure the audit log destination. The solution must meet the following requirements:

✑ Support querying events by using the Kusto query language.

✑ Minimize administrative effort.

What should you configure?

an event hub

a storage account

a Log Analytics workspace

47. DRAG DROP

You have three Azure subscriptions and a user named User1.

You need to provide User1 with the ability to manage and view costs for the resources across all three subscriptions. The solution must use the principle of least privilege.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

48. HOTSPOT

You are evaluating the security of the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

49. You plan to implement JIT VM access.

Which virtual machines will be supported?

VM1 and VM3 only

VM1. VM2. VM3, and VM4

VM2, VM3, and VM4 only

VM1 only

50. HOTSPOT

You have an Azure key vault.

You need to delegate administrative access to the key vault to meet the following requirements:

✑ Provide a user named User1 with the ability to set advanced access policies for the key vault.

✑ Provide a user named User2 with the ability to add and delete certificates in the key vault.

✑ Use the principle of least privilege.

What should you use to assign access to each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Page 6 of 8

51. DRAG DROP

You have an Azure subscription.

You plan to create a storage account.

You need to use customer-managed keys to encrypt the tables in the storage account.

From Azure Cloud Shell, which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.

52. You have an Azure Sentinel deployment.

You need to create a scheduled query rule named Rule1.

What should you use to define the query rule logic for Rule1?

a Transact-SQL statement

a JSON definition

GraphQL

a Kusto query

53. You have an Azure subscription that contains a user named Adminl1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer.

Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center.

You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1.

What should you do?

Create and configure an additional public IP address for VM 1.

Replace the Basic Load Balancer with an Azure Standard Load Balancer.

Assign an Azure Active Directory Premium Plan 1 license to Admin1.

Create and configure a network security group (NSG).

54. HOTSPOT

You have an Azure subscription that contains the virtual machines shown in the following table.

You create the Azure policies shown in the following table.

You create the resource locks shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

55. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that contains the resources shown in the following table.

User2 is the owner of Group2.

The user and group settings for App1 are configured as shown in the following exhibit.

You enable self-service application access for App1 as shown in the following exhibit.

User3 is configured to approve access to Appl.

You need to identify the owners of Group2 and the users of Appl.

What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

56. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.

You use several policy definitions to manage the security of the subscriptions.

You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create a policy definition and assignments that are scoped to resource groups.

Does this meet the goal?

Yes

57. DRAG DROP

You are configuring network connectivity for two Azure virtual networks named VNET1 and VNET2.

You need to implement VPN gateways for the virtual networks to meet the following requirements:

* VNET1 must have six site-to-site connections that use BGP.

* VNET2 must have 12 site-to-site connections that use BGP.

* Costs must be minimized.

Which VPN gateway SKI) should you use for each virtual network? To answer, drag the appropriate SKUs to the correct networks. Each SKU may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point

58. You have an Azure Container Registry named ContReg1 that contains a container image named image1.

You enable content trust for ContReg1.

After content trust is enabled, you push two images to ContReg1 as shown in the following table.

Which images are trusted images?

image1 and image2 only

image2 only

image1, image2, and image3

59. HOTSPOT

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You create a custom RBAC role in Subscription1 by using the following JSON file.

You assign Role1 to User1 on RG1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

60. CORRECT TEXT

You need to ensure that when administrators deploy resources by using an Azure Resource Manager template, the deployment can access secrets in an Azure key vault named KV11597200.

To complete this task, sign in to the Azure portal.

Page 7 of 8

61. You have an Azure Active Directory (Azure AD) tenant that contains a user named Admin1.

Admin1 is assigned the Application developer role.

You purchase a cloud app named App1 and register App1 in Azure AD.

Admin1 reports that the option to enable token encryption for App1 is unavailable.

You need to ensure that Admin1 can enable token encryption for App1 in the Azure portal.

What should you do?

Upload a certificate for App1.

Modify the API permissions of App1.

Add App1 as an enterprise application.

Assign Admin! the Cloud application administrator role.

62. You are configuring an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.

You need to use the auto-generated service principal to authenticate to the Azure Container Registry.

What should you create?

an Azure Active Directory (Azure AD) group

an Azure Active Directory (Azure AD) role assignment

an Azure Active Directory (Azure AD) user

a secret in Azure Key Vault

63. You have an Azure subscription that contains the virtual machines shown in the following table.

From Azure Security Center, you turn on Auto Provisioning.

You deploy the virtual machines shown in the following table.

On which virtual machines is the Microsoft Monitoring agent installed?

VM3 only

VM1 and VM3 only

VM3 and VM4 only

VM1, VM2, VM3, and VM4

64. HOTSPOT

You have the Azure key vaults shown in the following table.

KV1 stores a secret named Secret1 and a key for a managed storage account named Key1.

You back up Secret1 and Key1.

To which key vaults can you restore each backup? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

65. DRAG DROP

You need to perform the planned changes for OU2 and User1.

Which tools should you use? To answer, drag the appropriate tools to the correct resources. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

66. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.

You use several policy definitions to manage the security of the subscriptions.

You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create a policy initiative and assignments that are scoped to resource groups.

Does this meet the goal?

Yes

67. HOTSPOT

Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure Active Directory (Azure AD).

The Azure AD tenant contains the users shown in the following table.

You configure the Authentication methods C Password Protection settings for adatum.com as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

68. Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory Azure (Azure AD) tenant named contoso.com.

The company develops a mobile application named App1. App1 uses the OAuth 2 implicit grant type to acquire Azure AD access tokens.

You need to register App1 in Azure AD.

What information should you obtain from the developer to register the application?

a redirect URI

a reply URL

a key

an application ID

69. DRAG DROP

You have an Azure subscription that contains 100 virtual machines. Azure Diagnostics is enabled on all the virtual machines.

You are planning the monitoring of Azure services in the subscription.

You need to retrieve the following details:

✑ Identify the user who deleted a virtual machine three weeks ago.

✑ Query the security events of a virtual machine that runs Windows Server 2016.

What should you use in Azure Monitor? To answer, drag the appropriate configuration settings to the correct details. Each configuration setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

70. You have an Azure subscription that contains two virtual machines named VM1 and VM2 that run Windows Server 2019.

You are implementing Update Management in Azure Automation.

You plan to create a new update deployment named Update1.

You need to ensure that Update! meets the following requirements:

• Automatically applies updates to VM1 and VM2.

• Automatically adds any new Windows Server 2019 virtual machines to Update1.

What should you include in Update1?

a security group that has a Membership type of Dynamic Device

a security group that has a Membership type of Assigned

a Kusto query language query

a dynamic group query

Page 8 of 8

71. You have a Azure subscription that contains an Azure Container Registry named Registry1. The subscription uses the Standard use tier of Azure Security Center.

You upload several container images to Register1.

You discover that vulnerability security scans were not performed

You need to ensured that the images are scanned for vulnerabilities when they are uploaded to Registry1.

What should you do?

From the Azure portal modify the Pricing tier settings.

From Azure CLI, lock the container images.

Upload the container images by using AzCopy

Push the container images to Registry1 by using Docker

72. From Azure Security, you create a custom alert rule.

You need to configure which users will receive an email message when the alert is triggered.

What should you do?

From Azure Monitor, create an action group.

From Security Center, modify the Security policy settings of the Azure subscription.

From Azure Active Directory (Azure AD). modify the members of the Security Reader role group.

From Security Center, modify the alert rule.

73. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.

You use several policy definitions to manage the security of the subscriptions.

You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create an initiative and an assignment that is scoped to the Tenant Root Group management group.

Does this meet the goal?

Yes

74. DRAG DROP

You create an Azure subscription.

You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure AD roles.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

75. HOTSPOT

On Monday, you configure an email notification in Azure Security Center to notify user [email protected].

On Tuesday, Security Center generates the security alerts shown in the following table.

How many email notifications will [email protected] receive on Tuesday? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

76. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that contains two administrative units named AU1 and AU2.

Users are assigned to the administrative units as shown in the following table.

77. You need to ensure that User2 can implement PIM.

What should you do first?

Assign User2 the Global administrator role.

Configure authentication methods for contoso.com.

Configure the identity secure score for contoso.com.

Enable multi-factor authentication (MFA) for User2.

78. HOTSPOT

You create an alert rule that has the following settings:

✑ Resource: RG1

✑ Condition: All Administrative operations

✑ Actions: Action groups configured for this alert rule: ActionGroup1

✑ Alert rule name: Alert1

You create an action rule that has the following settings:

✑ Scope: VM1

✑ Filter criteria: Resource Type = "Virtual Machines"

✑ Define on this scope: Suppression

✑ Suppression config: From now (always)

✑ Name: ActionRule1

For each of the following statements, select Yes if the statement is true. Otherwise, select No. Note: Each correct selection is worth one point.