Exam Code : AZ-500
Exam Name : Microsoft Azure Security Technologies 2024
Vendor Name :
"Microsoft"
AZ-500 Dumps
AZ-500 Braindumps AZ-500 Real Questions AZ-500 Practice Test
AZ-500 Actual Questions
killexams.com
Microsoft Azure Security Technologies 2024
https://killexams.com/pass4sure/exam-detail/AZ-500
Question: 114
You have an Azure web app named webapp1.
You need to configure continuous deployment for webapp1 by using an Azure Repo. What should you create first?
an Azure Application Insights service
an Azure DevOps organization
an Azure Storage account
an Azure DevTest Labs lab
Answer: B
Question: 115 HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
In Azure AD Privileged Identity Management (PIM), the Role settings for the Contributor role are configured as shown in the exhibit. (Click the Exhibit tab.)
You assign users the Contributor role on May 1, 2019 as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
References: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource- roles-assign-roles
Question: 116
CORRECT TEXT
You plan to connect several Windows servers to the WS11641655 Azure Log Analytics workspace.
You need to ensure that the events in the System event logs are collected automatically to the workspace after you connect the Windows servers.
To complete this task, sign in to the Azure portal and modify the Azure resources.
Data collection from Windows VM
Question: 117
You have 10 virtual machines on a single subnet that has a single network security group (NSG). You need to log the network traffic to an Azure Storage account.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Install the Network Performance Monitor solution.
Enable Azure Network Watcher.
Enable diagnostic logging for the NS
Enable NSG flow logs.
Create an Azure Log Analytics workspace.
A network security group (NSG) enables you to filter inbound traffic to, and outbound traffic from, a virtual machine (VM). You can log network traffic that flows through an NSG with Network Watcher’s NSG flow log capability.
Steps include:
Create a VM with a network security group
Enable Network Watcher and register the Microsoft. Insights provider
Enable a traffic flow log for an NSG, using Network Watcher’s NSG flow log capability Download logged data
View logged data
Reference: https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal
Question: 118
You have an Azure Active Din-dory (Azure AD) tenant named contoso.com that contains a user named User1. You plan to publish several apps in the tenant.
You need to ensure that User1 can grant admin consent for the published apps.
Which two possible user roles can you assign to User! to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Application developer
Security administrator
Application administrator
User administrator
Cloud application administrator
Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent
Question: 119
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.
When a developer attempts to register an app named App1 in the tenant, the developer receives the error message shown in the following exhibit.
You need to ensure that the developer can register App1 in the tenant.
What should you do for the tenant?
Modify the User settings
Set Enable Security default to Yes.
Modify the Directory properties.
Configure the Consent and permissions settings for enterprise applications.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are- added
Question: 120
You plan to implement JIT VM access. Which virtual machines will be supported?
VM1 and VM3 only
VM1. VM2. VM3, and VM4
VM2, VM3, and VM4 only
VM1 only
Question: 121
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
You are assigned the Global administrator role for the tenant. You are responsible for managing Azure Security Center settings.
You need to create a custom sensitivity label. What should you do first?
Create a custom sensitive information type.
Elevate access for global administrators in Azure A
Upgrade the pricing tier of the Security Center to Standard.
Enable integration with Microsoft Cloud App Security.
First, you need to create a new sensitive information type because you can’t directly modify the default rules.
References: https://docs.microsoft.com/en-us/office365/securitycompliance/customize-a-built-in-sensitive- information-type
Question: 122
CORRECT TEXT
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: [email protected]
Azure Password: Ag1Bh9!#Bd
The following information is for technical support purposes only: Lab Instance: 10598168
You need to collect all the audit failure data from the security log of a virtual machine named VM1 to an Azure Storage account.
To complete this task, sign in to the Azure portal.
This task might take several minutes to complete You can perform other tasks while the task completes.
Azure Monitor can collect data directly from your Azure virtual machines into a Log Analytics workspace for detailed analysis and correlation.
Question: 123
DRAG DROP
You have an Azure subscription named Sub1 that contains an Azure Log Analytics workspace named LAW1. You have 500 Azure virtual machines that run Windows Server 2016 and are enrolled in LAW1.
You plan to add the System Update Assessment solution to LAW1.
You need to ensure that System Update Assessment-related logs are uploaded to LAW1 from 100 of the virtual machines only.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
References: https://docs.microsoft.com/en-us/azure/azure-monitor/insights/solution-targeting
Question: 124
You have an Azure subscription.
You configure the subscription to use a different Azure Active Directory (Azure AD) tenant.
What are two possible effects of the change? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Role assignments at the subscription level are lost.
Virtual machine managed identities are lost.
Virtual machine disk snapshots are lost.
Existing Azure resources are deleted.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions- associated-directory
Question: 125
CORRECT TEXT
You plan to connect several Windows servers to the WS11641655 Azure Log Analytics workspace.
You need to ensure that the events in the System event logs are collected automatically to the workspace after you connect the Windows servers.
To complete this task, sign in to the Azure portal and modify the Azure resources.
Data collection from Windows VM
Question: 126
You plan to create an Azure Kubernetes Service (AKS) cluster in an Azure subscription. The manifest of the registered server application is shown in the following exhibit.
You need to ensure that the AKS cluster and Azure Active Directory (Azure AD) are integrated.
Which property should you modify in the manifest?
accessTokenAcceptedVersion
keyCredentials
groupMembershipClaims
acceptMappedClaims
https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration-cli https://www.codeproject.com/Articles/3211864/Operation-and-Maintenance-of-AKS-Applications