A Review Of Downloadable Az-500 Preparation Labs

NEW QUESTION 1

You have an Azure subscription that contains the following resources:
• An Azure key vault
• An Azure SQL database named Database1
• Two Azure App Service web apps named AppSrv1 and AppSrv2 that are configured to use system-assigned managed identities and access Database1
You need to implement an encryption solution for Database1 that meets the following requirements:
• The data in a column named Discount in Database1 must be encrypted so that only AppSrv1 can decrypt the data.
• AppSrv1 and AppSrv2 must be authorized by using managed identities to obtain cryptographic keys. How should you configure the encryption settings fa Database1 To answer, select the appropriate options in
the answer area.
NOTE: Each correct selection is worth one point

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 2

Lab Task
Task 1
You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 3

You have an Azure Active Directory (Azure AD) tenant. You have the deleted objects shown in the following table.

On May 4, 2020, you attempt to restore the deleted objects by using the Azure Active Directory admin center. Which two objects can you restore? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

• A. Group1
• B. Group2
• C. User2
• D. User1

Answer: BC

Explanation:
Deleted users and deleted Office 365 groups are available for restore for 30 days. You cannot restore a deleted security group.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-restore-deleted

NEW QUESTION 4

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.
You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.
Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced.
Solution: You recommend the use of password hash synchronization and seamless SSO. Does the solution meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 5

You have an Azure subscription that contains the virtual machines shown in the following table.

From Azure Security Center, you turn on Auto Provisioning. You deploy the virtual machines shown in the following table.

On which virtual machines is the Microsoft Monitoring agent installed?

• A. VM3 only
• B. VM1 and VM3 only
• C. VM3 and VM4 only
• D. VM1, VM2, VM3, and VM4

Answer: D

Explanation:
When automatic provisioning is enabled, Security Center provisions the Microsoft Monitoring Agent on all supported Azure VMs and any new ones that are created.
Supported Operating systems include: Ubuntu 14.04 LTS (x86/x64), 16.04 LTS (x86/x64), and 18.04 LTS (x64) and Windows Server 2008 R2, 2012, 2012 R2, 2016, version 1709 and 1803.
References:
https://docs.microsoft.com/en-us/azure/security-center/security-center-faq

NEW QUESTION 6

You have an Azure subscription named Subscription1.
You need to view which security settings are assigned to Subscription1 by default. Which Azure policy or initiative definition should you review?

• A. the Audit diagnostic setting policy definition
• B. the Enable Monitoring in Azure Security Center initiative definition
• C. the Enable Azure Monitor for VMs initiative definition
• D. the Azure Monitor solution ‘Security and Audit’ must be deployed policy definition

Answer: B

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/tutorial-security-policy https://docs.microsoft.com/en-us/azure/security-center/policy-reference

NEW QUESTION 7

You company has an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to create several security alerts by using Azure Monitor.
You need to prepare the Azure subscription for the alerts. What should you create first?

• A. An Azure Storage account
• B. an Azure Log Analytics workspace
• C. an Azure event hub
• D. an Azure Automation account

Answer: B

Explanation:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-create-workspace

NEW QUESTION 8

You plan to configure Azure Disk Encryption for VM4. Which key vault can you use to store the encryption key?

• A. KeyVault1
• B. KeyVault3
• C. KeyVault2

Answer: A

Explanation:
The key vault needs to be in the same subscription and same region as the VM. VM4 is in West US. KeyVault1 is the only key vault in the same region as the VM. Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault

NEW QUESTION 9

You have an Azure Storage account that contains a blob container named container1 and a client application named App1.
You need to enable App1 access to container1 by using Azure Active Directory (Azure AD) authentication.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 10

You have a web app named WebApp1.
You create a web application firewall (WAF) policy named WAF1. You need to protect WebApp1 by using WAF1.
What should you do first?

• A. Deploy an Azure Front Door.
• B. Add an extension to WebApp1.
• C. Deploy Azure Firewall.

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/azure/frontdoor/quickstart-create-front-door

NEW QUESTION 11

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Subscription named Sub1. Sub1 contains an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to encrypt VM1 disks by using Azure Disk Encryption.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 12

You have an Azure subscription that uses Microsoft Defender for Cloud.
You have an Amazon Web Service (AWS) account named AWS1 that is connected to defender for Cloud.
You need to ensure that AWS foundational Security Best Practices. The solution must minimize administrate effort.
What should do you in Defender for Cloud?

• A. Create a new customer assessment.
• B. Assign a built-in assessment.
• C. Assign a built-in compliance standard.
• D. Create a new custom standard.

Answer: C

NEW QUESTION 13

You are evaluating the security of the network communication between the virtual machines in Sub2. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 14

You have an Azure web app named WebApp1. You upload a certificate to WebApp1.
You need to make the certificate accessible to the app code of WebApp1. What should you do?

• A. Add a user-assigned managed identity to WebApp1.
• B. Add an app setting to the WebApp1 configuration.
• C. Enable system-assigned managed identity for the WebApp1.
• D. Configure the TLS/SSL binding for WebApp1.

Answer: B

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code

NEW QUESTION 15

You have an Azure subscription that contains several Azure SQL databases and an Azure Sentinel workspace.
You need to create a saved query in the workspace to find events reported by Advanced Threat Protection for Azure SQL Database.
What should you do?

• A. From Azure CLI run the Get-AzOperationalInsightsworkspace cmdlet.
• B. From the Azure SQL Database query editor, create a Transact-SQL query.
• C. From the Azure Sentinel workspace, create a Kusto Query Language query.
• D. From Microsoft SQL Server Management Studio (SSMS), create a Transact-SQL query.

Answer: C

NEW QUESTION 16

Your on-premises network contains a Hyper-V virtual machine named VM1. You need to use Azure Arc to onboard VM1 to Microsoft Defender for Cloud. What should you install first?

• A. the Azure Monitor agent
• B. the Azure Connected Machine agent
• C. the Log Analytics agent
• D. the guest configuration agent

Answer: B

NEW QUESTION 17

You have an Azure subscription that contains a user named UseR1. You need to ensure that UseR1 can perform the following tasks:
• Create groups.
• Create access reviews for role-assignable groups.
• Assign Azure AD roles to groups.
The solution must use the principle of least privilege. Which role should you assign to User1?

• A. Groups administrator
• B. Authentication administrator
• C. Identity Governance Administrator
• D. Privileged role administrator

Answer: C

NEW QUESTION 18
......