Cause all that matters here is passing the Microsoft az-500 exam. Cause all that you need is a high score of az-500 Microsoft Azure Security Technologies exam. The only one thing you need to do is downloading Ucertify az-500 exam study guides now. We will not let you down with our money-back guarantee.

Free az-500 Demo Online For Microsoft Certifitcation:

NEW QUESTION 1

You have an Azure subscription that contains the alerts shown in the following exhibit.
AZ-500 dumps exhibit
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
AZ-500 dumps exhibit


Solution:
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-overview

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 2

You have the Azure virtual networks shown in the following table.
AZ-500 dumps exhibit
You have the Azure virtual machines shown in the following table.
AZ-500 dumps exhibit
The firewalls on all the virtual machines allow ping traffic. NSG1 is configured as shown in the following exhibit. Inbound security rules
AZ-500 dumps exhibit
Outbound security rules
AZ-500 dumps exhibit
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
AZ-500 dumps exhibit


Solution:
Box 1: Yes
VM1 and VM3 are on peered VNets. The firewall rules with a source of ASG1 and ASG2 allow ‘any’ traffic on ‘any’ protocol so pings are allowed between VM1 and VM3.
Box 2: No
VM2 and VM4 are on separate VNets and the VNets are not peered. Therefore, the pings would have to go over the Internet. VM4 does have a public IP and the firewall allows pings. However, for VM2 to be able to ping VM4, VM2 would also need a public IP address. In Azure, pings don’t go out through the default gateway as they would in a physical network. For an Azure VM to ping external IPs, the VM must have a public IP address assigned to it.
Box 3: Yes
VM3 has a public IP address and the firewall allows traffic on port 3389.

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 3

Lab Task
Task 7
You need to ensure that connections through an Azure Application Gateway named Homepage-AGW are inspected for malicious requests.


Solution:
Enable Web Application Firewall (WAF) for the application gateway. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to select a WAF policy and a WAF mode for the application gateway. You can choose a predefined policy or create a custom policy with your own rules and exclusions.
Configure WAF policy settings. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to select the managed rulesets and rule groups that you want to enable or disable for the WAF policy. You can also configure custom rules to match specific patterns or conditions and take actions such as blocking or logging requests.
Monitor WAF logs. You can use different types of logs in Azure to manage and troubleshoot the application gateway and the WAF policy. You can access some of these logs through the portal, such as metrics and health probes. You can also export the logs to Azure Storage, Event Hubs, or Log Analytics and view them in different tools, such as Azure Monitor, Excel, or Power BI.

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 4

You need to encrypt storage1 to meet the technical requirements. Which key vaults can you use?

  • A. KeyVault1 only
  • B. KeyVault2 and KeyVault3 only
  • C. KeyVault1 and KeyVault3 only
  • D. KeyVault1 KeyVault2 and KeyVault3

Answer: B

Explanation:
The storage account and the key vault must be in the same region and in the same Azure Active Directory (Azure AD) tenant, but they can be in different subscriptions.
Storage1 is in the West US region. KeyVault1 is the only key vault in the same region. Reference:
https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview

NEW QUESTION 5

You need to recommend which virtual machines to use to host App1. The solution must meet the technical requirements for KeyVault1.
Which virtual machines should you use?

  • A. VM1 only
  • B. VM1 and VM2 only
  • C. VM1, VM2, and VM4 only
  • D. VM1, VM2, VM3. and VM4

Answer: D

NEW QUESTION 6

You have an Azure subscription that contains a storage account named storage1 and a virtual machine named VM1.
VM1 is connected to a virtual network named VNet1 that contains one subnet and uses Azure DNS.
You need to ensure that VM1 connects to storage1 by using a private IP address. The solution must minimize administrative effort.
What should you do?

  • A. For storage1, disable public network access.
  • B. Create an Azure Private DNS zone.
  • C. On VNet1. create a new subnet.
  • D. For storage1, create a new private endpoint.

Answer: D

NEW QUESTION 7

You have an Azure subscription that uses Microsoft Defender for Cloud. The subscription contains the Azure Policy definitions shown in the following table.
AZ-500 dumps exhibit
Which definitions can be assigned as a security policy in Defender for Cloud?

  • A. Policy1 and Policy2 only
  • B. Initiative1 and Initiative2 only
  • C. Policy1 and Initiative1 only
  • D. Policy2 and Initiative2 only
  • E. Policy1, Policy2, Initiative1, and Initiative2

Answer: D

NEW QUESTION 8

You have an Azure subscription that contains 100 virtual machines and has Azure Security Cent,-. Standard tier enabled.
You plan to perform a vulnerability scan of each virtual machine.
You need to deploy the vulnerability scanner extension to the virtual machines by using an Azure Resource Manager template.
Which two values should you specify in the code to automate the deployment of the extension to the virtual machines? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. the user assigned managed identity
  • B. the Key Vault managed storage account Key
  • C. the Azure Active Directory (Azure AD) ID
  • D. the system-assigned managed identity
  • E. the primary shared key
  • F. the workspace ID

Answer: AC

Explanation:
https://docs.microsoft.com/en-us/azure/azure-arc/servers/onboard-service-principal

NEW QUESTION 9

You have an Azure subscription that contains the resources shown in the following table.
AZ-500 dumps exhibit
You plan to deploy the virtual machines shown in the following table.
AZ-500 dumps exhibit
You need to assign managed identities to the virtual machines. The solution must meet the following requirements:
AZ-500 dumps exhibit Assign each virtual machine the required roles.
AZ-500 dumps exhibit Use the principle of least privilege.
What is the minimum number of managed identities required?

  • A. 1
  • B. 2
  • C. 3
  • D. 4

Answer: B

Explanation:
We have two different sets of required permissions. VM1 and VM2 have the same permission requirements. VM3 and VM4 have the same permission requirements.
A user-assigned managed identity can be assigned to one or many resources. By using user-assigned managed identities, we can create just two managed identities: one with the permission requirements for VM1 and VM2 and the other with the permission requirements for VM3 and VM4.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

NEW QUESTION 10

You have an Azure Storage account named storage1 and an Azure virtual machine named VM1. VM1 has a premium SSD managed disk.
You need to enable Azure Disk Encryption for VM1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange then in the correct order.
AZ-500 dumps exhibit


Solution:
Graphical user interface, text, application Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 11

You have an Azure web app named webapp1.
You need to configure continuous deployment for webapp1 by using an Azure Repo.
What should you create first?

  • A. an Azure Application Insights service
  • B. an Azure DevOps organization
  • C. an Azure Storage account
  • D. an Azure DevTest Labs lab

Answer: B

NEW QUESTION 12

Lab Task
Task 6
You need to configure a Microsoft SQL server named Web3l 330471 only to accept connections from the Subnet0 subnet on the VNET01 virtual network.


Solution:
Configure the firewall settings for the SQL server. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to add a firewall rule that allows inbound traffic from the IP address range of the Subnet0 subnet. You also need to disable the option to allow Azure services and resources to access this server.
Configure the network settings for the SQL server. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to enable service endpoints for SQL Server on the Subnet0 subnet. You also need to add a virtual network rule that links the SQL server to the Subnet0 subnet.
Configure the connection settings for the SQL server. You can use SQL Server Management Studio or Transact-SQL to do this. You need to enable remote server connections and specify a TCP port for listening. You also need to configure SQL Server Authentication or Azure Active Directory Authentication for connecting to the SQL server.

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 13

You have an Azure Active Din-dory (Azure AD) tenant named contoso.com that contains a user named User1. You plan to publish several apps in the tenant.
You need to ensure that User1 can grant admin consent for the published apps.
Which two possible user roles can you assign to User! to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Application developer
  • B. Security administrator
  • C. Application administrator
  • D. User administrator
  • E. Cloud application administrator

Answer: CE

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent

NEW QUESTION 14

You plan to implement an Azure function named Function1 that will create new storage accounts for containerized application instances.
You need to grant Function1 the minimum required privileges to create the storage accounts. The solution must minimize administrative effort.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-500 dumps exhibit


Solution:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/howto-assign-access

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 15

You have an Azure subscription that contains a user named Adminl1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer.
Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center.
You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1. What should you do?

  • A. Create and configure an additional public IP address for VM 1.
  • B. Replace the Basic Load Balancer with an Azure Standard Load Balancer.
  • C. Assign an Azure Active Directory Premium Plan 1 license to Admin1.
  • D. Create and configure a network security group (NSG).

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-config-asc%2Cjit-re

NEW QUESTION 16

You need to meet the technical requirements for the finance department users. Which CAPolicy1 settings should you modify?

  • A. Cloud apps or actions
  • B. Conditions
  • C. Grant
  • D. Session

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-life

NEW QUESTION 17

You have 15 Azure virtual machines in a resource group named RG1. All virtual machines run identical applications.
You need to prevent unauthorized applications and malware from running on the virtual machines. What should you do?

  • A. Apply an Azure policy to RG1.
  • B. From Azure Security Center, configure adaptive application controls.
  • C. Configure Azure Active Directory (Azure AD) Identity Protection.
  • D. Apply a resource lock to RG1.

Answer: B

Explanation:
Adaptive application control is an intelligent, automated end-to-end application whitelisting solution from Azure Security Center. It helps you control which applications can run on your Azure and non-Azure VMs (Windows and Linux), which, among other benefits, helps harden your VMs against malware. Security Center uses machine learning to analyze the applications running on your VMs and helps you apply the specific whitelisting rules using this intelligence.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-application

NEW QUESTION 18
......

Recommend!! Get the Full az-500 dumps in VCE and PDF From 2passeasy, Welcome to Download: https://www.2passeasy.com/dumps/az-500/ (New 416 Q&As Version)