Download Microsoft Azure Security Technologies.AZ-500.ExamSurePass.2025-02-13.204q.vcex

Vendor:	Microsoft
Exam Code:	AZ-500
Exam Name:	Microsoft Azure Security Technologies
Date:	Feb 13, 2025
File Size:	17 MB
Downloads:	7

Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Discount: 20%

Demo Questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.

You use several policy definitions to manage the security of the subscriptions. You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create a policy definition and assignments that are scoped to resource groups.

Does this meet the goal?

Correct answer: B

Explanation:

References:https://4sysops.com/archives/apply-governance-policy-to-multiple-azure-subscriptions-with-management-groups/

References:

https://4sysops.com/archives/apply-governance-policy-to-multiple-azure-subscriptions-with-management-groups/

You plan to use Azure Log Analytics to collect logs from 200 servers that run Windows Server 2016.

You need to automate the deployment of the Microsoft Monitoring Agent to all the servers by using an Azure Resource Manager template.

How should you complete the template? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Correct answer: To work with this question, an Exam Simulator is required.

Explanation:

References:https://blogs.technet.microsoft.com/manageabilityguys/2015/11/19/enabling-the-microsoft-monitoring-agent-in-windows-json-templates/

References:

https://blogs.technet.microsoft.com/manageabilityguys/2015/11/19/enabling-the-microsoft-monitoring-agent-in-windows-json-templates/

You have Azure Resource Manager templates that you use to deploy Azure virtual machines.

You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.

What should you use?

device compliance policies in Microsoft Intune
Azure Automation State Configuration
application security groups
Azure Advisor

Correct answer: B

Explanation:

You can use Azure Automation State Configuration to manage Azure VMs (both Classic and Resource Manager), on-premises VMs, Linux machines, AWS VMs, and on-premises physical machines.Note: Azure Automation State Configuration provides a DSC pull server similar to the Windows Feature DSCService so that target nodes automatically receive configurations, conform to the desired state, and report back on their compliance. The built-in pull server in Azure Automation eliminates the need to set up and maintain your own pull server. Azure Automation can target virtual or physical Windows or Linux machines, in the cloud or on- premises.References:https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started

You can use Azure Automation State Configuration to manage Azure VMs (both Classic and Resource Manager), on-premises VMs, Linux machines, AWS VMs, and on-premises physical machines.

Note: Azure Automation State Configuration provides a DSC pull server similar to the Windows Feature DSCService so that target nodes automatically receive configurations, conform to the desired state, and report back on their compliance. The built-in pull server in Azure Automation eliminates the need to set up and maintain your own pull server. Azure Automation can target virtual or physical Windows or Linux machines, in the cloud or on- premises.

References:

https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

You create and enforce an Azure AD Identity Protection sign-in risk policy that has the following settings:

Assignments: Include Group1, exclude Group2
Conditions: Sign-in risk level: Medium and above
Access Allow access, Require multi-factor authentication

You need to identify what occurs when the users sign in to Azure AD.

What should you identify for each user? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Correct answer: To work with this question, an Exam Simulator is required.

Explanation:

References:http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policieshttps://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity- protection-risks

References:

http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity- protection-risks

You have an Azure subscription.

You need to create and deploy an Azure policy that meets the following requirements:

When a new virtual machine is deployed, automatically install a custom security extension.
Trigger an autogenerated remediation task for non-compliant virtual machines to install the extension.

What should you include in the policy? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Correct answer: To work with this question, an Exam Simulator is required.

You have an Azure subscription that contains a resource group named RG1 and a security group serverless RG1 contains 10 virtual machine, a virtual network VNET1, and a network security group (NSG) named NSG1. ServerAdmins can access the virtual machines by using RDP.

You need to ensure that NSG1 only RDP connections to the virtual for a maximum of 60 minutes when a member of ServerAdmins requests access.

What should you configure?

an Azure Active Directory (Azure AD) Privileged identity Management (PIM) role assignment.
a just in time (JIT) VM access policy in Azure Security Center
an azure policy assigned to RG1.
an Azure Bastion host on VNET1.

Correct answer: B

Explanation:

Reference:https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained

Reference:

https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained

You have an Azure subscription that contains two virtual machines named VM1 and VM2 that run Windows Server 2019.

You are implementing Update Management in Azure Automation. You plan to create a new update deployment named Update1.

You need to ensure that Update! meets the following requirements:

Automatically applies updates to VM1 and VM2.
Automatically adds any new Windows Server 2019 virtual machines to Update1.

What should you include in Update1?

a security group that has a Membership type of Dynamic Device
a security group that has a Membership type of Assigned
a Kusto query language query
a dynamic group query

Correct answer: D

Explanation:

Reference:https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained

Reference:

https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained

You have an Azure subscription that contains four Azure SQL managed instances.

You need to evaluate the vulnerability of the managed instances to SQL injection attacks. What should you do first?

Create an Azure Sentinel workspace.
Enable Advanced Data Security.
Add the SQL Health Check solution to Azure Monitor.
Create an Azure Advanced Threat Protection (ATP) instance.

Correct answer: B

You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.

You plan to implement an application that will consist of the resources shown in the following table.

Users will authenticate by using their Azure AD user account and access the Cosmos DB account by using resource tokens.

You need to identify which tasks will be implemented in CosmosDB1 and WebApp1. Which task should you identify for each resource? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Correct answer: To work with this question, an Exam Simulator is required.

Explanation:

CosmosDB1: Create database users and generate resource tokens.Azure Cosmos DB resource tokens provide a safe mechanism for allowing clients to read, write, and delete specific resources in an Azure Cosmos DB account according to the granted permissions.WebApp1: Authenticate Azure AD users and relay resource tokensA typical approach to requesting, generating, and delivering resource tokens to a mobile application is to use a resource token broker. The following diagram shows a high-level overview of how the sample application uses a resource token broker to manage access to the document database data: References:https://docs.microsoft.com/en-us/xamarin/xamarin-forms/data- cloud/cosmosdb/authentication

CosmosDB1: Create database users and generate resource tokens.

Azure Cosmos DB resource tokens provide a safe mechanism for allowing clients to read, write, and delete specific resources in an Azure Cosmos DB account according to the granted permissions.

WebApp1: Authenticate Azure AD users and relay resource tokens

A typical approach to requesting, generating, and delivering resource tokens to a mobile application is to use a resource token broker. The following diagram shows a high-level overview of how the sample application uses a resource token broker to manage access to the document database data: