Download Microsoft Azure Security Technologies.AZ-500.NewDumps.2023-01-03.336q.vcex

Vendor: Microsoft
Exam Code: AZ-500
Exam Name: Microsoft Azure Security Technologies
Date: Jan 03, 2023
File Size: 29 MB
Downloads: 36

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
Your company recently created an Azure subscription. 
You have been tasked with making sure that a specified user is able to implement Azure AD Privileged Identity Management (PIM). 
Which of the following is the role you should assign to the user? 
  1. The Global administrator role. 
  2. The Security administrator role. 
  3. The Password administrator role. 
  4. The Compliance administrator role. 
Correct answer: A
Explanation:
To start using PIM in your directory, you must first enable PIM. 1. Sign in to the Azure portal as a Global Administrator of your directory. You must be a Global Administrator with an organizational account (for example, @yourdomain.com), not a Microsoft account (for example, @outlook.com), to enable PIM for a directory. Scenario: Technical requirements include: Enable Azure AD Privileged Identity Management (PIM) for contoso.com Reference: https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-gettingstarted  
To start using PIM in your directory, you must first enable PIM. 
1. Sign in to the Azure portal as a Global Administrator of your directory. 
You must be a Global Administrator with an organizational account (for example, @yourdomain.com), not a Microsoft account (for example, @outlook.com), to enable PIM for a directory. 
Scenario: Technical requirements include: Enable Azure AD Privileged Identity Management (PIM) for contoso.com 
Reference: 
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-gettingstarted  
Question 2
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. 
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name. 
You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect. 
Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced. 
Solution: You recommend the use of pass-through authentication and seamless SSO with password hash synchronization. 
Does the solution meet the goal? 
  1. Yes 
  2. No 
Correct answer: B
Explanation:
For pass-through authentication, you need one or more (we recommend three) lightweight agents installed on existing servers. These agents must have access to your on-premises Active Directory Domain Services, including your on-premises AD domain controllers. They need outbound access to the Internet and access to your domain controllers. For this reason, it's not supported to deploy the agents in a perimeter network. Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta 
For pass-through authentication, you need one or more (we recommend three) lightweight agents installed on existing servers. These agents must have access to your on-premises Active Directory Domain Services, including your on-premises AD domain controllers. They need outbound access to the Internet and access to your domain controllers. For this reason, it's not supported to deploy the agents in a perimeter network. 
Reference: 
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta 
Question 3
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. 
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name. 
You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect. 
Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced. 
Solution: You recommend the use of federation with Active Directory Federation Services (AD FS). 
Does the solution meet the goal? 
  1. Yes 
  2. No 
Correct answer: B
Explanation:
A federated authentication system relies on an external trusted system to authenticate users. Some companies want to reuse their existing federated system investment with their Azure AD hybrid identity solution. The maintenance and management of the federated system falls outside the control of Azure AD. It's up to the organization by using the federated system to make sure it's deployed securely and can handle the authentication load. Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta  
A federated authentication system relies on an external trusted system to authenticate users. Some companies want to reuse their existing federated system investment with their Azure AD hybrid identity solution. The maintenance and management of the federated system falls outside the control of Azure AD. It's up to the organization by using the federated system to make sure it's deployed securely and can handle the authentication load. 
Reference: 
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta  
Question 4
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. 
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name. 
You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect. 
Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced. 
Solution: You recommend the use of password hash synchronization and seamless SSO. 
Does the solution meet the goal? 
  1. Yes 
  2. No 
Correct answer: A
Explanation:
Password hash synchronization requires the least effort regarding deployment, maintenance, and infrastructure. This level of effort typically applies to organizations that only need their users to sign in to Office 365, SaaS apps, and other Azure AD-based resources. When turned on, password hash synchronization is part of the Azure AD Connect sync process and runs every two minutes. Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta  
Password hash synchronization requires the least effort regarding deployment, maintenance, and infrastructure. This level of effort typically applies to organizations that only need their users to sign in to Office 365, SaaS apps, and other Azure AD-based resources. When turned on, password hash synchronization is part of the Azure AD Connect sync process and runs every two minutes. 
Reference: 
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta  
Question 5
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name. 
After syncing all on-premises identities to Azure AD, you are informed that users with a givenName attribute starting with LAB should not be allowed to sync to Azure AD. 
Which of the following actions should you take? 
  1. You should make use of the Synchronization Rules Editor to create an attribute-based filtering rule. 
  2. You should configure a DNAT rule on the Firewall. 
  3. You should configure a network traffic filtering rule on the Firewall. 
  4. You should make use of Active Directory Users and Computers to create an attribute-based filtering rule. 
Correct answer: A
Explanation:
Use the Synchronization Rules Editor and write attribute-based filtering rule. Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-change-the-configuration  
Use the Synchronization Rules Editor and write attribute-based filtering rule. 
Reference: 
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-change-the-configuration  
Question 6
You have been tasked with applying conditional access policies for your company's current Azure Active Directory (Azure AD). 
The process involves assessing the risk events and risk levels. 
Which of the following is the risk level that should be configured for users that have leaked credentials? 
  1. None 
  2. Low 
  3. Medium 
  4. High 
Correct answer: D
Explanation:
These six types of events are categorized in to 3 levels of risks - High, Medium & Low:         Reference: http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/  
These six types of events are categorized in to 3 levels of risks - High, Medium & Low: 
      
 
Reference: 
http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/  
Question 7
You have been tasked with applying conditional access policies for your company's current Azure Active Directory (Azure AD). 
The process involves assessing the risk events and risk levels. 
Which of the following is the risk level that should be configured for sign ins that originate from IP addresses with dubious activity? 
  1. None 
  2. Low 
  3. Medium 
  4. High 
Correct answer: C
Explanation:
Reference: http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/  
Reference: 
http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/ 
 
Question 8
You have been tasked with configuring an access review, which you plan to assigned to a new collection of reviews. You also have to make sure that the reviews can be reviewed by resource owners. 
You start by creating an access review program and an access review control. 
You now need to configure the Reviewers. 
Which of the following should you set Reviewers to? 
  1. Selected users. 
  2. Members (Self). 
  3. Group Owners. 
  4. Anyone. 
Correct answer: C
Explanation:
In the Reviewers section, select either one or more people to review all the users in scope. Or you can select to have the members review their own access. If the resource is a group, you can ask the group owners to review.         Reference: https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-programs-controls  
In the Reviewers section, select either one or more people to review all the users in scope. Or you can select to have the members review their own access. If the resource is a group, you can ask the group owners to review. 
      
 
Reference: 
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review 
https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-programs-controls  
Question 9
Your company recently created an Azure subscription. You have, subsequently, been tasked with making sure that you are able to secure Azure AD roles by making use of Azure Active Directory (Azure AD) Privileged Identity Management (PIM). 
Which of the following actions should you take FIRST? 
  1. You should sign up Azure Active Directory (Azure AD) Privileged Identity Management (PIM) for Azure AD roles. 
  2. You should consent to Azure Active Directory (Azure AD) Privileged Identity Management (PIM). 
  3. You should discover privileged roles. 
  4. You should discover resources. 
Correct answer: B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started  
Reference: 
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started 
 
Question 10
You need to consider the underlined segment to establish whether it is accurate. 
You have been tasked with creating a different subscription for each of your company's divisions. However, the subscriptions will be linked to a single Azure Active Directory (Azure AD) tenant. 
You want to make sure that each subscription has identical role assignments. 
You make use of Azure AD Privileged Identity Management (PIM). 
Select 'œNo adjustment required'  if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option. 
  1. No adjustment required 
  2. Azure Blueprints 
  3. Conditional access policies 
  4. Azure DevOps 
Correct answer: A
Explanation:
The Azure AD Privileged Identity Management (PIM) service also allows Privileged Role Administrators to make permanent admin role assignments. Reference: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-add-roleto-user  
The Azure AD Privileged Identity Management (PIM) service also allows Privileged Role Administrators to make permanent admin role assignments. 
Reference: 
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-add-roleto-user  
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!