Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • [Sep 04, 2022] AZ-500 Exam Dumps PDF Guaranteed Success with Accurate & Updated Questions [Q36-Q60]

[Sep 04, 2022] AZ-500 Exam Dumps PDF Guaranteed Success with Accurate & Updated Questions [Q36-Q60]

Share

[Sep 04, 2022] AZ-500 Exam Dumps PDF Guaranteed Success with Accurate & Updated Questions

Pass AZ-500 Exam - Real Test Engine PDF with 327 Questions


Best Solution to prepared for Microsoft AZ-500 Certifications Exam

There are several solutions to prepare for the exam AZ-500. Prepared with the help of AZ-500 exam dumps, prepared for this certification exam. Reviewing is the best solution to prepare for this certification. Reviewing the questions of the candidate is not enough. Relevant and updated Microsoft AZ-500 exam objectives are required. Expert tips are required to pass this exam. Check out AZ-500 exam questions, check out AZ-500 exam resources for this certification. Microsoft AZ-500 exam dumps and study guide is also helpful. Actual AZ-500 exam questions and answers is required. Actual and updated AZ-500 questions is required. Associate of this certification is required. Associate exam objectives are not enough to pass this exam. Certified AZ-500 exam answers are required.

Instructor who wants to pass the exam AZ-500 should start the work early. Prerequisites for the exam AZ-500 is required to study this exam. Button below helps to select the study materials to study the AZ-500 exam. Months of preparation is required for this exam. Updates are not provided for this exam. Updates are provided for this exam. Support for this exam is not provided by the organization. Worth value of this certification is high.


Jobs, Responsibilities, and Expected Salary after Passing AZ-500 Exam

The Microsoft Certified: Azure Security Engineer Associate certification coming after acing AZ-500 test is the most direct way to get a job as an Azure security engineer. This role captures aspects such as managing the posture of security within an organization. Other responsibilities of such a specialist include identifying and solving vulnerabilities using varied security tools, implementing protection from threats, and countering escalating security incidents. In addition, you'll be working with a team devoted to ensuring the management of security within the cloud or hybrid environments. You can apply for any of the various job titles associated with Azure security. They include an Azure or cloud security engineer, a senior systems engineer, and a cloud security architect. Per year, cloud security engineers earn $96,800 on average based on what ZipRecruiter.com divulges.


Microsoft AZ-500 Exam Topics

Our AZ-500 exam dumps will include the following topics:

  • Manage identity and access 20-25%
  • Manage security operations 15-20%
  • Implement platform protection 35-40%
  • Secure data and applications 30-35%

 

NEW QUESTION 36
You need to configure a virtual network named VNET2 to meet the following requirements:
* Administrators must be prevented from deleting VNET2 accidentally.
* Administrators must be able to add subnets to VNET2 regularly.
To complete this task, sign in to the Azure portal and modify the Azure resources.
See the explanation below.

Answer:

Explanation:
Explanation
Locking prevents other users in your organization from accidentally deleting or modifying critical resources, such as Azure subscription, resource group, or resource.
Note: In Azure, the term resource refers to an entity managed by Azure. For example, virtual machines, virtual networks, and storage accounts are all referred to as Azure resources.
1. In the Azure portal, type Virtual Networks Virtual Networks from the search results then select VNET2. Alternatively, browse to in the left navigation pane.
2. In the Settings blade for virtual network VNET2, select

3. To add a lock, select Add.

4. For Lock type select Delete lock
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

 

NEW QUESTION 37
You need to create an Azure key vault. The solution must ensure that any object deleted from the key vault be retained for 90 days.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: -EnablePurgeProtection
If specified, protection against immediate deletion is enabled for this vault; requires soft delete to be enabled as well.
Box 2: -EnableSoftDelete
Specifies that the soft-delete functionality is enabled for this key vault. When soft-delete is enabled, for a grace period, you can recover this key vault and its contents after it is deleted.
References:
https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/new-azurermkeyvault

 

NEW QUESTION 38
You have an Azure subscription that contains a virtual network. The virtual network contains the subnets shown in the following table.

The subscription contains the virtual machines shown in the following table.

You enable just in time (JIT) VM access for all the virtual machines.
You need to identify which virtual machines are protected by JIT.
Which virtual machines should you identify?

  • A. VM4 only
  • B. VM1, VM3 and VM4 only
  • C. VM1 and VM3 only
  • D. VM1, VM2, VM3, and VM4

Answer: B

Explanation:
An NSG needs to be enabled, either at the VM level or the subnet level.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time

 

NEW QUESTION 39
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Subscription named Sub1. Sub1 contains an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to encrypt VM1 disks by using Azure Disk Encryption.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/encrypt-disks

 

NEW QUESTION 40
You are evaluating the effect of the application security groups on the network communication between the virtual machines in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: No. VM4 is in Subnet13 which has NSG3 attached to it.
VM1 is in ASG1. NSG3 would only allow ICMP pings from ASG2 but not ASG1. Only TCP traffic is allowed from ASG1.
NSG3 has the inbound security rules shown in the following table.

Box 2: Yes.
VM2 is in ASG2. Any protocol is allowed from ASG2 so ICMP ping would be allowed.
Box3. VM1 is in ASG1. TCP traffic is allowed from ASG1 so VM1 could connect to the web server as connections to the web server would be on ports TCP 80 or TCP 443.

 

NEW QUESTION 41
SIMULATION
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username: [email protected]
Azure Password: Ag1Bh9!#Bd
The following information is for technical support purposes only:
Lab Instance: 10598168




You need to perform a full malware scan every Sunday at 02:00 on a virtual machine named VM1 by using Microsoft Antimalware for Virtual Machines.
To complete this task, sign in to the Azure portal.

  • A. Deploy the Microsoft Antimalware Extension using the Azure Portal for single VM deployment
    1. In Azure Portal, go to the Azure VM1's blade, navigate to the Extensions section and press Add.

    2. Select the Microsoft Antimalware extension and press Create.
    3. Fill the "Install extension" form as desired and press OK. Scheduled: Enable Scan type: Full Scan day: Sunday
  • B. Deploy the Microsoft Antimalware Extension using the Azure Portal for single VM deployment
    1. In Azure Portal, go to the Azure VM1's blade, navigate to the Extensions section and press Add.

    2. Select the Microsoft Antimalware extension and press Create.
    3. Fill the "Install extension" form as desired and press OK. Scheduled: Enable Scan day: Sunday

Answer: A

Explanation:
Reference:
https://www.e-apostolidis.gr/microsoft/azure/azure-vm-antimalware-extension-management/

 

NEW QUESTION 42
You have an Azure subscription that contains 100 virtual machines. Azure Diagnostics is enabled on all the virtual machines.
You are planning the monitoring of Azure services in the subscription.
You need to retrieve the following details:
Identify the user who deleted a virtual machine three weeks ago.
Query the security events of a virtual machine that runs Windows Server 2016.
What should you use in Azure Monitor? To answer, drag the appropriate configuration settings to the correct details. Each configuration setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/security/azure-log-audit

 

NEW QUESTION 43
You create a new Azure subscription that is associated to a new Azure Active Directory (Azure AD) tenant.
You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the Microsoft Azure Management cloud app.
The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.)

The Grant settings for Portal Policy are configured as shown in the Grant exhibit. (Click the Grant tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

 

NEW QUESTION 44
You have an Azure subscription that contains an app named App1. App1 has the app registration shown in the following table.

You need to ensure that App1 can read all user calendars and create appointments. The solution must use the principle of least privilege.
What should you do?

  • A. Add a new Delegated API permission for Microsoft.Graph Calendars.ReadWrite.Shared.
  • B. Select Grant admin consent.
  • C. Add a new Delegated API permission for Microsoft.Graph Calendars.ReadWrite.
  • D. Add a new Application API permission for Microsoft.Graph Calendars.ReadWrite.

Answer: C

 

NEW QUESTION 45
You have an Azure Active Directory (Azure AD) tenant that contains the resources shown in the following table.

User2 is the owner of Group2.
The user and group settings for App1 are configured as shown in the following exhibit.

You enable self-service application access for App1 as shown in the following exhibit.

User3 is configured to approve access to Appl.
You need to identify the owners of Group2 and the users of Appl.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-access

 

NEW QUESTION 46
You have an Azure subscription that contains an Azure key vault named ContosoKey1.
You create users and assign them roles as shown in the following table.

You need to identify which users can perform the following actions:
Delegate permissions for ContsosKey1.
Configure network access to ContosoKey1.
Which users should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-gb/azure/key-vault/general/rbac-guide

 

NEW QUESTION 47
You are implementing conditional access policies.
You must evaluate the existing Azure Active Directory (Azure AD) risk events and risk levels to configure and implement the policies.
You need to identify the risk level of the following risk events:
* Users with leaked credentials
* Impossible travel to atypical locations
* Sign ins from IP addresses with suspicious activity
Which level should you identify for each risk event? To answer, drag the appropriate levels to the correct risk events. Each level may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Azure AD Identity protection can detect six types of suspicious sign-in activities:
* Users with leaked credentials
* Sign-ins from anonymous IP addresses
* Impossible travel to atypical locations
* Sign-ins from infected devices
* Sign-ins from IP addresses with suspicious activity
* Sign-ins from unfamiliar locations
These six types of events are categorized in to 3 levels of risks - High, Medium & Low:

References:
http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/

 

NEW QUESTION 48
You have an Azure subscription that contains the following resources:
* A virtual network named VNET1 that contains two subnets named Subnet1 and Subnet2.
* A virtual machine named VM1 that has only a private IP address and connects to Subnet1.
You need to ensure that Remote Desktop connections can be established to VM1 from the internet.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange then in the correct order.

Answer:

Explanation:

Explanation

 

NEW QUESTION 49
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create a policy initiative and an assignment that is scoped to the Tenant Root Group management group.
Does this meet the goal?

  • A. Yes
  • B. No

Answer: A

Explanation:
Section: [none]
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview
https://4sysops.com/archives/apply-governance-policy-to-multiple-azure-subscriptions-with-management- groups/

 

NEW QUESTION 50
You have an Azure subscription that contains the virtual networks shown in the following table.

The Azure virtual machines on SpokeVNetSubnet0 can communicate with the computers on the on-premises network.
You plan to deploy an Azure firewall to HubVNet.
You create the following two routing tables:
* RT1: Includes a user-defined route that points to the private IP address of the Azure firewall as a next hop address
* RT2: Disables BGP route propagation and defines the private IP address of the Azure firewall as the default gateway You need to ensure that traffic between SpokeVNetSubnet0 and the on-premises network flows through the Azure firewall.
To which subnet should you associate each route table? To answer, drag the appropriate subnets to the correct route tables. Each subnet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

 

NEW QUESTION 51
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.
When a developer attempts to register an app named App1 in the tenant, the developer receives the error message shown in the following exhibit.

You need to ensure that the developer can register App1 in the tenant.
What should you do for the tenant?

  • A. Configure the Consent and permissions settings for enterprise applications.
  • B. Set Enable Security default to Yes.
  • C. Modify the Directory properties.
  • D. Modify the User settings

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are-added

 

NEW QUESTION 52
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

From Azure AD Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as shown in the following exhibit.

From PIM, you assign the Security Administrator role to the following groups:
Group1: Active assignment type, permanently assigned
Group2: Eligible assignment type, permanently eligible
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
https://docs.microsoft.com/bs-cyrl-ba/azure/active-directory/privileged-identity-management/pim-resource-roles-configure-role-settings

 

NEW QUESTION 53
You have Azure Resource Manager templates that you use to deploy Azure virtual machines.
You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.
What should you use?

  • A. security policies in Azure Security Center
  • B. Azure Logic Apps
  • C. an Azure Desired State Configuration (DSC) virtual machine extension
  • D. device configuration policies in Microsoft Intune

Answer: C

Explanation:
The primary use case for the Azure Desired State Configuration (DSC) extension is to bootstrap a VM to the Azure Automation State Configuration (DSC) service. The service provides benefits that include ongoing management of the VM configuration and integration with other operational tools, such as Azure Monitoring.
Using the extension to register VM's to the service provides a flexible solution that even works across Azure subscriptions.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview
https://www.fast2test.com/AZ-500-practice-test.html 44
Valid Fast2test AZ-500 Exam PDF Dumps - New AZ-500 Real Exam Questions

 

NEW QUESTION 54
You have an Azure subscription that contains the virtual networks shown in the following table.

The subscription contains the virtual machines shown in the following table.

On NIC1, you configure an application security group named ASG1.
On which other network interfaces can you configure ASG1?

  • A. NIC2 only
  • B. NIC2 and NIC3 only
  • C. NIC2, NIC3, and NIC4 only
  • D. NIC2, NIC3, NIC4, and NIC5

Answer: B

Explanation:
Explanation
Only network interfaces in NVET1, which consists of Subnet11 and Subnet12, can be configured in ASG1, as all network interfaces assigned to an application security group have to exist in the same virtual network that the first network interface assigned to the application security group is in.
Reference:
https://azure.microsoft.com/es-es/blog/applicationsecuritygroups/

 

NEW QUESTION 55
You need to configure SQLDB1 to meet the data and application requirements.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

1 - From the Azure portal, create an Azure AD administrator for LitwareSQLServer1
2 - Connect to SQLDB1 by using SSMS
3 - In SQLDB1, create contained database users

 

NEW QUESTION 56
You have an Azure subscription that contains the following resources:
* A virtual network named VNET1 that contains two subnets named Subnet1 and Subnet2.
* A virtual machine named VM1 that has only a private IP address and connects to Subnet1.
You need to ensure that Remote Desktop connections can be established to VM1 from the internet.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange then in the correct order.

Answer:

Explanation:

Explanation

 

NEW QUESTION 57
You are configuring an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.
You need to use the auto-generated service principal to authenticate to the Azure Container Registry.
What should you create?

  • A. an Azure Active Directory (Azure AD) role assignment
  • B. a secret in Azure Key Vault
  • C. an Azure Active Directory (Azure AD) group
  • D. an Azure Active Directory (Azure AD) user

Answer: A

Explanation:
When you create an AKS cluster, Azure also creates a service principal to support cluster operability with other Azure resources. You can use this auto-generated service principal for authentication with an ACR registry. To do so, you need to create an Azure AD role assignment that grants the cluster's service principal access to the container registry.
Reference:
https://docs.microsoft.com/bs-latn-ba/azure/container-registry/container-registry-auth-aks

 

NEW QUESTION 58
You have an Azure subscription that contains an Azure Sentinel workspace.
Azure Sentinel is configured to ingest logs from several Azure workloads. A third-party service management platform is used to manage incidents.
You need to identify which Azure Sentinel components to configure to meet the following requirements:
When Azure Sentinel identifies a threat, an incident must be created.
A ticket must be logged in the service management platform when an incident is created in Azure Sentinel.
Which component should you identify for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/create-incidents-from-alerts
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook

 

NEW QUESTION 59
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

Azure AD Privileged Identity Management (PIM) is enabled for the tenant.
In PIM, the Password Administrator role has the following settings:
Maximum activation duration (hours): 2
Send email notifying admins of activation: Disable
Require incident/request ticket number during activation: Disable
Require Azure Multi-Factor Authentication for activation: Enable
Require approval to activate this role: Enable
Selected approver: Group1
You assign users the Password Administrator role as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 60
......

Get New AZ-500 Certification Practice Test Questions Exam Dumps: https://www.testsimulate.com/AZ-500-study-materials.html

Related Blogs

more
Go To AZ-500 Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.