Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Microsoft AZ-500

Microsoft AZ-500 Exam Practice Questions (P. 3)

  • Full Access (508 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
Your company has an Azure subscription that includes two virtual machines, named VirMac1 and VirMac2, which both have a status of Stopped (Deallocated).
The virtual machines belong to different resource groups, named ResGroup1 and ResGroup2.
You have also created two Azure policies that are both configured with the virtualMachines resource type. The policy configured for ResGroup1 has a policy definition of Not allowed resource types, while the policy configured for ResGroup2 has a policy definition of Allowed resource types.
You then create a Read-only resource lock on VirMac1, as well as a Read-only resource lock on ResGroup2.
Which of the following is TRUE with regards to the scenario? (Choose all that apply.)
  1. A
    You will be able to start VirMac1.
  2. B
    You will NOT be able to start VirMac1.
  3. C
    You will be able to create a virtual machine in ResGroup2.
  4. D
    You will NOT be able to create a virtual machine in ResGroup2.

Correct Answer:
BC
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking

Question #22
You have been tasked with delegate administrative access to your company's Azure key vault.
You have to make sure that a specific user can set advanced access policies for the key vault. You also have to make sure that access is assigned based on the principle of least privilege.
Which of the following options should you use to achieve your goal?
  1. A
    Azure Information Protection B. RBAC
  2. B
    Azure AD Privileged Identity Management (PIM)
  3. C
    Azure DevOps

Correct Answer:
B
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault

Question #23
You have been tasked with delegate administrative access to your company's Azure key vault.
You have to make sure that a specific user is able to add and delete certificates in the key vault. You also have to make sure that access is assigned based on the principle of least privilege.
Which of the following options should you use to achieve your goal?
  1. A
    A key vault access policy
  2. B
    Azure policy
  3. C
    Azure AD Privileged Identity Management (PIM)
  4. D
    Azure DevOps

Correct Answer:
A
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault

Question #24
You have an Azure virtual machine that runs Windows Server R2.
You plan to deploy and configure an Azure Key vault, and enable Azure Disk Encryption for the virtual machine.
Which of the following is TRUE with regards to Azure Disk Encryption for a Windows VM?
  1. A
    It is supported for basic tier VMs.
  2. B
    It is supported for standard tier VMs.
  3. C
    It is supported for VMs configured with software-based RAID systems.
  4. D
    It is supported for VMs configured with Storage Spaces Direct (S2D).

Correct Answer:
B
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-windows

Question #25
You have an Azure virtual machine that runs Ubuntu 16.04-DAILY-LTS.
You plan to deploy and configure an Azure Key vault, and enable Azure Disk Encryption for the virtual machine.
Which of the following is TRUE with regards to Azure Disk Encryption for a Linux VM?
  1. A
    It is NOT supported for basic tier VMs.
  2. B
    It is NOT supported for standard tier VMs.
  3. C
    OS drive encryption for Linux virtual machine scale sets is supported.
  4. D
    Custom image encryption is supported.

Correct Answer:
A
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-linux

Question #26
You need to consider the underlined segment to establish whether it is accurate.
You have configured an Azure Kubernetes Service (AKS) cluster in your testing environment.
You are currently preparing to deploy the cluster to the production environment.
After disabling HTTP application routing, you want to replace it with an application routing solution that allows for reverse proxy and TLS termination for AKS services via a solitary IP address.
You must create an AKS Ingress controller.
Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.
  1. A
    No adjustment required.
  2. B
    a network security group
  3. C
    an application security group
  4. D
    an Azure Basic Load Balancer

Correct Answer:
A
An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and TLS termination for Kubernetes services.
Reference:
https://docs.microsoft.com/en-us/azure/aks/ingress-tls

Question #27
You want to gather logs from a large number of Windows Server 2016 computers using Azure Log Analytics.
You are configuring an Azure Resource Manager template to deploy the Microsoft Monitoring Agent to all the servers automatically.
Which of the following should be included in the template? (Choose all that apply.)
  1. A
    WorkspaceID
  2. B
    AzureADApplicationID
  3. C
    WorkspaceKey
  4. D
    StorageAccountKey

Correct Answer:
AC
Reference:
https://blogs.technet.microsoft.com/manageabilityguys/2015/11/19/enabling-the-microsoft-monitoring-agent-in-windows-json-templates/

Question #28
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has Azure subscription linked to their Azure Active Directory (Azure AD) tenant.
As a Global administrator for the tenant, part of your responsibilities involves managing Azure Security Center settings.
You are currently preparing to create a custom sensitivity label.
Solution: You start by altering the pricing tier of the Security Center.
Does the solution meet the goal?
  1. A
    Yes
  2. B
    No

Correct Answer:
B
chatbot-img GPT-4o - Answer
The solution outlined does not support the goal of creating a custom sensitivity label. Adjusting the pricing tier of the Security Center impacts cost and features availability but doesn't directly relate to the creation of sensitivity labels. For that, you'd need to manage data classification settings specifically around custom sensitive information types, not the pricing model. Ensure you're familiar with Microsoft Defender for Cloud and Microsoft Purview integrations for comprehensive data protection strategies.

Question #29
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has Azure subscription linked to their Azure Active Directory (Azure AD) tenant.
As a Global administrator for the tenant, part of your responsibilities involves managing Azure Security Center settings.
You are currently preparing to create a custom sensitivity label.
Solution: You start by integrating Security Center and Microsoft Cloud App Security.
Does the solution meet the goal?
  1. A
    Yes
  2. B
    No

Correct Answer:
B
chatbot-img GPT-4o - Answer
Integration of Security Center with Microsoft Cloud App Security isn't necessary for creating a custom sensitivity label. Instead, focus on defining a Custom Sensitive Information Type directly through the Microsoft Purview portal, previously accessible via the Azure Information Protection portal. This approach is more straightforward and bypasses the need for unnecessary integrations, aligning precisely with solution requirements for sensitivity labels.

Question #30
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has Azure subscription linked to their Azure Active Directory (Azure AD) tenant.
As a Global administrator for the tenant, part of your responsibilities involves managing Azure Security Center settings.
You are currently preparing to create a custom sensitivity label.
Solution: You start by creating a custom sensitive information type.
Does the solution meet the goal?
  1. A
    Yes
  2. B
    No

Correct Answer:
A
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/customize-a-built-in-sensitive-information-type

Previous Questions Next Questions

All Pages