Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

AZ-500Free trialFree trial

By microsoft
Aug, 2025

Verified

25Q per page

Question 26

Your company uses Azure DevOps with branch policies configured.
Which of the following is TRUE with regards to branch policies? (Choose all that apply.)

  • A: It enforces your team's change management standards.
  • B: It controls who can read and update the code in a branch.
  • C: It enforces your team's code quality.
  • D: It places a branch into a read-only state.

Question 27

After creating a new Azure subscription, you are tasked with making sure that custom alert rules can be created in Azure Security Center.
You have created an Azure Storage account.
Which of the following is the action you should take?

  • A: You should make sure that Azure Active Directory (Azure AD) Identity Protection is removed.
  • B: You should create a DLP policy.
  • C: You should create an Azure Log Analytics workspace.
  • D: You should make sure that Security Center has the necessary tier configured.

Question 28

Your company's Azure subscription includes an Azure Log Analytics workspace.
Your company has a hundred on-premises servers that run either Windows Server 2012 R2 or Windows Server 2016, and is linked to the Azure Log Analytics workspace. The Azure Log Analytics workspace is set up to gather performance counters associated with security from these linked servers.
You have been tasked with configuring alerts according to the information gathered by the Azure Log Analytics workspace.
You have to make sure that alert rules allow for dimensions, and that alert creation time should be kept to a minimum. Furthermore, a single alert notification must be created when the alert is created and when the alert is sorted out.
You need to make use of the necessary signal type when creating the alert rules.
Which of the following is the option you should use?

  • A: You should make use of the Activity log signal type.
  • B: You should make use of the Application Log signal type.
  • C: You should make use of the Metric signal type.
  • D: You should make use of the Audit Log signal type.

Question 29

Your company's Azure subscription includes a hundred virtual machines that have Azure Diagnostics enabled.
You have been tasked with retrieving the identity of the user that removed a virtual machine fifteen days ago. You have already accessed Azure Monitor.
Which of the following options should you use?

  • A: Application Log
  • B: Metrics
  • C: Activity Log
  • D: Logs

Question 30

Your company's Azure subscription includes a hundred virtual machines that have Azure Diagnostics enabled.
You have been tasked with analyzing the security events of a Windows Server 2016 virtual machine. You have already accessed Azure Monitor.
Which of the following options should you use?

  • A: Application Log
  • B: Metrics
  • C: Activity Log
  • D: Logs

Question 31

You have been tasked with making sure that you are able to modify the operating system security configurations via Azure Security Center.
To achieve your goal, you need to have the correct pricing tier for Azure Security Center in place.
Which of the following is the pricing tier required?

  • A: Advanced
  • B: Premium
  • C: Standard
  • D: Free

Question 32

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company's Azure subscription is linked to their Azure Active Directory (Azure AD) tenant.
After an internally developed application is registered in Azure AD, you are tasked with making sure that the application has the ability to access Azure Key Vault secrets on application the users' behalf.
Solution: You configure a delegated permission with admin consent.
Does the solution meet the goal?

  • A: Yes
  • B: No

Question 33

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company's Azure subscription is linked to their Azure Active Directory (Azure AD) tenant.
After an internally developed application is registered in Azure AD, you are tasked with making sure that the application has the ability to access Azure Key Vault secrets on application the users' behalf.
Solution: You configure a delegated permission with no admin consent.
Does the solution meet the goal?

  • A: Yes
  • B: No

Question 34

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.
You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.
Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced.
Solution: You recommend the use of password hash synchronization and seamless SSO.
Does the solution meet the goal?

  • A: Yes
  • B: No

Question 35

You need to consider the underlined segment to establish whether it is accurate.
Your Azure Active Directory Azure (Azure AD) tenant has an Azure subscription linked to it.
Your developer has created a mobile application that obtains Azure AD access tokens using the OAuth 2 implicit grant type.
The mobile application must be registered in Azure AD.
You require a redirect URI from the developer for registration purposes.
Select No adjustment required if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.

  • A: No adjustment required
  • B: a secret
  • C: a login hint
  • D: a client ID

Question 36

You are in the process of configuring an Azure policy via the Azure portal.
Your policy will include an effect that will need a managed identity for it to be assigned.
Which of the following is the effect in question?

  • A: AuditIfNotExist
  • B: Disabled
  • C: DeployIfNotExist
  • D: EnforceOPAConstraint

Question 37

You have been tasked with creating an Azure key vault using PowerShell. You have been informed that objects deleted from the key vault must be kept for a set period of 90 days.
Which two of the following parameters must be used in conjunction to meet the requirement? (Choose two.)

  • A: EnabledForDeployment
  • B: EnablePurgeProtection
  • C: EnabledForTemplateDeployment
  • D: EnableSoftDelete

Question 38

DRAG DROP -
Your company has an Azure SQL database that has Always Encrypted enabled.
You are required to make the relevant information available to application developers to allow them to access data in the database.
Which two of the following options should be made available? Answer by dragging the correct options from the list to the answer area.
Select and Place:

Image 1

Question 39

Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.
After syncing all on-premises identities to Azure AD, you are informed that users with a givenName attribute starting with LAB should not be allowed to sync to
Azure AD.
Which of the following actions should you take?

  • A: You should make use of the Synchronization Rules Editor to create an attribute-based filtering rule.
  • B: You should configure a DNAT rule on the Firewall.
  • C: You should configure a network traffic filtering rule on the Firewall.
  • D: You should make use of Active Directory Users and Computers to create an attribute-based filtering rule.

Question 40

You have been tasked with applying conditional access policies for your company's current Azure Active Directory (Azure AD).
The process involves assessing the risk events and risk levels.
Which of the following is the risk level that should be configured for users that have leaked credentials?

  • A: None
  • B: Low
  • C: Medium
  • D: High

Question 41

You have been tasked with applying conditional access policies for your company's current Azure Active Directory (Azure AD).
The process involves assessing the risk events and risk levels.
Which of the following is the risk level that should be configured for sign ins that originate from IP addresses with dubious activity?

  • A: None
  • B: Low
  • C: Medium
  • D: High

Question 42

You have been tasked with configuring an access review, which you plan to assigned to a new collection of reviews. You also have to make sure that the reviews can be reviewed by resource owners.
You start by creating an access review program and an access review control.
You now need to configure the Reviewers.
Which of the following should you set Reviewers to?

  • A: Selected users.
  • B: Members (Self).
  • C: Group Owners.
  • D: Anyone.

Question 43

Your company recently created an Azure subscription. You have, subsequently, been tasked with making sure that you are able to secure Azure AD roles by making use of Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
Which of the following actions should you take FIRST?

  • A: You should sign up Azure Active Directory (Azure AD) Privileged Identity Management (PIM) for Azure AD roles.
  • B: You should consent to Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
  • C: You should discover privileged roles.
  • D: You should discover resources.

Question 44

DRAG DROP -
You need to perform the planned changes for OU2 and User1.
Which tools should you use? To answer, drag the appropriate tools to the correct resources. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Image 1

Question 45

You need to meet the technical requirements for the finance department users.
Which CAPolicy1 settings should you modify?

  • A: Cloud apps or actions
  • B: Conditions
  • C: Grant
  • D: Session

Question 46

HOTSPOT -
You need to delegate the creation of RG2 and the management of permissions for RG1.
Which users can perform each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Image 1

Question 47

You plan to configure Azure Disk Encryption for VM4.
Which key vault can you use to store the encryption key?

  • A: KeyVault1
  • B: KeyVault2
  • C: KeyVault3

Question 48

You need to encrypt storage1 to meet the technical requirements.
Which key vaults can you use?

  • A: KeyVault2 and KeyVault3 only
  • B: KeyVault1 only
  • C: KeyVault1 and KeyVault3 only
  • D: KeyVault1, KeyVault2, and KeyVault3

Question 49

HOTSPOT -
You implement the planned changes for ASG1 and ASG2.
In which NSGs can you use ASG1, and the network interfaces of which virtual machines can you assign to ASG2?
Hot Area:

Image 1

Question 50

You plan to implement JIT VM access.
Which virtual machines will be supported?

  • A: VM2, VM3, and VM4 only
  • B: VM1, VM2, VM3, and VM4
  • C: VM1 and VM3 only
  • D: VM1 only
Page 2 of 21 • Questions 26-50 of 505
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!