Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

AZ-500Free trial

By microsoft

Verified

25Q per page

Question 51

DRAG DROP -
You need to deploy AKS1 to meet the platform protection requirements.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Select and Place:

—

Question 52

You need to ensure that users can access VM0. The solution must meet the platform protection requirements.
What should you do?

A: Move VM0 to Subnet1.
B: On Firewall, configure a network traffic filtering rule.
C: Assign RT1 to AzureFirewallSubnet.
D: On Firewall, configure a DNAT rule.

—

Question 53

HOTSPOT -
You need to deploy Microsoft Antimalware to meet the platform protection requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 54

HOTSPOT -
What is the membership of Group1 and Group2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 55

HOTSPOT -
You are evaluating the security of the network communication between the virtual machines in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 56

HOTSPOT -
You are evaluating the effect of the application security groups on the network communication between the virtual machines in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 57

You need to meet the technical requirements for VNetwork1.
What should you do first?

A: Create a new subnet on VNetwork1.
B: Remove the NSGs from Subnet11 and Subnet13.
C: Associate an NSG to Subnet12.
D: Configure DDoS protection for VNetwork1.

—

Question 58

HOTSPOT -
You are evaluating the security of VM1, VM2, and VM3 in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 59

HOTSPOT -
You need to configure support for Microsoft Sentinel notebooks to meet the technical requirements.
What is the minimum number of Azure container registries and Azure Machine Learning workspaces required?
Hot Area:

—

Question 60

From Microsoft Defender for Cloud, you need to deploy SecPol1.
What should you do first?

A: Enable Microsoft Defender for Cloud.
B: Create an Azure Management group.
C: Create an initiative.
D: Configure continuous export.

—

Question 61

HOTSPOT -
You assign User8 the Owner role for RG4, RG5, and RG6.
In which resource groups can User8 create virtual networks and NSGs by using the Azure portal? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 62

HOTSPOT -
Which virtual networks in Sub1 can User9 modify and delete in their current state? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 63

You need to ensure that you can meet the security operations requirements. What should you do first?

A: Turn on Auto Provisioning in Security Center.
B: Integrate Security Center and Microsoft Cloud App Security.
C: Upgrade the pricing tier of Security Center to Standard.
D: Modify the Security Center workspace configuration.

—

Question 64

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Sub1.
You have an Azure Storage account named sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in sa1 by using several shared access signatures (SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to sa1.
Solution: You create a new stored access policy.
Does this meet the goal?

A: Yes
B: No

—

Question 65

You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
An administrator named Admin1 has access to the following identities:
✑ An OpenID-enabled user account
✑ A Hotmail account
✑ An account in contoso.com
✑ An account in an Azure AD tenant named fabrikam.com
You plan to use Azure Account Center to transfer the ownership of Sub1 to Admin1.
To which accounts can you transfer the ownership of Sub1?

A: contoso.com only
B: contoso.com, fabrikam.com, and Hotmail only
C: contoso.com and fabrikam.com only
D: contoso.com, fabrikam.com, Hotmail, and OpenID-enabled user account

—

Question 66

SIMULATION

You need to ensure that a user named user2-28681041 can manage the properties of the virtual machines in the RG1lod28681041 resource group. The solution must use the principle of least privilege.

To complete this task, sign in to the Azure portal.

—

Question 67

SIMULATION

You need to create a new Azure AD directory named 28681041.onmicrosoft.com. The new directory must contain a new user named user1@28681041.onmicrosoft.com.

To complete this task, sign in to the Azure portal.

—

Question 68

HOTSPOT

You have an Azure subscription that contains a user named Admin1 and an Azure key vault named Vault1.

You plan to implement Microsoft Entra Verified ID.

You need to create an access policy to ensure that Admin1 has permissions to Vault1 that support the implementation of the Verified ID service. The solution must use the principle of least privilege.

Which three key permissions should you select? To answer, select the appropriate permissions in the answer area.

NOTE: Each correct selection is worth one point.

—

Question 69

You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM).

A user named User1 is eligible for the Billing administrator role.

You need to ensure that the role can only be used for a maximum of two hours.

What should you do?

A: Create a new access review.
B: Edit the role assignment settings.
C: Update the end date of the user assignment.
D: Edit the role activation settings.

—

Question 70

HOTSPOT

You have an Azure subscription that contains a user named User1 and a storage account named storage1. The storage1 account contains the resources shown in the following table.

User1 is assigned the following roles for storage1:

• Storage Blob Data Reader
• Storage Table Data Contributor
• Storage File Data SMB Share Reader

In storage1, you create a shared access signature (SAS) named SAS1 as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

—

Question 71

You have an Azure subscription that contains a user named User1 and a storage account that hosts a blob container named blob1.

You need to grant User1 access to blob1. The solution must ensure that the access expires after six days.

What should you use?

A: a shared access signature (SAS)
B: role-based access control (RBAC)
C: a shared access policy
D: a managed identity

—

Question 72

You have an Azure subscription linked to an Azure AD tenant named contoso.com. Contoso.com contains a user named User1 and an Azure web app named App1.

You plan to enable User1 to perform the following tasks:

• Configure contoso.com to use Microsoft Entra Verified ID.
• Register App1 in contoso.com.

You need to identify which roles to assign to User1. The solution must use the principle of least privilege.

Which two roles should you identify? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A: Authentication Policy Administrator
B: Authentication Administrator
C: Cloud App Security Administrator
D: Application Administrator
E: User Administrator

—

Question 73

You have an Azure AD tenant.

You plan to implement an authentication solution to meet the following requirements:

• Require number matching.
• Display the geographical location when signing in.

Which authentication method should you include in the solution?

A: Microsoft Authenticator
B: FIDO2 security key
C: SMS
D: Temporary Access Pass

—

Question 74

Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure AD tenant.

You plan to implement single sign-on (SSO) for Azure AD resources.

You need to configure an Intranet Zone setting for all users by using a Group Policy Object (GPO).

Which setting should you configure?

A: Logon options
B: Allow updates to status bar via script
C: Allow active scripting
D: Access data sources across domains

—

Question 75

HOTSPOT -
Your company has two offices in Seattle and New York. Each office connects to the Internet by using a NAT device. The offices use the IP addresses shown in the following table.

The company has an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

The MFA service settings are configured as shown in the exhibit. (Click the Exhibit tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Page 3 of 21 • Questions 51-75 of 505

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!