Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

AZ-500Free trial

By microsoft

Verified

25Q per page

Question 76

HOTSPOT

You have an Azure AD tenant that contains the groups shown in the following table.

You assign licenses to the groups as shown in the following table.

On May1, you delete Group1, Group2, and Group3.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

—

Question 77

You have an Azure AD tenant.

You need to ensure that users cannot create passwords containing a variation of the word contoso.

What should you configure?

A: Microsoft Entra Verified ID
B: Microsoft Entra Identity Governance
C: Azure AD Privileged Identity Management (PIM)
D: Azure AD Password Protection
E: Azure AD Identity Protection

—

Question 78

HOTSPOT

You have a Microsoft Entra tenant that contains the users shown in the following table.

You configure the Temporary Access Pass settings as shown in the following exhibit.

You add the Temporary Access Pass authentication method to Admin2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

—

Question 79

HOTSPOT

Your network contains an on-premises Active Directory domain named adatum.com that syncs to a Microsoft Entra tenant.

The Microsoft Entra tenant contains the users shown in the following table.

You configure the Microsoft Entra Password Protection settings for adatum.com as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

—

Question 80

HOTSPOT

You have a Microsoft Entra tenant that contains the users shown in the following table.

From Microsoft Entra Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as shown in the following exhibit.

From PIM, you assign the Security Administrator role to the following groups:

• Group1: Active assignment type, permanently assigned
• Group2: Eligible assignment type, permanently eligible

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

—

Question 81

DRAG DROP

You have an Azure subscription that contains an Azure web app named App1.

You plan to configure a Conditional Access policy for App1. The solution must meet the following requirements:

• Only allow access to App1 from Windows devices.
• Only allow devices that are marked as compliant to access App1.

Which Conditional Access policy settings should you configure? To answer, drag the appropriate settings to the correct requirements. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

—

Question 82

HOTSPOT

Your network contains an on-premises Active Directory domain that syncs to a Microsoft Entra tenant. The tenant contains the users shown in the following table.

The tenant contains the groups shown in the following table.

You configure a multi-factor authentication (MFA) registration policy that has the following settings:

• Assignments:
o Include: Group1
o Exclude: Group2
• Controls: Require Azure MFA registration
• Enforce Policy: On

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

—

Question 83

You have a Microsoft Entra tenant named contoso.com.

You plan to collaborate with a partner organization that has a Microsoft Entra tenant named fabrikam.com.

Fabrikam.com uses the following identity providers:

• Google Cloud Platform (GCP)
• Microsoft accounts
• Microsoft Entra ID

You need to configure the Cross-tenant access settings for B2B collaboration.

Which identity providers support cross-tenant access?

A: Microsoft Entra ID only
B: GCP and Microsoft Entra ID only
C: Microsoft accounts and Microsoft Entra ID only
D: GCP, Microsoft accounts, and Microsoft Entra ID

—

Question 84

You have a Microsoft Entra tenant named contoso.com.

You have a partner company that has a Microsoft Entra tenant named fabrikam.com.

You need to ensure that when a user in fabrikam.com attempts to access the resources in contoso.com, the user only receives a single Microsoft Entra Multi-Factor Authentication (MFA) prompt. The solution must minimize administrative effort.

What should you do?

A: From the Azure portal of contoso.com, configure the inbound access default settings.
B: From the Azure portal of contoso.com, configure the External collaboration settings.
C: From the Azure portal of contoso.com, configure the outbound access default settings.
D: From the Azure portal of fabrikam.com, configure the outbound access default settings.

—

Question 85

DRAG DROP

You have a Microsoft Entra tenant.

On January 1, you configure a multi-factor authentication (MFA) registration policy that has the following settings:

• Assignments: All users
• Require Microsoft Entra ID multifactor authentication registration: Enabled
• Enforce policy: On

On January 3, you create two new users named User1 and User2.

On January 5, User1 authenticates to Microsoft Entra ID for the first time. On January 7, User2 authenticates to Microsoft Entra ID for the first time.

On which date will User1 and User2 be forced to register for MFA? To answer, drag the appropriate dates to the correct users. Each date may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

—

Question 86

Your company plans to create separate subscriptions for each department. Each subscription will be associated to the same Azure Active Directory (Azure AD) tenant.
You need to configure each subscription to have the same role assignments.
What should you use?

A: Azure Security Center
B: Azure Policy
C: Azure AD Privileged Identity Management (PIM)
D: Azure Blueprints

—

Question 87

HOTSPOT

You have a Microsoft Entra tenant that contains the groups shown in the following table.

From the Azure portal, you configure a group expiration policy that has a lifetime of 180 days.

Which groups will be deleted after 180 days of inactivity, and what is the maximum amount of time you have to restore a deleted group? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

—

Question 88

You have a Microsoft Entra tenant that uses Microsoft Entra Permissions Management and contains the accounts shown in the following table:

Which accounts will be listed as assigned to highly privileged roles on the Azure AD insights tab in the Entra Permissions Management portal?

A: Admin1 only
B: Admin2 and Admin3 only
C: Admin2 and Admin4 only
D: Admin1, Admin2, and Admin3 only
E: Admin2, Admin3, and Admin4 only
F: Admin1, Admin2, Admin3, and Admin4

—

Question 89

HOTSPOT

You have a Microsoft Entra tenant that contains the user shown in the following table.

You configure a Conditional Access policy that has the following settings:
• Name:CAPolicy1
• Assignments
o Users or workload identities: Group1
o Target resources: All cloud apps
• Access controls
o Grant access: Require multifactor authentication

From Microsoft Authenticator settings for the tenant, the Enable and Target settings are configured as shown in the Enable and Target exhibit. (Click the Enable and Target tab.)

From Microsoft Authenticator settings for the tenant, the Configure settings are configured as shown in the Configure exhibit. (Click the Configure tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

—

Question 90

You have a Microsoft Entra tenant that contains three users named User1, User2, and User3.

You configure Microsoft Entra Password Protection as shown in the following exhibit.

The users perform the following tasks:

• User1 attempts to reset her password to C0nt0s0.
• User2 attempts to reset her password to F@brikamHQ.
• User3 attempts to reset her password to Pr0duct123.

Which password reset attempts fail?

A: User1 only
B: User2 only
C: User3 only
D: User1 and User 3 only
E: User1, User2, and User3

—

Question 91

HOTSPOT -
You have an Azure Container Registry named Registry1.
You add role assignments for Registry1 as shown in the following table.

Which users can upload images to Registry1 and download images from Registry1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Question 92

You have an Azure subscription.
You create an Azure web app named Contoso1812 that uses an S1 App Service plan.

You plan to -
create a CNAME DNS record for www.contoso.com that points to Contoso1812.
You need to ensure that users can access Contoso1812 by using the https://www.contoso.com URL.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A: Turn on the system-assigned managed identity for Contoso1812.
B: Add a hostname to Contoso1812.
C: Scale out the App Service plan of Contoso1812.
D: Add a deployment slot to Contoso1812.
E: Scale up the App Service plan of Contoso1812.
F: Upload a PFX file to Contoso1812.

—

Question 93

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Sub1.
You have an Azure Storage account named sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in sa1 by using several shared access signatures (SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to sa1.
Solution: You create a lock on sa1.
Does this meet the goal?

A: Yes
B: No

—

Question 94

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a hybrid configuration of Azure Active Directory (Azure AD).
You have an Azure HDInsight cluster on a virtual network.
You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.
You need to configure the environment to support the planned authentication.
Solution: You deploy Azure Active Directory Domain Services (Azure AD DS) to the Azure subscription.
Does this meet the goal?

A: Yes
B: No

—

Question 95

Your network contains an Active Directory forest named contoso.com. You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to configure synchronization by using the Express Settings installation option in Azure AD Connect.
You need to identify which roles and groups are required to perform the planned configuration. The solution must use the principle of least privilege.
Which two roles and groups should you identify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A: the Domain Admins group in Active Directory
B: the Security administrator role in Azure AD
C: the Global administrator role in Azure AD
D: the User administrator role in Azure AD
E: the Enterprise Admins group in Active Directory

—

Question 96

DRAG DROP -
You create an Azure subscription with Azure AD Premium P2.
You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure AD roles.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

—

Question 97

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a hybrid configuration of Azure Active Directory (Azure AD).
You have an Azure HDInsight cluster on a virtual network.
You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.
You need to configure the environment to support the planned authentication.
Solution: You deploy an Azure AD Application Proxy.
Does this meet the goal?

A: Yes
B: No

—

Question 98

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a hybrid configuration of Azure Active Directory (Azure AD).
You have an Azure HDInsight cluster on a virtual network.
You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.
You need to configure the environment to support the planned authentication.
Solution: You deploy the On-premises data gateway to the on-premises network.
Does this meet the goal?

A: Yes
B: No

—

Question 99

A: Yes
B: No

—

Question 100

HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

Azure AD Privileged Identity Management (PIM) is used in contoso.com.
In PIM, the Password Administrator role has the following settings:
✑ Maximum activation duration (hours): 2
✑ Send email notifying admins of activation: Disable
✑ Require incident/request ticket number during activation: Disable
✑ Require Azure Multi-Factor Authentication for activation: Enable
✑ Require approval to activate this role: Enable
✑ Selected approver: Group1
You assign users the Password Administrator role as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

—

Page 4 of 21 • Questions 76-100 of 505

←

2 3 4 5 6

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!