Azure AZ-500 Security Technologies Practice Test Set 1

Fabrikam Inc. has adopted Azure as their cloud platform. Fabrikam currently has a hybrid identity model which is supported by ADConnect. Within the Azure environment there is 1 subscription labeled “Fab-Prod” which has a resource group labeled “Back-Office”. The “Back-Office” resource group has the following resources:

1. “ADConnect” VM is running on a standard A2M spec VM

2. “VPN-Gateway” is the VPN gateway which is configured for Site-to-Site VPN (Azure to on-premises)

There are 250 Azure Active Directory user accounts which has the Office E5 licenses assigned to each user individually. The Azure tenant is configured for Privilege Identity Management and has 3 global administrator accounts (Admin01, Admin02 and Admin03) enrolled which is used to manage the environment, these administrator accounts have EMS E5 license associated to each account. Admin01 is the subscription owner for the “Fab-Prod” subscription and permissions are handled via Privilege Identity Management (PIM).


Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than once correct solution, while others might not have a correct solution.


You create an additional administrator account labeled “Admin04” as a normal Azure AD user. This account should be eligible for “Global Administrator” access via Privilege Identity Management for safekeeping and auditing purposes.

Solution: You enroll “Admin04” as an Azure AD role member with the global admin permission.

Does this solution meet the goal?


Options are :

  • TRUE
  • FALSE

Answer : TRUE

Azure AZ-500 Security Technologies Practice Test Set 6

Fabrikam Inc. has adopted Azure as their cloud platform. Fabrikam currently has a hybrid identity model which is supported by ADConnect. Within the Azure environment there is 1 subscription labeled “Fab-Prod” which has a resource group labeled “Back-Office”. The “Back-Office” resource group has the following resources:

1. “ADConnect” VM is running on a standard A2M spec VM

2. “VPN-Gateway” is the VPN gateway which is configured for Site-to-Site VPN (Azure to on-premises)

There are 250 Azure Active Directory user accounts which has the Office E5 licenses assigned to each user individually. The Azure tenant is configured for Privilege Identity Management and has 3 global administrator accounts (Admin01, Admin02 and Admin03) enrolled which is used to manage the environment, these administrator accounts have EMS E5 license associated to each account. Admin01 is the subscription owner for the “Fab-Prod” subscription and permissions are handled via Privilege Identity Management (PIM).


Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than once correct solution, while others might not have a correct solution.


You need to enroll “Admin02” into PIM so that the administrator is eligible to manage resources in the “Fab-Prod” subscription for a maximum of 8-hour time period. Admin02 requires full access to all resources within the subscription however he should not be able to add additional role assignments to the subscription. Which role should you assign to Admin02?


Options are :

  • Owner role
  • Reader role
  • Contributor role
  • Security administrator role

Answer : Contributor role

Fabrikam Inc. has adopted Azure as their cloud platform. Fabrikam currently has a hybrid identity model which is supported by ADConnect. Within the Azure environment there is 1 subscription labeled “Fab-Prod” which has a resource group labeled “Back-Office”. The “Back-Office” resource group has the following resources:

1. “ADConnect” VM is running on a standard A2M spec VM

2. “VPN-Gateway” is the VPN gateway which is configured for Site-to-Site VPN (Azure to on-premises)

There are 250 Azure Active Directory user accounts which has the Office E5 licenses assigned to each user individually. The Azure tenant is configured for Privilege Identity Management and has 3 global administrator accounts (Admin01, Admin02 and Admin03) enrolled which is used to manage the environment, these administrator accounts have EMS E5 license associated to each account. Admin01 is the subscription owner for the “Fab-Prod” subscription and permissions are handled via Privilege Identity Management (PIM).


Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than once correct solution, while others might not have a correct solution.


You plan on rolling out Microsoft Intune to a control group of 20 random users. You need to assign EMS E3 licenses for all users which are part of the control group, this process should be scalable going forward and make license management for Intune users as easy as possible.

Solution: Create a new security group with an assigned membership type and configure group-based licensing.

Does this solution meet the goal?


Options are :

  • TRUE
  • FALSE

Answer : TRUE

Fabrikam Inc. has adopted Azure as their cloud platform. Fabrikam currently has a hybrid identity model which is supported by ADConnect. Within the Azure environment there is 1 subscription labeled “Fab-Prod” which has a resource group labeled “Back-Office”. The “Back-Office” resource group has the following resources:

1. “ADConnect” VM is running on a standard A2M spec VM

2. “VPN-Gateway” is the VPN gateway which is configured for Site-to-Site VPN (Azure to on-premises)

There are 250 Azure Active Directory user accounts which has the Office E5 licenses assigned to each user individually. The Azure tenant is configured for Privilege Identity Management and has 3 global administrator accounts (Admin01, Admin02 and Admin03) enrolled which is used to manage the environment, these administrator accounts have EMS E5 license associated to each account. Admin01 is the subscription owner for the “Fab-Prod” subscription and permissions are handled via Privilege Identity Management (PIM).


Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than once correct solution, while others might not have a correct solution.


You have been tasked to better manage all user accounts per department in the Azure AD tenant. You plan to group all user accounts automatically by using a dynamic group membership called “Dynamic-Guests”. Which of the following criteria is the best to identify these accounts as the below information has been set for all users? Select 2 methods.


Options are :

  • Job title
  • Manager
  • Location
  • Department

Answer : Job title Department

Azure AZ-500 Security Technologies Practice Test Set 8

Fabrikam Inc. has adopted Azure as their cloud platform. Fabrikam currently has a hybrid identity model which is supported by ADConnect. Within the Azure environment there is 1 subscription labeled “Fab-Prod” which has a resource group labeled “Back-Office”. The “Back-Office” resource group has the following resources:

1. “ADConnect” VM is running on a standard A2M spec VM

2. “VPN-Gateway” is the VPN gateway which is configured for Site-to-Site VPN (Azure to on-premises)

There are 250 Azure Active Directory user accounts which has the Office E5 licenses assigned to each user individually. The Azure tenant is configured for Privilege Identity Management and has 3 global administrator accounts (Admin01, Admin02 and Admin03) enrolled which is used to manage the environment, these administrator accounts have EMS E5 license associated to each account. Admin01 is the subscription owner for the “Fab-Prod” subscription and permissions are handled via Privilege Identity Management (PIM).


Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than once correct solution, while others might not have a correct solution.


You are tasked to secure all guest user identities by only allowing logging into Microsoft Teams via Windows and blocking sign ins from Android and iOS. When logging in the guest users must also use MFA. Which technology should you implement to accomplish this goal?


Options are :

  • Conditional Access
  • Privilege Identity Management
  • Identity Protection

Answer : Conditional Access

Fabrikam Inc. has adopted Azure as their cloud platform. Fabrikam currently has a hybrid identity model which is supported by ADConnect. Within the Azure environment there is 1 subscription labeled “Fab-Prod” which has a resource group labeled “Back-Office”. The “Back-Office” resource group has the following resources:

1. “ADConnect” VM is running on a standard A2M spec VM

2. “VPN-Gateway” is the VPN gateway which is configured for Site-to-Site VPN (Azure to on-premises)

There are 250 Azure Active Directory user accounts which has the Office E5 licenses assigned to each user individually. The Azure tenant is configured for Privilege Identity Management and has 3 global administrator accounts (Admin01, Admin02 and Admin03) enrolled which is used to manage the environment, these administrator accounts have EMS E5 license associated to each account. Admin01 is the subscription owner for the “Fab-Prod” subscription and permissions are handled via Privilege Identity Management (PIM).


Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than once correct solution, while others might not have a correct solution.


True or false: You can configure an Azure Conditional Access policy for client applications like Microsoft Word.


Options are :

  • TRUE
  • FALSE

Answer : FALSE

Fabrikam Inc. has adopted Azure as their cloud platform. Fabrikam currently has a hybrid identity model which is supported by ADConnect. Within the Azure environment there is 1 subscription labeled “Fab-Prod” which has a resource group labeled “Back-Office”. The “Back-Office” resource group has the following resources:

1. “ADConnect” VM is running on a standard A2M spec VM

2. “VPN-Gateway” is the VPN gateway which is configured for Site-to-Site VPN (Azure to on-premises)

There are 250 Azure Active Directory user accounts which has the Office E5 licenses assigned to each user individually. The Azure tenant is configured for Privilege Identity Management and has 3 global administrator accounts (Admin01, Admin02 and Admin03) enrolled which is used to manage the environment, these administrator accounts have EMS E5 license associated to each account. Admin01 is the subscription owner for the “Fab-Prod” subscription and permissions are handled via Privilege Identity Management (PIM).


Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than once correct solution, while others might not have a correct solution.


You are planning on rolling out a new Azure AD Conditional Access policy to restrict access to only specific device platforms. Which of the following device platforms are supported by conditional access? Choose all that apply.


Options are :

  • Android
  • iOS
  • Windows Phone
  • macOS

Answer : Android iOS Windows Phone macOS

Azure AZ-500 Security Technologies Practice Test Set 1

Fabrikam Inc. has adopted Azure as their cloud platform. Fabrikam currently has a hybrid identity model which is supported by ADConnect. Within the Azure environment there is 1 subscription labeled “Fab-Prod” which has a resource group labeled “Back-Office”. The “Back-Office” resource group has the following resources:

1. “ADConnect” VM is running on a standard A2M spec VM

2. “VPN-Gateway” is the VPN gateway which is configured for Site-to-Site VPN (Azure to on-premises)

There are 250 Azure Active Directory user accounts which has the Office E5 licenses assigned to each user individually. The Azure tenant is configured for Privilege Identity Management and has 3 global administrator accounts (Admin01, Admin02 and Admin03) enrolled which is used to manage the environment, these administrator accounts have EMS E5 license associated to each account. Admin01 is the subscription owner for the “Fab-Prod” subscription and permissions are handled via Privilege Identity Management (PIM).


Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than once correct solution, while others might not have a correct solution.


The security department has requested that when configuring Single Sign On (SSO) for hybrid users that all user passwords are passed through the on-premises Active Directory domain controller for validation.

Solution: You configure Password Hash Sync and enable single sign on (SSO) with the ADConnect tool.

Does this solution meet the goal?


Options are :

  • TRUE
  • FALSE

Answer : FALSE

Fabrikam Inc. has adopted Azure as their cloud platform. Fabrikam currently has a hybrid identity model which is supported by ADConnect. Within the Azure environment there is 1 subscription labeled “Fab-Prod” which has a resource group labeled “Back-Office”. The “Back-Office” resource group has the following resources:

1. “ADConnect” VM is running on a standard A2M spec VM

2. “VPN-Gateway” is the VPN gateway which is configured for Site-to-Site VPN (Azure to on-premises)

There are 250 Azure Active Directory user accounts which has the Office E5 licenses assigned to each user individually. The Azure tenant is configured for Privilege Identity Management and has 3 global administrator accounts (Admin01, Admin02 and Admin03) enrolled which is used to manage the environment, these administrator accounts have EMS E5 license associated to each account. Admin01 is the subscription owner for the “Fab-Prod” subscription and permissions are handled via Privilege Identity Management (PIM).


Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than once correct solution, while others might not have a correct solution.


Currently the on-premises identities are synced to Azure AD via the ADConnect tool installed on the “ADConnect” server which is connected to the on-premises network via the Site-to-Site VPN. The ADConnect tool has been configured and has been syncing identities for the past month without issue, however you received an email message saying “Azure Active Directory (Azure AD) didn’t register a synchronization attempt in the last 24 hours. What could be the cause? Select all that apply.


Options are :

  • The work or school account used in the configuration wizard to setup directory synchronization has been deleted, disabled or password expired
  • The admin account used for directory synchronization was changed
  • There are network connection issues
  • Directory synchronization service has stopped

Answer : The work or school account used in the configuration wizard to setup directory synchronization has been deleted, disabled or password expired The admin account used for directory synchronization was changed There are network connection issues Directory synchronization service has stopped

Fabrikam Inc. has adopted Azure as their cloud platform. Fabrikam currently has a hybrid identity model which is supported by ADConnect. Within the Azure environment there is 1 subscription labeled “Fab-Prod” which has a resource group labeled “Back-Office”. The “Back-Office” resource group has the following resources:

1. “ADConnect” VM is running on a standard A2M spec VM

2. “VPN-Gateway” is the VPN gateway which is configured for Site-to-Site VPN (Azure to on-premises)

There are 250 Azure Active Directory user accounts which has the Office E5 licenses assigned to each user individually. The Azure tenant is configured for Privilege Identity Management and has 3 global administrator accounts (Admin01, Admin02 and Admin03) enrolled which is used to manage the environment, these administrator accounts have EMS E5 license associated to each account. Admin01 is the subscription owner for the “Fab-Prod” subscription and permissions are handled via Privilege Identity Management (PIM).


Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than once correct solution, while others might not have a correct solution.


You have been requested to evaluate the security posture of all identities in Azure Active Directory. You need to provide the following information per user:

· Risk level

· Risk events

· Current status

Solution: You configure Azure AD Identity Protection.

Does this solution meet the goal?


Options are :

  • TRUE
  • FALSE

Answer : TRUE

Azure AZ-500 Security Technologies Practice Test Set 6

Fabrikam Inc. has adopted Azure as their cloud platform. Fabrikam currently has a hybrid identity model which is supported by ADConnect. Within the Azure environment there is 1 subscription labeled “Fab-Prod” which has a resource group labeled “Back-Office”. The “Back-Office” resource group has the following resources:

1. “ADConnect” VM is running on a standard A2M spec VM

2. “VPN-Gateway” is the VPN gateway which is configured for Site-to-Site VPN (Azure to on-premises)

There are 250 Azure Active Directory user accounts which has the Office E5 licenses assigned to each user individually. The Azure tenant is configured for Privilege Identity Management and has 3 global administrator accounts (Admin01, Admin02 and Admin03) enrolled which is used to manage the environment, these administrator accounts have EMS E5 license associated to each account. Admin01 is the subscription owner for the “Fab-Prod” subscription and permissions are handled via Privilege Identity Management (PIM).


Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than once correct solution, while others might not have a correct solution.


You have been requested to create a new Azure AD application labeled “Office365-logging” which needs to retrieve information about user, admin and policy actions and events from Office 365. This app needs to support both work and school accounts including personal Microsoft accounts.

Solution: You create an Azure AD V1.0 endpoint

Does this solution meet the goal?


Options are :

  • TRUE
  • FALSE

Answer : FALSE

True or false: you can deploy a VM in the same virtual network where your Azure Kubernetes Cluster is running?


Options are :

  • TRUE
  • FALSE

Answer : TRUE

True or false: you can deploy a VM in the same subnet where your Azure Kubernetes Cluster is running?


Options are :

  • TRUE
  • FALSE

Answer : FALSE

Azure AZ-500 Security Technologies Practice Test Set 3

Which of the following security concerns are relevant to container solutions? Select all that apply.


Options are :

  • Kernel Exploits
  • Denial-of-service attacks
  • Container breakouts
  • Poisoned images

Answer : Kernel Exploits Denial-of-service attacks Container breakouts Poisoned images

You need to delegate access to a system administrator to a specific VM labeled “LOB-VM” in the “Production” resource group. The system administrator should have full control over the VM but should not be able to grant additional users’ access. The resource group is home to a combination of resources across different departments. You need to grant RBAC access with strict security in mind. Which is the correct RBAC configuration?


Options are :

  • Scope = “LOB-VM”, Role = “Owner”
  • Scope = “Production”, Role = “Owner”
  • Scope = “Production”, Role = “Contributor”
  • Scope = “LOB-VM”, Role = “Contributor”

Answer : Scope = “LOB-VM”, Role = “Contributor”

You need to ensure that all current and future resources that are compliant are enrolled into Azure Security Center.

Solution: You configure an Azure policy on the subscription level.

Does this solution meet the goal?


Options are :

  • TRUE
  • FALSE

Answer : TRUE

AZ-300 Microsoft Azure Architect Practice Exam Questions NEW Set 3

You need to harden your Docker containers.

Solution: You enable AppArmor.

Does this solution meet the goal?


Options are :

  • TRUE
  • FALSE

Answer : TRUE

You have inherited an Azure environment which has plenty of resource groups. You have been tasked to manage access, policies and compliance for the subscriptions in an efficient manner.

Solution: You decide to make use of RBAC.

Does this solution meet the goal?


Options are :

  • TRUE
  • FALSE

Answer : FALSE

You need to limit outbound HTTPS traffic to specific fully qualified domain names (FQDN). Which of the following technologies support this?


Options are :

  • Network Security Groups (NSG)
  • Application Security Groups (ASG)
  • Azure Firewall
  • Just-in-time VM access (JIT VM Access)

Answer : Azure Firewall

Azure AZ-500 Security Technologies Practice Test Set 3

You need to configure temporary access to an Azure VM on port 22, the solution should manage the inbound rules automatically in the back end and remove the rules when the time period expires. Which of the following technologies should you configure?


Options are :

  • Network Security Group (NSG)
  • Application Security Groups (ASG)
  • Azure Firewall
  • Just-in-time VM access

Answer : Just-in-time VM access

You are in the process of creating an Azure container registry via CLI in the “MyRG” resource group. Complete the following command to create the container registry labeled “MyContainer001”.

Az (1) create –resource group MyRG –(2) MyContainer001 (3) –Basic


Options are :

  • 1=acr, 2=name, 3= sku
  • 1=akr, 2= id, 3= tier
  • 1=docker, 2=name, 3=tier
  • 1=acr, 2=id, 3=sku

Answer : 1=acr, 2=name, 3= sku

You plan to secure remote access from your on-premises network to your AKS cluster which is deployed to an existing Azure VNet. The solution should have the lowest possible latency and very high network speeds.

Solution: You implement a Site-to-Site VPN solution.

Does this solution meet the goal?


Options are :

  • TRUE
  • FALSE

Answer : FALSE

AZ-103 Microsoft Azure Administrator Practice Exam Questions Set 3

You are reviewing the security policies assigned to your subscription in Azure Security Center. In addition to the ASC Default policy that is already assigned, you need to assign the built-in policy initiative named Enable Data Protection Suite that contains a policy named Deploy Threat Detection on SQL servers. Choose the correct list of steps to accomplish your goals.


Options are :

  • Azure Security Center, Security Policy, Assign Initiative, Select Enable Data Protection, Click Assign
  • Azure Policy, Assignments, Assign Initiative, Select Enable Data Protection, Click Assign
  • SQL Databases, Advanced Data Security, Assign Policy/Initiative, Select Enable Data Protection, Click Assign
  • Resource Group, Policies, Assign Initiative, Select Enable Data Protection, Click Assign

Answer : Azure Policy, Assignments, Assign Initiative, Select Enable Data Protection, Click Assign

Which of the following is true for an Azure Security Center incident?


Options are :

  • A single alert detected by more than one ASC detection mechanism
  • An aggregation of alerts that align with kill chain patterns
  • A single alert with a high probability of being a true positive
  • Any high-severity alert (not low-severity or medium-severity alerts)
  • An alert detected by Azure Advanced Threat Protection

Answer : An aggregation of alerts that align with kill chain patterns

You are the security administrator for your Azure subscription and are reviewing the security alerts as listed in Azure Security Center. You select one of the high-severity alerts and select the resource identified by the alert as being attacked. What response options are available to you? Choose 3.


Options are :

  • Click remediate from the alert details pane
  • Click isolate from the alert details pane
  • Select one or more of the recommended remediation steps and click Remediate
  • Manually execute the remediation steps recommended
  • Click investigate on the alert details pane
  • Click run playbooks on the alert details pane

Answer : Manually execute the remediation steps recommended Click investigate on the alert details pane Click run playbooks on the alert details pane

Azure AZ-500 Security Technologies Practice Test Set 4

What Azure resource is created when an Azure Security Center playbook is created?


Options are :

  • Azure Logic App
  • Azure Function
  • Microsoft Flow
  • Azure Log Analytics Workspace
  • Azure Playbook
  • Azure Runbook

Answer : Azure Logic App

Which of the following should be chosen as the trigger when creating an Azure Security Center playbook?


Options are :

  • Triggers when a Windows Defender ATP alert occurs
  • When an event is created
  • When a data driven alert is triggered
  • When a response to an Azure Security Center alert is triggered
  • When an incident is created

Answer : When a response to an Azure Security Center alert is triggered

When Azure Information Protection classifies a document, how can the classification label applied to the document? Choose 3.


Options are :

  • Header and/or footer
  • Watermark
  • Encrypted metadata
  • Clear-text metadata
  • Document fingerprint
  • Digital text steganography

Answer : Header and/or footer Watermark Clear-text metadata

Azure AZ-500 Security Technologies Practice Test Set 7

You create an Azure Information Protection classification policy that defines a number of classification levels. You configure labels for general, sensitive and confidential. You configure the visual marker for the confidential label as watermark. A few weeks later you change the policy by creating sub labels for the confidential class as Confidential \ All Employees and Confidential \ Recipients Only. You configure the visual marker for each of these as footer. When the Confidential \ All Employees classification is applied to the document, which of the following visual marking(s) is/are applied?


Options are :

  • None
  • Footer and Watermark
  • Watermark
  • Footer

Answer : Footer

What Azure feature ensures that data residency, sovereignty, compliance, and resiliency requirements are honored?


Options are :

  • Azure Geography
  • Azure Region
  • Azure Resource Group
  • Azure Tenant
  • Azure Trust Center

Answer : Azure Geography

Which of the following elements are not associated with an Azure Region?


Options are :

  • Azure Virtual Machine
  • Azure Resource Group
  • Azure Managed Disk
  • Storage Account
  • None of the answers are correct
  • All of the answers are correct

Answer : None of the answers are correct

Azure AZ-500 Security Technologies Practice Test Set 3

Which of the following lists of data classifications is arranged from highest to lowest level of sensitivity?


Options are :

  • 1. Confidential. 2. Internal only. 3. Public
  • 1. Sensitive. 2. Restricted. 3. Unrestricted
  • 1. Low. 2. Medium. 3. High
  • 1. Secret. 2. Top-Secret. 3. Sensitive. 4. Unclassified

Answer : 1. Confidential. 2. Internal only. 3. Public

In data classification, which of the following data ownership roles are given no permissions to use the data? Choose 2


Options are :

  • Owner
  • User
  • Administrator
  • Custodian

Answer : Administrator Custodian

Which of the following elements are not included in a data retention policy?


Options are :

  • Data recovery rules
  • Data disposal rules
  • Regulatory requirements
  • Corporate requirements
  • Data retention periods per classification level
  • Data security measures

Answer : Data security measures

Azure AZ-500 Security Technologies Practice Test Set 7

Which of the following are valid access control options for Storage Accounts? Choose 3


Options are :

  • Access Key
  • Shared Access Key
  • Role Based Access Control
  • Service Key
  • Shared Access Signature

Answer : Access Key Role Based Access Control Shared Access Signature

Which of the following access control options would you use to provide temporary anonymous access to a Storage Account?


Options are :

  • Access Key
  • Shared Access Key
  • Role Based Access Control
  • Service Key
  • Shared Access Signature

Answer : Shared Access Signature

In what two ways should applications (not users) be granted access to storage account resources?


Options are :

  • Access Key
  • Shared Access Key
  • OAuth
  • Service Key
  • Shared Access Signature

Answer : Access Key OAuth

Azure AZ-500 Security Technologies Practice Test Set 3

It is considered best practice to add an additional layer of access control security to Azure SQL databases. Which Azure features provides this capability?


Options are :

  • Network Security Group
  • Azure Firewall
  • Azure SQL Database Firewall
  • Network Security Appliance
  • Azure Active Directory Conditional Access
  • Azure Information Protection

Answer : Azure SQL Database Firewall

What are the types of authentication supported as an access control measure to Azure SQL Database?


Options are :

  • Simple (clear text) authentication
  • Encrypted Challenge-response authentication
  • Azure Active Directory authentication
  • SQL authentication
  • RADIUS authentication
  • Multi-factor authentication

Answer : Azure Active Directory authentication SQL authentication

Which of the following is the correct actions for resetting the password for the SQL server admin login that is created as part of a new Azure SQL Database?


Options are :

  • Azure portal, SQL Servers, select server, reset password
  • Azure portal, SQL Databases, select database, reset password
  • Azure portal, Azure Active Directory, select user, Reset password
  • SQL Query editor, connect to Azure SQL Database, ALTER LOGIN command
  • SQL Query editor, connect to Azure SQL Database, CREATE LOGIN command
  • SQL Query editor, connect to Azure SQL Database, LOGIN command

Answer : Azure portal, SQL Servers, select server, reset password

AZ-300 Microsoft Azure Architect Practice Exam Questions NEW Set 3

You have an existing AD Connect implementation. You have to prevent users from a certain department to be synchronised to AAD. What tool do you use?


Options are :

  • AAD Connect wizard on the AD Connect server
  • Synchronization Rules Editor on the AD Connect server
  • AAD Connect in the Azure portal
  • AD Users and Computers on the local DC

Answer : Synchronization Rules Editor on the AD Connect server

Azure AZ-500 Security Technologies Practice Test Set 5

What format is an OpenID Connect token?


Options are :

  • XML
  • SAML
  • JWT
  • Java

Answer : JWT

Which two of the following are objects you can configure to apply AAD PIM to?


Options are :

  • Access Reviews
  • AAD Roles
  • ADD Groups
  • Azure Resources
  • AAD Dynamic Groups

Answer : AAD Roles Azure Resources

In Azure SQL Database AlwaysEncrypted, two types of column encryption is supported. Match the requirement with the appropriate column encryption type.  Plaintext data values always produce the same cyphertext:


Options are :

  • Deterministic
  • Randomized

Answer : Deterministic

AZ-300 Microsoft Azure Architect Practice Exam Questions NEW Set 1

In Azure SQL Database AlwaysEncrypted, two types of column encryption is supported. Match the requirement with the appropriate column encryption type.  SQL Server can use the encrypted columns in joins and lookups:


Options are :

  • Deterministic
  • Randomized

Answer : Deterministic

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions