Azure AZ-500 Security Technologies Practice Test Set 2

In Azure SQL Database AlwaysEncrypted, two types of column encryption is supported. Match the requirement with the appropriate column encryption type.  Highest level of security:


Options are :

  • Deterministic
  • Randomized

Answer : Randomized

In Azure SQL Database AlwaysEncrypted, two types of column encryption is supported. Match the requirement with the appropriate column encryption type.  Not suitable for columns containing boolean data:


Options are :

  • Deterministic
  • Randomized

Answer : Deterministic

Azure AZ-500 Security Technologies Practice Test Set 1

You create a new Azure Key Vault and want to ensure that malicious permanent deletions of key vault items can be recovered for 90 days. What at a minimum would you have to enable on the Key Vault?


Options are :

  • Soft-delete only
  • Purge protection only
  • Soft-delete and purge protection
  • Delete lock only
  • Read-only lock only

Answer : Soft-delete only

Review the exhibit.

Which option would you choose to adjust the log data retention settings for this Azure Log Analytics Workspace? 


Options are :

  • Advanced Settings
  • Logs
  • Pricing tier
  • Usage and estimated costs
  • Properties

Answer : Usage and estimated costs

Which of the following are default rules created with a network security group?


Options are :

  • DenyAllInBound
  • DenyAllOutBound
  • DenyVnetInBound
  • DenyVnetOutBound

Answer : DenyAllInBound

AZ-400 Microsoft Azure DevOps Solutions Practice Tests Set 5

You must minimise costs. What is the minimum license required to configure Azure AD MFA?


Options are :

  • Azure AD Premium P1
  • Azure AD Premium P2
  • No license is required
  • Any Office 365 license
  • No license is required, but the user must be an Azure AD Global Administrator

Answer : No license is required, but the user must be an Azure AD Global Administrator

When configuring AAD conditional access policies, which of the following are mandatory requirements?


Options are :

  • User / group
  • Cloud Apps
  • Sign-in risk
  • Device platforms
  • Device state
  • Location
  • Client apps
  • Access controls

Answer : User / group Cloud Apps Access controls

Which option in the exhibit would you choose to configure endpoint security?



Options are :

  • Networking
  • Security
  • Extensions
  • Configuration
  • Identity
  • Locks

Answer : Extensions

AZ-103 Microsoft Azure Administrator Practice Exam Questions Set 2

You are deploying Azure Firewall as in the exhibit.


You want to ensure all traffic from Workload-SN going to www.google.com is routed through the Azure Firewall

What do you have to create in Workload-SN in to ensure that Test-FW01 will inspect outgoing traffic?


Options are :

  • NSG
  • Route Table
  • Firewall Rule

Answer : Route Table

You are deploying Azure Firewall as in the exhibit.

You want to ensure all traffic from Workload-SN going to www.google.com is routed through the Azure Firewall

How should the next hop in Workload-SN be configured as?


Options are :

  • FW Public IP
  • FW Name
  • FW Internal IP
  • Blank

Answer : FW Internal IP

You are deploying Azure Firewall as in the exhibit.

You want to ensure all traffic from Workload-SN going to www.google.com is routed through the Azure Firewall

What address prefix should you configure in Workload-SN?


Options are :

  • 0.0.0.0/0
  • 255.255.255.255/255
  • Blank
  • FW Internal IP

Answer : 0.0.0.0/0

AZ-400 Microsoft Azure DevOps Solutions Practice Tests Set 3

You are deploying Azure Firewall as in the exhibit.

You want to ensure all traffic from Workload-SN going to www.google.com is routed through the Azure Firewall

What should you configure on Test-FW01?


Options are :

  • Network rule
  • Route Table
  • Application rule
  • Nothing

Answer : Application rule

You are deploying Azure Firewall as in the exhibit.

You want to ensure all traffic from Workload-SN going to www.google.com is routed through the Azure Firewall

What should you configure on Test-FW01 to ensure successful DNS resolution from Workload-SN?


Options are :

  • Network rule
  • Route Table
  • Application rule
  • Nothing

Answer : Network rule

You are configuring AIP policies. You specify two labels:

Label1: matches "Word1"

Label2: matches "Word2"

You create a document in MS Word that contains both words, which label is applied?


Options are :

  • Label1
  • Label2
  • Label1 and Label2
  • No label

Answer : Label2

AZ-103 Microsoft Azure Administrator Practice Exam Questions Set 5

What tools are available to you for changing the key scenario in AIP (from Microsoft managed to BYOK for example)?


Options are :

  • Azure portal
  • O365 management portal
  • Security and Compliance Centre
  • Windows PowerShell
  • Azure CLI

Answer : Windows PowerShell

You must minimise costs. What is the minimum license required to configure Azure AD Conditional Access?


Options are :

  • Azure AD Premium P1
  • Azure AD Premium P2
  • No license is required
  • Any Office 365 license
  • No license is required, but the user must be an Azure AD Global Administrator

Answer : Azure AD Premium P1

When configuring an privileged access review what are the three available settings when an assigned reviewer does not complete the review before the configured review ends?


Options are :

  • Do nothing
  • Take recommendations
  • Remove Access
  • Approve Access
  • Prompt owner

Answer : Take recommendations Remove Access Approve Access

AZ-203 Microsoft Certified Azure Developer practice exams Set 11

When you configure Azure AD PIM for the first time, what are the three things you must do?


Options are :

  • Consent to PIM; verify your identity with MFA; sign-up PIM for AD roles
  • Consent to PIM; verify your identity with MFA; discover AD roles; sign-up PIM for AD roles
  • Verify your identity with MFA; consent to PIM; discover AD roles; sign-up PIM for AD roles
  • Verify your identity with MFA; consent to PIM; sign-up PIM for AD roles

Answer : Consent to PIM; verify your identity with MFA; sign-up PIM for AD roles

You deploy several VMs in Azure. You need to ensure that all the VMs have a consistent OS configuration including registry settings. Which of the following options would you configure?


Options are :

  • ARM templates
  • Desired State Configuration
  • Application Security Groups
  • Device configuration policies

Answer : Desired State Configuration

You're like the most awesome SQL DBA ever. You connect to your Azure SQL Database using SSMS and authenticate using the dialog as in the exhibit.

Which user account credentials do you supply?


Options are :

  • Your Azure AD account credentials
  • Your on-premises AD account credentials (your Windows workstation is joined to a different AD domain)
  • The same user account you are signed-into your Windows workstation as
  • Your on-premises AD account credentials (your Windows workstation is joined to the same AD domain)
  • Your database user account

Answer : Your on-premises AD account credentials (your Windows workstation is joined to a different AD domain)

AZ-103 Microsoft Azure Administrator Practice Exam Questions Set 5

Which of the following will generate an alert from SQL ATP?


Options are :

  • A user updates more than half of the content of a table in a single procedure
  • "password' OR 1=1" entered into a password field
  • A user is added to the db_owner database role
  • A user deletes more than 50% of the content of a table in a single procedure

Answer : "password' OR 1=1" entered into a password field

You need to ensure that data is secured in transit for a web application on your Azure subscription. Which of the following is required? Each answer is part of the solution and you have to minimise costs. Choose 4.


Options are :

  • Upload a certificate to Azure Key Vault
  • Obtain a custom domain name
  • Purchase an app service certificate
  • Purchase a certificate from a CA
  • Create a self-signed certificate
  • Create SSL bindings
  • Deploy Azure Application Gateway

Answer : Upload a certificate to Azure Key Vault Obtain a custom domain name Purchase an app service certificate Create SSL bindings

Your organisation has a new regulatory requirement that all cloud VM deployments must meet the Center for Internet Security Hardened Benchmarks. How can you ensure that this requirement is met while minimising costs, downtime and administrative effort? Each option represents part of the solution and is not listed in order.  Select each of the options that you should do. 



Options are :

  • Assign a built-in Azure Policy
  • Choose a CIS VM image when creating new VMs
  • Download CIS-compliant VM images from www.cisecurity.org
  • Assign a custom Azure Policy
  • Review compliance against Azure Policy
  • Redeploy non-compliant VMs
  • Create a separate compliance Resource Group
  • Create an application security group

Answer : Choose a CIS VM image when creating new VMs Assign a custom Azure Policy Review compliance against Azure Policy Redeploy non-compliant VMs

AZ-104 Real Azure Administrator Practice Test Set 8

You create an Azure Policy assignment as in the exhibit.


For each of the following, select all the statements which are true. 


Options are :

  • Creating new non-compliant resources are blocked
  • Creating new non-compliant resources are allowed but generates a validation warning
  • Creating new non-compliant resources are allowed but requires Owner RBAC role on the resource containter (resource group)
  • Non-compliant resources are reported on the Azure Policy compliance blade
  • Non-compliant resources are stopped
  • Non-compliant resources are deleted

Answer : Creating new non-compliant resources are blocked Non-compliant resources are reported on the Azure Policy compliance blade

What standard is used for 3rd-party MFA hardware token authentication?


Options are :

  • OATH
  • OAuth
  • AD Connect
  • OpenID Connect
  • JSON Web Token (JWT)

Answer : OATH

You create an AAD conditional access policy that block the "Developers" group from accessing the Azure portal.

Another administrator configures an additional AAD conditional access policy that blocks the "Developers" group from accessing the Azure portal unless they supply MFA.

T/F: A user that is member of the "Developers" group attempts to access the Azure portal and is prompted for MFA before being allowed access.


Options are :

  • True
  • False

Answer : False

AZ-400 Microsoft Azure DevOps Solutions Practice Tests Set 3

You are deploying VMs using JSON templates. You want to include enrolment into Azure Log Analytics as part of the deployment. Which two parameters must you include in the JSON template?


Options are :

  • StarageAccountKey
  • WorkspaceKey
  • WorkspaceName
  • WorkspaceURL
  • WorkspaceID

Answer : WorkspaceKey WorkspaceID

Choose one correct answer to indicated the object for each of the listed RBAC assignment properties.   


Options are :

  • Role Definition = Resource Group
  • Role Definition = Owner
  • Role Definition = Group
  • Role Definition = Domain Administrator
  • Scope = Resource Group
  • Scope = Owner
  • Scope = Group
  • Scope = Tenant
  • Security Principle = Resource group
  • Security Principle = Owner
  • Security Principle = Group
  • Security Principle = Subscription

Answer : Role Definition = Owner Scope = Resource Group Security Principle = Group

You have a custom-written Web app and already-deployed Azure SQL Database. You are configuring security using Managed Service Identity (MSI). Which of the following must you do? Each selection represents part of the solution.


Options are :

  • Create and configure Azure Key Vault
  • Create a secret in AKV
  • Create an app registration in Azure Active Directory
  • Create a client secret for the registered app
  • Configure Active Directory admin in Azure SQL Database server

Answer : Create an app registration in Azure Active Directory Configure Active Directory admin in Azure SQL Database server

70-533 Implementing Microsoft Azure Infrastructure Solution Set 4

Having which two of these roles will allow you to create a custom RBAC role?


Options are :

  • Owner
  • Contributor
  • User Access Administrator
  • Security Admin
  • User Administrator

Answer : Owner User Access Administrator

Which of the following describes credential stuffing?


Options are :

  • An attacker attempts to crack a password using every possible character combination
  • An attacker uses a database of pre-calculated password hashes against a security accounts database
  • An attacker attempts to replay intercepted authentication traffic
  • An attacker uses a database of breached credentials against public web services

Answer : An attacker uses a database of breached credentials against public web services

User1, User2 and User3 has the role of owner in a subscription.

You create an AAD PIM access review and specify the reviewers as "Members (self)".

For which users can User3 perform the access review?


Options are :

  • User1, User2 and User3
  • User3 only

Answer : User3 only

AZ-203 Microsoft Certified Azure Developer practice exams Set 15

Which of the following is possible if a user has been granted the Contributor role for a specific virtual machine in Azure?


Options are :

  • Delete the virtual machine
  • Stop the virtual machine
  • Change the virtual machine size
  • RDP to the virtual machine
  • Create a lock on the virtual machine

Answer : Delete the virtual machine Stop the virtual machine Change the virtual machine size

Which of the following are valid Azure policy effects? Choose 5.


Options are :

  • Scope
  • Deny
  • Allow
  • Initiate
  • Audit
  • AuditIfNotExists
  • DeployIfNotExists
  • DeleteIfNotComply
  • Append

Answer : Deny Audit AuditIfNotExists DeployIfNotExists Append

What users or groups does the AIP global policy apply to?


Options are :

  • Azure AD Global Admins
  • Azure RBAC Owners
  • Everyone in the organisation
  • All users and/or groups configured in the AIP global policy

Answer : Everyone in the organisation

AZ-104 Real Azure Administrator Practice Test Set 8

You successfully created a new information protection label in AIP, but the new label is not available to the targeted user. Which of the following would make the label available to the user?


Options are :

  • Reinstall Azure Information Protection Client
  • Get the user to log out and back in
  • Get the user to close and reopen the document
  • Create a new AIP policy

Answer : Create a new AIP policy

User1 is assigned a AAD identity protection user risk policy and enabled for "medium and above" risk. The user signs in from an anonymous IP. Is the policy applied to the user?


Options are :

  • Yes
  • No
  • Maybe
  • It depends

Answer : Yes

A user is configured for MFA in the Azure portal.

The user has not been assigned a Azure AD Premium license, or any other license and is not an administrator.

There are no unassigned Azure AD Premium licenses available in the tenant.

The user attempts to log in to myapps.microsoft.com.

Which of the following happens?


Options are :

  • The user cannot log in
  • The user is permitted to log in using username and password without MFA
  • The user is prompted for MFA and the subscription where Azure AD is configured is charged using per-user consumption-based billing
  • The user is prompted for MFA without charge and the subscription owner is notified of the license issue
  • The user is prompted for MFA without charge for 10 logins, after which the user is blocked

Answer : The user is prompted for MFA and the subscription where Azure AD is configured is charged using per-user consumption-based billing

AZ-104 Real Azure Administrator Practice Test Set 7

Which of the following Azure resources allows the configuration of a resource firewall? Choose 3.


Options are :

  • Azure Virtual Machine
  • Azure Storage Account
  • Azure SQL Database
  • Azure SQL Server
  • Azure Virtual Network
  • Azure Resource Group
  • Azure Firewall

Answer : Azure Storage Account Azure SQL Database Azure SQL Server

You have the following built-in Azure policies applied.

Policy1: RG1: AllowedResourcesTypes: virtualMachines

Policy2: RG2: NotAllowedResourceTypes: virtualMachines

Policy3: RG3: NotAllowedResourceTypes: virtualNetworks/subnets

Which of the following actions can you perform?


Options are :

  • Add a VM to RG1
  • Add a VNet to RG1
  • Add a VM to RG2
  • Add a VM to RG3
  • Add a VNet to RG3
  • Add a subnet to RG3

Answer : Add a VM to RG1 Add a VM to RG3 Add a VNet to RG3

You create a new Azure Key Vault and want to ensure that accidental deletions of key vault items can be recovered for 90 days. What at a minimum would you have to enable on the Key Vault?


Options are :

  • Soft-delete
  • Purge protection
  • Soft-delete and purge protection
  • Delete lock
  • Read-only lock

Answer : Soft-delete

70-533 Implementing Microsoft Azure Infrastructure Solution Set 7

Where would you configure a custom condition in AIP?


Options are :

  • Azure Information Protection Label
  • Azure Information Protection Policy
  • Azure Information Protection Client
  • Azure Active Directory

Answer : Azure Information Protection Label

How long is metrics data stored for?


Options are :

  • 90 days
  • 93 days
  • 60 days
  • 120 days
  • 30 days

Answer : 93 days

A user is registered with Azure AD MFA and have configured SMS text message as the authentication mode. The user browses to myapps.microsoft.com and supplies his username and password. What does the user have to do after the MFA message is received?


Options are :

  • Reply to the text message with #
  • Reply to the text message with the user's MFA PIN
  • Type the OTP into the browser page
  • Type the OTP and the user's MFA PIN into the browser page

Answer : Type the OTP into the browser page

Ms Azure Administrator - Mock Test Set 1

Which three of the following features are not included in MFA for O365 license?


Options are :

  • Phone call as second factor
  • On-premises MFA server
  • PIN mode
  • Fraud alert
  • Mobile app as second factor
  • SMS as second factor

Answer : On-premises MFA server PIN mode Fraud alert

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions