Azure AZ-500 Security Technologies Practice Test Set 6

You plan on deploying anti-malware solution to your LOB application VM via security extension. Is it possible to add the anti-malware security extension on top of the built-in Windows Defender anti-malware solution running locally on the VM?


Options are :

  • TRUE
  • FALSE

Answer : TRUE

Which of the following core features are available when you deploy Microsoft anti-malware for Azure applications. Select all that apply.


Options are :

  • Real-time protection
  • Malware remediation
  • Exclusions
  • Anti-malware engine and platform updates

Answer : Real-time protection Malware remediation Exclusions Anti-malware engine and platform updates

AZ-900 Microsoft Azure Fundamentals Original Practice Tests Set 3

When making use of resource locks, which of the following locking modes are valid? Select all that apply.


Options are :

  • Read only
  • Do not delete
  • Write only

Answer : Read only Do not delete

Which of the following is supported to create custom RBAC roles? Select all that apply.


Options are :

  • Azure PowerShell
  • Azure CLI
  • Rest API
  • CMD

Answer : Azure PowerShell Azure CLI Rest API

You need to provide RBAC access to a third party to manage a "LOB-VM". The third party should be able to restart the VM, however not be able to shut down the VM. When using Azure CLI, how should this be defined? Select all that apply.


Options are :

  • Action: Microsoft.compute/virtualmachines/restart/action
  • Action: Microsoft.compute/virtualmachines/start/action
  • NotActions:Microsoft.compute/virtualmachines/start/action
  • NotAction:Microsoft.compute/virtualmachines/shutdown/action

Answer : Action: Microsoft.compute/virtualmachines/restart/action NotAction:Microsoft.compute/virtualmachines/shutdown/action

AZ-400 Microsoft Azure DevOps Solutions Practice Tests Set 3

Which of the following can be associated to a Network Security Group (NSG) ? Select all that apply.


Options are :

  • Subnet
  • 1. Resource Group
  • Network Interface Card (NIC)
  • Virtual Network (VNet)

Answer : Subnet Network Interface Card (NIC)

True or false: when there are 2 NSG's associated to the same subnet, when one NSG denies traffic on port 80 inbound and another allows traffic on port 80 inbound to the same VM, the traffic will automatically be blocked due to the one NSG rule that denies the traffic.


Options are :

  • TRUE
  • FALSE

Answer : TRUE

True or False: you can create custom service tags when making use of Network Security Groups?


Options are :

  • TRUE
  • FALSE

Answer : FALSE

70-533 Implementing Microsoft Azure Infrastructure Solution Set 2

What are two types of data store used by Azure Monitor?


Options are :

  • Logs
  • Metrics
  • Event Hubs
  • Blobs
  • Queues

Answer : Logs Metrics

Which of the following are not characteristics of Azure Monitor Metrics?


Options are :

  • Text or numeric data
  • Collected at regular intervals
  • Lightweight
  • Sourced from Application Insights
  • Sourced from Azure resources

Answer : Text or numeric data

Which of the following are valid Azure Monitor data sources?


Options are :

  • Application Insights
  • Log Analytics Agent
  • Azure Resource Diagnostic Log
  • Azure Subscription
  • Azure Tenant Audit Log
  • On-Premises Operating System

Answer : Application Insights Log Analytics Agent Azure Resource Diagnostic Log Azure Subscription Azure Tenant Audit Log On-Premises Operating System

AZ-103 Microsoft Azure Administrator Practice Exam Questions Set 3

What are the three headline capabilities of advanced data security in Azure SQL Database?


Options are :

  • SQL Server Firewall
  • Data discovery and classification
  • Vulnerability assessment
  • Azure security center
  • Advanced threat protection
  • Dynamic data masking

Answer : Data discovery and classification Vulnerability assessment Advanced threat protection

Which of the following authentication mechanisms is used by Azure HDInsight?


Options are :

  • Kerberos
  • OAuth
  • SAML
  • Azure Active Directory
  • OpenID

Answer : Kerberos

Multiple layers of security is recommended for Azure HDInsight. Which of the following is not considered a protection layer?


Options are :

  • Perimeter security
  • Authorisation security
  • Authentication security
  • Data security
  • Cluster security

Answer : Cluster security

Ms Azure Administrator - Mock Test Set 10

Which component is used to manage role-based access control in Azure HDInsight?


Options are :

  • Azure Active Directory
  • Azure Active Directory Domain Services
  • Apache Ranger
  • Apache Hive Server
  • Apache Spark

Answer : Apache Ranger

How does HDInsight provide protection for data at rest?


Options are :

  • Apache Hive Server Encryption
  • Azure Storage Service Encryption
  • Apache HBase Encryption
  • Apache Ranger Encryption
  • AES 256-bit Encryption

Answer : Azure Storage Service Encryption

It is considered best practice to add an additional layer of access control security to Azure Cosmos DB. Which Azure features provides this capability?


Options are :

  • Network Security Group
  • Azure Firewall
  • Cosmos DB Firewall
  • Network Security Appliance
  • Azure Active Directory Conditional Access
  • Azure Information Protection

Answer : Cosmos DB Firewall

AZ-300 Microsoft Azure Architect Technologies Prc. Tests Set 5

Azure Cosmos DB uses two types of keys to authenticate users and provide access to its data and resources. Select them from the answer options.


Options are :

  • Access Key
  • Shared Access Key
  • Role Based Access Control
  • Resource Token
  • Shared Access Signature
  • Master Key

Answer : Resource Token Master Key

How does Cosmos DB provide protection for data at rest?


Options are :

  • Hash-based Message Authentication Code (HMAC)
  • Azure Storage Service Encryption
  • Azure Key Vault
  • SSL/TLS 1.2
  • AES 256-bit Encryption

Answer : Azure Storage Service Encryption

How does Azure Data Lake provide protection for data at rest?


Options are :

  • BitLocker
  • Azure Storage Service Encryption
  • Azure Key Vault
  • SSL/TLS 1.2
  • AES 256-bit Encryption

Answer : Azure Storage Service Encryption

AZ-203 Microsoft Certified Azure Developer practice exams Set 10

What are the three authentication mechanisms that an application can use when using Azure Key Vault for storing secrets, certificates and/or keys?


Options are :

  • Service principal with certificate
  • Azure app registry
  • Service principal with encrypted credential
  • Service principal with secret
  • Container instance registry
  • Managed identities for Azure resources

Answer : Service principal with certificate Service principal with secret Managed identities for Azure resources

Ms Azure Administrator - Mock Test Set 4

Which of the following are valid access control options for Azure Data Lake? Choose 3


Options are :

  • Access Key
  • Role Based Access Control
  • Service Key
  • Shared Access Signature
  • Shared Access Key

Answer : Access Key Role Based Access Control Shared Access Signature

Azure backup can be configured to backup on-premises VMs. What is used to ensure data is encrypted at rest?


Options are :

  • Passphrase
  • Azure Recovery Services
  • Azure Storage Service Encryption
  • Transparent Data Encryption
  • Azure Recovery Vault

Answer : Passphrase

You have configured VNet peering between 2 VNets in your "Production" resource group. You implement an Azure firewall and create a user defined route (UDR) that forces all traffic through the firewall. Will traffic destined to route over the VNet peering link be forced to route through the firewall?


Options are :

  • NO
  • YES

Answer : NO

Ms Azure Administrator - Mock Test Set 1

Select the most accurate description of the Always Encrypted feature of Azure SQL Database.


Options are :

  • Row-level encryption
  • Network-level encryption
  • Table-level encryption
  • User-level encryption
  • Database-level encryption
  • Column-level encryption

Answer : Column-level encryption

How does Azure SQL Database provide protection for data at rest?


Options are :

  • AES Encryption
  • Azure Storage Service Encryption
  • BitLocker
  • SSL/TLS 1.2
  • Azure Key Vault
  • Transparent Data Encryption

Answer : Transparent Data Encryption

You are the administrator for the Contoso financial group. You are responsible for all storage accounts in Azure. You have been tasked to share limited access to the Blob files in storage account "Company_function" with another company for a limited time. The other company should only be able to list and read the data in the blob storage. The other company's administrator is familiar with Azure Storage Explorer and want you to share secure access with him by using this tool. Which information should you configure and give the administrator?


Options are :

  • Create Shared Access Signature for "Company_function" and configure the following: read and list permissions, service access to Blobs. Send the administrator the SAS URI to be used in Storage Explorer
  • Create Shared Access Signature for "Company_function" and configure the following: start and expiry time, read and list permissions, service access to Blobs. Send the administrator the SAS URI to be used in Storage Explorer
  • Create Shared Access Signature for "Company_function" and configure the following: start and expiry time, read and write permissions, service access to Blobs. Send the administrator the SAS URI to be used in Storage Explorer.
  • Provide the administrator with the storage name and key

Answer : Create Shared Access Signature for "Company_function" and configure the following: start and expiry time, read and list permissions, service access to Blobs. Send the administrator the SAS URI to be used in Storage Explorer

AZ-103 Microsoft Azure Administrator Practice Exam Questions Set 4

You are the administrator for the ACME banking group. You are responsible for managing the key vault in Azure. You need to create a new certificate in the ACMEvault with a key size of 2018 and that cannot be reused via an API call which should be called ACMEcertificate. Which statement below is correct?


Options are :

  • GET https://ACMEvault.vault.azure.net/certificates/ACMEcertificate/create?api-version=7.0
  • SET https://ACMEvault.vault.azure.net/certificates/ACMEcertificate/create?api-version=7.0
  • POST http://ACMEvault.vault.azure.net/certificates/ACMEcertificate/create?api-version=7.0
  • POST https://ACMEvault.vault.azure.net/certificates/ACMEcertificate/create?api-version=7.0

Answer : POST https://ACMEvault.vault.azure.net/certificates/ACMEcertificate/create?api-version=7.0

You notice a recommendation in the Azure Security Center to add a vulnerability assessment solution to your Azure virtual machines. Which of the following options are Azure Security Center-integrated solutions to the recommendation. Select two.


Options are :

  • Microsoft Advanced Threat Analytics
  • Nessus
  • Qualys
  • Azure Log Analytics
  • Azure Monitor
  • Rapid7

Answer : Qualys Rapid7

You have been requested to configure VM security in the form of encrypting IaaS VM disks. You are planning to make use of PowerShell to encrypt the disks. Complete the following PowerShell command: Set-1 -ResourceGroupName "MySecureRG" -VMName "MySecureVM" -2 "VaultID" -3 "VaultURL"


Options are :

  • 1 = AzVmDiskEncryptionExtension, 2 = DiskEncryptionKeyVaultId, 3 = DiskEncryptionKeyVaultUrl
  • 1 = AzVmDiskEncryptionExtension, 2 = DiskEncryptionKeyVaultUrl, 3 = DiskEncryptionKeyVaultId
  • 1 = DiskEncryptionKeyVaultUrl, 2 = DiskEncryptionKeyVaultId, 3 = AzVmDiskEncryptionExtension

Answer : 1 = AzVmDiskEncryptionExtension, 2 = DiskEncryptionKeyVaultId, 3 = DiskEncryptionKeyVaultUrl

AZ-103 Microsoft Azure Administrator Practice Exam Questions Set 5

You need to configure additional Network Security Group rules to allow the following types of traffic: Remote Desktop Protocol SSH Secure web traffic Which three ports should you configure as part of the NSG rules?


Options are :

  • Port 23
  • Port 389
  • Port 22
  • Port 3389
  • Port 80
  • Port 443

Answer : Port 22 Port 3389 Port 443

When securing Azure Key Vault one has to secure the management plane and the data plane. Which of these options is relevant when securing the data plane?


Options are :

  • Set key vault secrets
  • Create RBAC roles
  • Create key vault keys
  • Set key vault tags
  • Set key vault access policies
  • Create key vault

Answer : Set key vault secrets Create key vault keys

True or false: you can configure multiple domains to sync with ADConnect.


Options are :

  • FALSE
  • TRUE

Answer : TRUE

AZ-103 Microsoft Azure Administrator Practice Exam Questions Set 2

Which of the following is not a technology that can be used to visualise Azure Monitor data?


Options are :

  • All of the answers are correct
  • Power BI
  • Azure Monitor Workbooks
  • None of the answers are correct
  • Azure Dashboards
  • Azure Monitor Views

Answer : None of the answers are correct

True of false: Just-in-time VM access will automatically create the NSG rules, however you will need to manually remove the NSG rules afterwards.


Options are :

  • FALSE
  • TRUE

Answer : FALSE

Azure Policy allows the assignment of a policy to a management group. What level of scope is provided by management groups?


Options are :

  • Subscription
  • Tenant
  • Resource group
  • Resource
  • All of the options

Answer : Subscription

Azure AZ-500 Security Technologies Practice Test Set 4

What is the minimum Azure Active Directory built-in RBAC role required to manage Azure Key Vault?


Options are :

  • Key Vault Administrator
  • Key Vault Reader
  • Security Admin
  • Owner
  • Key Vault Contributor
  • Reader

Answer : Key Vault Contributor

You are the administrator for the Contoso financial group. You are responsible for managing the key vault in Azure. You need to update a certificate that has become stale in the CONTOSOvault which is called "WebsiteCertificate" via an API call to the Key Vault. Which statement below is correct?


Options are :

  • PATCH https://CONTOSOvault.vault.azure.net/certificates/WebsiteCertificate/3d31d7b36c942ad83ef36fc?api-version=7.0
  • PATCH http://CONTOSOvault.vault.azure.net/certificates/WebsiteCertificate/3d31d7b36c942ad83ef36fc?api-version=7.0
  • POST https://CONTOSOvault.vault.azure.net/certificates/WebsiteCertificate/3d31d7b36c942ad83ef36fc?api-version=7.0
  • POST http://CONTOSOvault.vault.azure.net/certificates/WebsiteCertificate/3d31d7b36c942ad83ef36fc?api-version=7.0

Answer : PATCH https://CONTOSOvault.vault.azure.net/certificates/WebsiteCertificate/3d31d7b36c942ad83ef36fc?api-version=7.0

Which of the following is not a configuration step required to create an Azure Monitor Alert?


Options are :

  • Define alert details
  • Define alert condition
  • Define action group
  • Define notification action

Answer : Define notification action

AZ-203 Microsoft Certified Azure Developer practice exams Set 9

Which single Azure SQL Database feature provides data security for data at rest, data in transit and data in use?


Options are :

  • Azure Key Vault
  • SSL/TLS 1.2
  • Always Encrypted
  • AES Encryption
  • Azure Storage Service Encryption
  • Transparent Data Encryption

Answer : Always Encrypted

You are configuring security for data in transit for an Azure App Service. Which of the following security tasks should be performed? Choose all that apply, do not choose any that does not apply.


Options are :

  • HTTPS enforced
  • Upload SSL Certificate
  • Minimum TLS version enforced
  • Bind SSL Certificate
  • Test HTTPS

Answer : HTTPS enforced Upload SSL Certificate Minimum TLS version enforced Bind SSL Certificate Test HTTPS

Which of the following statements is true for Azure Policy initiatives?


Options are :

  • A policy initiative is a policy assignment scope
  • A policy initiative is a policy assignment
  • A policy initiative is a collection of policies
  • A policy initiative is a policy definition
  • A policy initiative is a policy parameter

Answer : A policy initiative is a collection of policies

Ms Azure Administrator - Mock Test Set 8

You have synchronized your IT departments on-premises identities with Azure AD via the AD Connect tool. You need to onboard the rest of the on-premises users with the least amount of effort. What should you do?


Options are :

  • Uninstall and re-install the ADConnect tool
  • Stop the synchronization service
  • Restart the ADConnect VM
  • Re-run the ADConnect tool

Answer : Re-run the ADConnect tool

You are the administrator for the ACME banking group. You are responsible for managing the key vault in Azure called ACMEvault. You have decommissioned a production server which has its password stored in the key vault labelled "FinanceAdmin". You need to remove the password from the vault by using an API call. Which API call is correct?


Options are :

  • DELETE https://ACMEvault.vault.azure.net/secrets/FinanceAdmin?api-version=7.0
  • PURGE https://ACMEvault.vault.azure.net/secrets/FinanceAdmin?api-version=7.0
  • RECOVER https://ACMEvault.vault.azure.net/secrets/FinanceAdmin?api-version=7.0
  • 1. REMOVE https://ACMEvault.vault.azure.net/secrets/FinanceAdmin?api-version=7.0

Answer : DELETE https://ACMEvault.vault.azure.net/secrets/FinanceAdmin?api-version=7.0

Which of the following Azure features provide the capability to define and enforce security settings when new Azure resources are created?


Options are :

  • Azure Resource Manager
  • Azure Advanced Threat Protection
  • Role-Based Access Control
  • Azure Security Center
  • Azure Policy

Answer : Azure Policy

Azure AZ-500 Security Technologies Practice Test Set 2

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions