Azure AZ-500 Security Technologies Practice Test Set 8

Which of the following tools do you use to conduct an identity access review on Azure Active Directory roles or Azure Resource roles?


Options are :

  • Azure AD Identity Protection
  • Azure AD Privileged Identity Management
  • Azure AD Connect
  • Azure AD Premium P2

Answer : Azure AD Privileged Identity Management

Azure AZ-500 Security Technologies Practice Test Set 8

How can you choose when a user will be prompted for MFA?


Options are :

  • By configuring users with enforced for MFA to be prompted for MFA at every login
  • By configuring Azure AD conditional access
  • By deploying Microsoft Intune
  • By deploying Microsoft Cloud App Security

Answer : By configuring Azure AD conditional access

Where can you buy an Azure AD Premium P2 subscription?


Options are :

  • Azure marketplace
  • Azure portal
  • Retail outlet
  • M365 admin portal
  • aad.portal.azure.com

Answer : M365 admin portal

What is the OpenID Connect authentication provider in Azure?


Options are :

  • Azure Log Analytics Workspace
  • Azure Security Center
  • Azure Monitor
  • Azure Active Directory

Answer : Azure Active Directory

Azure AZ-500 Security Technologies Practice Test Set 6

Which two of these offer a limited set of MFA functionality?


Options are :

  • MFA for Office 365
  • Azure MFA
  • MFA for Azure AD Admins
  • Azure AD Premium P1
  • Azure AD Premium P2

Answer : MFA for Office 365 MFA for Azure AD Admins

When creating a custom Azure Information Protection label condition, what format is used to configure the condition?


Options are :

  • XML
  • JSON
  • OAuth
  • REGEX
  • FIND

Answer : REGEX

See the exhibit.

You have a corporate compliance requirement that mandates bring your own key for all SQL databases for data at rest encryption. Which area would you use to configure this?


Options are :

  • Properties
  • Locks
  • Advanced Data Security
  • Transparent data encryption

Answer : Transparent data encryption

AZ-103 Microsoft Azure Administrator Practice Exam Questions Set 5

You have a preconfigured Kay Vault and VM. Which two of the following steps do you have to perform to apply ADE to a VM?


Options are :

  • Enable the key vault for virtual machines deployment
  • Enable the key vault for volume encryption
  • Use the New-AzKeyvault PowerShell commandlet
  • Use the Get-AzKeyvault PowerShell commandlet
  • Use the Set-AzVMDiskEncryptionExtension PowerShell commandlet

Answer : Use the Set-AzVMDiskEncryptionExtension PowerShell commandlet

A certain user is in scope for the global information protection policy in AIP as well as for a number of other policies. These policies have conflicting settings. Which settings are effectively applied to the user?


Options are :

  • The most restrictive policy
  • The least restrictive policy
  • The last policy on the list
  • The first policy on the list

Answer : The last policy on the list

You have Azure Key Vault deployed and want to delegate administrative access.


Options are :

  • Set key vault policy: RBAC
  • Set key vault policy: Key Vault access policy
  • Add and delete certificates: RBAC
  • Add and delete certificates: Key Vault access policy

Answer : Set key vault policy: RBAC Add and delete certificates: Key Vault access policy

Azure AZ-500 Security Technologies Practice Test Set 7

Using a connection string containing the access key in an application configuration filr to access an Azure storage account is considered insecure. Microsoft recommends to use Azure Key vault to store the connection string for use with the applicaiton. How does Azure Key vault ensure that only authorised accounts get to access the connection string? Each answer is part of the solution.


Options are :

  • Built-in firewall
  • Azure AD App registration
  • Azure RBAC
  • Network Security Group
  • Azure Application Gateway with Web Application Firewall

Answer : Azure AD App registration Azure RBAC

By default, Azure storage accounts are exposed to the internet and allow access to anyone with the storage account key, a shared access signature or the appropriate Azure RBAC permissions.

You want to remove this default internet access and only allow trusted Microsoft services to access the storage account. Which option on the Exhibit would you choose to accomplish your task?


Options are :

  • Access control (IAM)
  • Access keys
  • Configuration
  • Shared access signature
  • Firewalls and virtual networks
  • Locks

Answer : Firewalls and virtual networks

What VM extension is loaded when you connect a VM Azure Security Center?


Options are :

  • Microsoft Antimalware
  • Microsoft Monitoring Agent
  • Microsoft Log Analytics Agent
  • Microsoft Operations Management Suite (OMS)

Answer : Microsoft Monitoring Agent

Azure AZ-500 Security Technologies Practice Test Set 6

What are the two fundamental types of data used by Azure Monitor?


Options are :

  • Azure audit data
  • O365 audit data
  • Metrics
  • Telemetry
  • Subscription analytics
  • Logs
  • Traces

Answer : Metrics Logs

What are the three items you have to configure when creating an Azure Monitor Alert Rule?


Options are :

  • Resource
  • Resource group
  • Subscription
  • Action
  • Notification
  • Condition
  • Alert logic
  • Signal

Answer : Resource Action Condition

What VM extension is loaded when you connect a VM to Azure Log Analytics?


Options are :

  • Microsoft Antimalware
  • Microsoft Monitoring Agent
  • Microsoft Log Analytics Agent
  • Microsoft Operations Management Suite (OMS)

Answer : Microsoft Monitoring Agent

Azure AZ-500 Security Technologies Practice Test Set 3

What underlying resource does Azure Security Center use to enforce JIT VM Access?


Options are :

  • Azure Security Center Standard
  • Azure Firewall
  • Azure Active Directory
  • Azure RBAC
  • Network Security Group
  • Application Security Group
  • Azure Privileged Identity Management (PIM)

Answer : Network Security Group

You are setting up AAD Connect. You must enforce the principle of least privilege.  What roles do you need to accomplish your goal?


Options are :

  • Global Administrator on AAD
  • Enterprise Administrator on AD
  • User Administrator on AAD
  • Domain Administrator on AD

Answer : Global Administrator on AAD Enterprise Administrator on AD

Organise the following built-in RBAC roles into Azure AD and Azure Resource (RBAC) roles by selecting only the Azure Resource (RBAC) roles.


Options are :

  • User Access Administrator
  • Owner
  • Global Administrator
  • User Administrator
  • Billing Administrator
  • Contributor
  • Reader

Answer : User Access Administrator Owner Contributor Reader

AZ-900 Microsoft Azure Fundamentals Original Practice Tests Set 4

You are configuring AAD Identity Protection. You want to force a user to do a password change if the determined risk level is high. Which of the following do you configure?


Options are :

  • Sign-in risk policy
  • User risk policy
  • Conditional access policy
  • MFA policy
  • Password policy

Answer : User risk policy

What two components must be configured by the application developer for the application that have been registered with AAD for modern user authentication?


Options are :

  • Tenant ID
  • Client ID
  • Redirect URL
  • App Secret

Answer : Tenant ID Client ID

You deploy an Azure Kubernetes Cluster and need to configure a reverse proxy TLS termination. What component do you deploy?


Options are :

  • AKS Ingress Controller
  • Container Network Interface (CNI) plug-in
  • Azure load balancer
  • Azure Application Gateway
  • AKS AppArmor
  • AKS Container Registry

Answer : AKS Ingress Controller

Azure AZ-500 Security Technologies Practice Test Set 7

See the exhibit.

Which of the following is the correct route in the route table associated with GatewaySubnet?


Options are :

  • Prefix: 10.0.1.4/24; Next Hop: 0.0.0.0
  • Prefix: 10.0.2.0/24; Next Hop: 10.0.1.4
  • Prefix: 10.0.1.0/24; Next Hop: 192.168.1.1
  • Prefix: 0.0.0.0/0; Next Hop: 10.0.1.4
  • Prefix: 10.0.0.0/8; Next Hop: 10.0.1.4

Answer : Prefix: 10.0.0.0/8; Next Hop: 10.0.1.4

Which of the following VM series is not supported for Azure Disk Encryption?


Options are :

  • B-Series - burstable
  • D-Series - general purpose
  • F-Series - compute optimised
  • M-Series - memory optimised
  • N-Series - GPU optimised

Answer : B-Series - burstable

What are the three advanced data security capabilities of Azure SQL Database?


Options are :

  • Firewall
  • Vulnerability assessment
  • Data classification
  • Anti-malware
  • Advanced threat protection
  • Identity and Access Management

Answer : Vulnerability assessment Data classification Advanced threat protection

Azure AZ-500 Security Technologies Practice Test Set 3

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions