AZ-500 Online Practice Questions and Answers

Correct Answer:

Correct Answer:

Box 1: Yes

Eligible Type: A role assignment that requires a user to perform one or more actions to use the role. If a user has been made eligible for a role, that means they can activate the role when they need to perform privileged tasks. There's no

difference in the access given to someone with a permanent versus an eligible role assignment. The only difference is that some people don't need that access all the time.

You can choose from two assignment duration options for each assignment type (eligible and active) when you configure settings for a role. These options become the default maximum duration when a user is assigned to the role in

Privileged Identity Management.

Use the Activation maximum duration slider to set the maximum time, in hours, that a role stays active before it expires. This value can be from one to 24 hours.

Box 2: Yes

Active Type: A role assignment that doesn't require a user to perform any action to use the role. Users assigned as active have the privileges assigned to the role

Box 3: Yes

User3 is member of Group2.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

https://docs.microsoft.com/bs-cyrl-ba/azure/active-directory/privileged-identity-management/pim-resource-roles-configure-role-settings

Correct Answer:

Reference: https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-naming-policy

Correct Answer:

Correct Answer:

Reference: https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/billing-subscription-transfer

Correct Answer:

Correct Answer: A

The "Secure transfer required" feature is now supported in Azure Storage account. This feature enhances the security of your storage account by enforcing all requests to your account through a secure connection. This feature is disabled by default.

1.

In Azure Portal select you Azure Storage account rg1lod10598168n1.

2.

Select Configuration, and Secure Transfer required.

Reference: https://techcommunity.microsoft.com/t5/Azure/quot-Secure-transfer-required-quot-is-available-in-Azure-Storage/m-p/82475

Correct Answer: A

You need to configure VNet Peering between the two networks. The questions states, “The solution must ensure that virtual machines connected to VNET1 can communicate with virtual machines connected to VNET2”. It doesn't say the VMs on VNET2 should be able to communicate with VMs on VNET1. Therefore, we need to configure the peering to allow just the one-way communication.

1.

In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET1. Alternatively, browse to Virtual Networks in the left navigation pane.

2.

In the properties of VNET1, click on Peerings.

3.

In the Peerings blade, click Add to add a new peering.

4.

In the Name of the peering from VNET1 to remote virtual network box, enter a name such as VNET1-VNET2 (this is the name that the peering will be displayed as in VNET1)

5.

In the Virtual Network box, select VNET2.

6.

In the Name of the peering from remote virtual network to VNET1 box, enter a name such as VNET2-VNET1 (this is the name that the peering will be displayed as in VNET2). There is an option Allow virtual network access from VNET to remote virtual network. This should be left as Enabled.

7.

For the option Allow virtual network access from remote network to VNET1, click the slider button to Disabled.

8.

Click the OK button to save the changes.

Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering

Correct Answer: A

In order to make sure the encryption secrets don't cross regional boundaries, Azure Disk Encryption needs the Key Vault and the VMs to be co-located in the same region. Create and use a Key Vault that is in the same region as the VM to be encrypted.

Reference: https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-prerequisites

Correct Answer: C

Reference: https://docs.microsoft.com/en-us/azure/security-center/azure-defender

Correct Answer: A

An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and TLS termination for Kubernetes services.

Reference: https://docs.microsoft.com/en-us/azure/aks/ingress-tls

Correct Answer: BD

Reference: https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/new-azurermkeyvault https://docs.microsoft.com/en-us/azure/key-vault/key-vault-ovw-soft-delete

Correct Answer: D

Correct Answer: D

Azure Policy example Usage Scenarios include:

You want to improve the security posture of your company by implementing requirements around minimum key sizes and maximum validity periods of certificates in your company's key vaults but you don't know which teams will be compliant

and which are not.

Note: Azure Policy is a governance tool that gives users the ability to audit and manage their Azure environment at scale. Azure Policy provides the ability to place guardrails on Azure resources to ensure they are compliant with assigned

policy rules. It allows users to perform audit, real-time enforcement, and remediation of their Azure environment. The results of audits performed by policy will be available to users in a compliance dashboard where they will be able to see a

drill down of which resources and components are compliant and which are not.

Reference: https://docs.microsoft.com/en-us/azure/key-vault/general/azure-policy

Correct Answer: A

Customize the set of standards in your regulatory compliance dashboard

How are regulatory compliance standards represented in Defender for Cloud?

Industry standards, regulatory standards, and benchmarks are represented in Defender for Cloud's regulatory compliance dashboard. Each standard is an initiative defined in Azure Policy.

To see compliance data mapped as assessments in your dashboard, add a compliance standard to your management group or subscription from within the Security policy page.

When you've assigned a standard or benchmark to your selected scope, the standard appears in your regulatory compliance dashboard with all associated compliance data mapped as assessments. You can also download summary reports

for any of the standards that have been assigned.

Add a standard to your Azure resources

1.

From Defender for Cloud's menu, select Regulatory compliance to open the regulatory compliance dashboard. Here you can see the compliance standards currently assigned to the currently selected subscriptions.

2.

From the top of the page, select Manage compliance policies.

3.

Select the subscription or management group for which you want to manage the regulatory compliance posture.

Tip

We recommend selecting the highest scope for which the standard is applicable so that compliance data is aggregated and tracked for all nested resources.

4.

Select Security policy.

5.

Expand the Industry and regulatory standards section and select Add more standards.

6.

From the Add regulatory compliance standards page, you can search for any of the available standards

7.

Select Add and enter all the necessary details for the specific initiative such as scope, parameters, and remediation.

8.

From Defender for Cloud's menu, select Regulatory compliance again to go back to the regulatory compliance dashboard.

Your new standard appears in your list of Industry and regulatory standards.

Note

It may take a few hours for a newly added standard to appear in the compliance dashboard.

Reference:

https://learn.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages