2019 Lead4pass Free Latest IT Cert Exam Dumps

High Quality Latest Microsoft, Cisco, CompTIA, VMware And Other IT Cert Exam Dumps With 100% Pass Guarantee

Provides a valid Microsoft Azure Security Engineer Associate az-500 exam dumps | 100% Free

Examdumpstraining shares online exam exercise questions all year round! Microsoft Azure Security Engineer Associate az-500 exam “Microsoft Azure Security Technologies” https://www.lead4pass.com/az-500.html (97 Q&As).Continue to study and we provide an updated cisco az-500 exam practice questions and answers. You can practice the test online!

Watch the Microsoft Azure Security Engineer Associate az-500 video tutorial online

Table of Contents:

Latest Microsoft Azure Security Engineer Associate az-500 pdf

[PDF] Free Microsoft Azure Security Engineer Associate az-500 pdf dumps download from Google Drive: https://drive.google.com/open?id=1wmsYeyeykzlfx271VyQr0Fy-W8hqGt3F

Exam AZ-500: Microsoft Azure Security Technologies (beta):https://www.microsoft.com/en-us/learning/exam-az-500.aspx

Candidates for this exam are Microsoft Azure security engineers who implement security controls, maintain the security posture,
manages identity and access, and protects data, applications, and networks. Candidates identify and remediate vulnerabilities by using
a variety of security tools implements threat protection and responds to security incident escalations. As a Microsoft Azure security
engineer, candidates often serve as part of a larger team dedicated to cloud-based management and security and may also secure hybrid
environments as part of an end-to-end infrastructure.

Skills measured

  • Manage identity and access (20-25%)
  • Implement platform protection (35-40%)
  • Manage security operations (15-20%)
  • Secure data and applications (30-35%)

Microsoft Azure Security Engineer Associate az-500 Exam Practice Questions

QUESTION 1

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. 

You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named

contoso.com. 

You plan to deploy Azure AD Connect and to integrate Active Directory and the Azure AD tenant. 

You need to recommend an integration solution that meets the following requirements: 

Ensures that password policies and user logon restrictions apply to user accounts that are synced to the tenant 

Minimizes the number of servers required for the solution. 

Which authentication method should you include in the recommendation? 

A. federated identity with Active Directory Federation Services (AD FS) 

B. password hash synchronization with seamless single sign-on (SSO) 

C. pass-through authentication with seamless single sign-on (SSO) 

Correct Answer: B 

Password hash synchronization requires the least effort regarding deployment, maintenance, and infrastructure. This

level of effort typically applies to organizations that only need their users to sign in to Office 365, SaaS apps, and other

Azure AD-based resources. When turned on, password hash synchronization is part of the Azure AD Connect sync

process and runs every two minutes. 

Incorrect Answers: 

A: A federated authentication system relies on an external trusted system to authenticate users. Some companies want

to reuse their existing federated system investment with their Azure AD hybrid identity solution. The maintenance and

management of the federated system falls outside the control of Azure AD. It\\’s up to the organization by using the

federated system to make sure it\\’s deployed securely and can handle the authentication load. 

C: For pass-through authentication, you need one or more (we recommend three) lightweight agents installed on

existing servers. These agents must have access to your on-premises Active Directory Domain Services, including your

on-premises AD domain controllers. They need outbound access to the Internet and access to your domain controllers.

For this reason, it\\’s not supported to deploy the agents in a perimeter network. 

Pass-through Authentication requires unconstrained network access to domain controllers. All network traffic is

encrypted and limited to authentication requests. 

References: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta 

 

QUESTION 2

What is the membership of Group1 and Group2? To answer, select the appropriate options in the answer area. NOTE:

Each correct selection is worth one point. 

Hot Area: lead4pass az-500 exam question q2

Correct Answer:

lead4pass az-500 exam question q2-1

Explanation:
Box 1: User1, User2, User3, User4
Contains “ON” is true for Montreal (User1), MONTREAL (User2), London (User 3), and Ontario (User4) as string and
regex operations are not case sensitive.
Box 2: Only User3
Match “*on” is only true for London (User3).
Scenario:
Contoso.com contains the users shown in the following table.

lead4pass az-500 exam question q2-3

Contoso.com contains the security groups shown in the following table.

lead4pass az-500 exam question q2-4

References: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership

 

QUESTION 3
You need to ensure that users can access VM0. The solution must meet the platform protection requirements. What
should you do?
A. Move VM0 to Subnet1.
B. On Firewall, configure a network traffic filtering rule.
C. Assign RT1 to AzureFirewallSubnet.
D. On Firewall, configure a DNAT rule.
Correct Answer: A
Explanation:
Azure Firewall has the following known issue:
Conflict with Azure Security Center (ASC) Just-in-Time (JIT) feature.
If a virtual machine is accessed using JIT, and is in a subnet with a user-defined route that points to Azure Firewall as a
default gateway, ASC JIT doesn’t work. This is a result of asymmetric routing

 

QUESTION 4
You have an Azure subscription that contains the virtual networks shown in the following table.lead4pass az-500 exam question q4

The Azure virtual machines on SpokeVNetSubnet0 can communicate with the computers on the on-premises network.
You plan to deploy an Azure firewall to HubVNet.
You create the following two routing tables:
RT1: Includes a user-defined route that points to the private IP address of the Azure firewall as a next hop address RT2:
Disables BGP route propagation and defines the private IP address of the Azure firewall as the default gateway
You need to ensure that traffic between SpokeVNetSubnet0 and the on-premises network flows through the Azure
firewall.
To which subnet should you associate each route table? To answer, drag the appropriate subnets to the correct route
tables. Each subnet may be used once, more than once, or not at all. You may need to drag the split bar between panes
or
scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

lead4pass az-500 exam question q4-1

Correct Answer:

lead4pass az-500 exam question q4-2

 

QUESTION 5
You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server 2016.
You need to implement a policy to ensure that each virtual machine has a custom antimalware virtual machine
extension installed.
How should you complete the policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:lead4pass az-500 exam question q5

Correct Answer:

lead4pass az-500 exam question q5-1

Box 1: DeployIfNotExists
DeployIfNotExists executes a template deployment when the condition is met.
Box 2: Template
The details property of the DeployIfNotExists effects has all the subproperties that define the related resources to match
and the template deployment to execute.
Deployment [required]
This property should include the full template deployment as it would be passed to the Microsoft.Resources/deployment
References:
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects

 

QUESTION 6
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com.
The company is developing an application named App1. App1 will run as a service on server that runs Windows Server
2016. App1 will authenticate to contoso.com and access Microsoft Graph to read directory data.
You need to delegate the minimum required permissions to App1.
Which three actions should you perform in sequence from the Azure portal? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

lead4pass az-500 exam question q6

Correct Answer:

lead4pass az-500 exam question q6-1

Step 1: Create an app registration
First the application must be created/registered.
Step 2: Add an application permission
Application permissions are used by apps that run without a signed-in user present.
Step 3: Grant permissions
Incorrect Answers:
Delegated permission
Delegated permissions are used by apps that have a signed-in user present.
Application Proxy:
Azure Active Directory\\’s Application Proxy provides secure remote access to on-premises web applications.
References:
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent

 

QUESTION 7
Exhibit tab.)
You are testing an Azure Kubernetes Service (AKS) cluster. The cluster is configured as shown in the exhibit. (Click the lead4pass az-500 exam question q7

You plan to deploy the cluster to production. You disable HTTP application routing.
You need to implement application routing that will provide reverse proxy and TLS termination for AKS services by using
a single IP address.
What should you do?
A. Create an AKS Ingress controller.
B. Install the container network interface (CNI) plug-in.
C. Create an Azure Standard Load Balancer.
D. Create an Azure Basic Load Balancer.
Correct Answer: A
An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and TLS termination
for Kubernetes services.
References: https://docs.microsoft.com/en-us/azure/aks/ingress-tls Topic 3, Manage security operations

 

QUESTION 8
Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory Azure (Azure AD)
tenant named contoso.com.
The company develops a mobile application named App1. App1 uses the OAuth 2 implicit grant type to acquire Azure
AD access tokens.
You need to register App1 in Azure AD.
What information should you obtain from the developer to register the application?
A. a redirect URI
B. a reply URL
C. a key
D. an application ID
Correct Answer: A
For Native Applications you need to provide a Redirect URI, which Azure AD will use to return token responses.
References: https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code

 

QUESTION 9
You need to configure an access review. The review will be assigned to a new collection of reviews and reviewed by
resource owners.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.
Select and Place:lead4pass az-500 exam question q9

Correct Answer:

lead4pass az-500 exam question q9-1

Step 1: Create an access review program Step 2: Create an access review control Step 3: Set Reviewers to Group
owners
In the Reviewers section, select either one or more people to review all the users in scope. Or you can select to have
the members review their own access. If the resource is a group, you can ask the group owners to review.

lead4pass az-500 exam question q9-2

References:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review
https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-programs-controls

 

QUESTION 10
You need to create an Azure key vault. The solution must ensure that any object deleted from the key vault be retained
for 90 days.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:lead4pass az-500 exam question q10

Correct Answer:

lead4pass az-500 exam question q10-1

Box 1: -EnablePurgeProtection
If specified, protection against immediate deletion is enabled for this vault; requires soft delete to be enabled as well.
Box 2: -EnableSoftDelete
Specifies that the soft-delete functionality is enabled for this key vault. When soft-delete is enabled, for a grace period,
you can recover this key vault and its contents after it is deleted.
References:
https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/new-azurermkeyvault

 

QUESTION 11
You have an Azure subscription named Sub1. Sub1 contains a virtual network named VNet1 that contains one subnet
named Subnet1.
You create a service endpoint for Subnet1.
Subnet1 contains an Azure virtual machine named VM1 that runs Ubuntu Server 18.04.
You need to deploy Docker containers to VM1. The containers must be able to access Azure Storage resources and
Azure SQL databases by using the service endpoint.
A. Create an application security group and a network security group (NSG).
B. Edit the docker-compose.yml file.
C. Install the container network interface (CNI) plug-in.
Correct Answer: C
The Azure Virtual Network container network interface (CNI) plug-in installs in an Azure Virtual Machine. The plug-in
supports both Linux and Windows platform. The plug-in assigns IP addresses from a virtual network to containers
brought
up in the virtual machine, attaching them to the virtual network, and connecting them directly to other containers and
virtual network resources. The plug-in doesn\\’t rely on overlay networks, or routes, for connectivity, and provides the
same
performance as virtual machines.
The following picture shows how the plug-in provides Azure Virtual Network capabilities to Pods:lead4pass az-500 exam question q11

References: https://docs.microsoft.com/en-us/azure/virtual-network/container-networking-overview

 

QUESTION 12
You suspect that users are attempting to sign in to resources to which they have no access.
You need to create an Azure Log Analytics query to identify failed user sign-in attempts from the last three days. The
results must only show users who had more than five failed sign-in attempts.
How should you configure the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:lead4pass az-500 exam question q12

Correct Answer:

lead4pass az-500 exam question q12-1

The following example identifies user accounts that failed to log in more than five times in the last day, and when they
last attempted to log in.
let timeframe = 1d; SecurityEvent | where TimeGenerated > ago(1d) | where AccountType == \\’User\\’ and EventID ==
4625 // 4625 – failed log in | summarize failed_login_attempts=count(), latest_failed_login=arg_max(TimeGenerated,
Account) by Account | where failed_login_attempts > 5 | project-away Account1
References: https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/examples

 

QUESTION 13
You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the
following table.lead4pass az-500 exam question q13

You configure an access review named Review1 as shown in the following exhibit.

lead4pass az-500 exam question q13-1

Use the drop-down menus to select the answer choice that completes each statement based on the information
presented in the graphic. NOTE: Each correct selection is worth one point.
Hot Area:

lead4pass az-500 exam question q13-2

Correct Answer:

lead4pass az-500 exam question q13-3

Box 1: User3 only
Use the Members (self) option to have the users review their own role assignments.
Box 2: User3 will receive a confirmation request
Use the Should reviewer not respond list to specify what happens for users that are not reviewed by the reviewer within
the review period. This setting does not impact users who have been reviewed by the reviewers manually. If the final
reviewer\\’s decision is Deny, then the user\\’s access will be removed.
No change – Leave user\\’s access unchanged
Remove access – Remove user\\’s access
Approve access – Approve user\\’s access
Take recommendations – Take the system\\’s recommendation on denying or approving the user\\’s continued access
References:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-start-security-review

Related az-500 Popular Exam resources

titlepdf youtube Microsoft lead4pass Lead4Pass Total Questions
Microsoft Azure Security Engineer Associate lead4pass az-500 dumps pdf lead4pass az-500 youtube Exam AZ-500: Microsoft Azure Security Technologies (beta) https://www.lead4pass.com/az-500.html 97 Q&A

Get Lead4Pass Coupons(12% OFF)

lead4pass coupon

What are the advantages of Lead4pass?

We have a number of Cisco, Microsoft, IBM, CompTIA and other exam experts. We update exam data throughout the year.
Top exam pass rate! We have a large user base. We are an industry leader! Choose Lead4Pass to pass the exam with ease!

why lead4pass

Summarize:

The free Microsoft Azure Security Engineer Associate az-500 exam dumps can help you improve your skills and exam experience!
To pass the cisco az-500 exam at once: https://www.lead4pass.com/az-500.html We make Microsoft az-500 videos and az-500 pdf for you to learn! I hope you can pass the exam easily.

';