Provides a valid Microsoft Azure Security Engineer Associate az-500 exam dumps | 100% Free
Examdumpstraining shares online exam exercise questions all year round! Microsoft Azure Security Engineer Associate az-500 exam “Microsoft Azure Security Technologies” https://www.lead4pass.com/az-500.html (97 Q&As).Continue to study and we provide an updated cisco az-500 exam practice questions and answers. You can practice the test online!
Watch the Microsoft Azure Security Engineer Associate az-500 video tutorial online
Table of Contents:
- Latest Microsoft Azure Security Engineer Associate az-500 pdf
- Test your Microsoft Azure Security Engineer Associate az-500 exam level
- Related az-500 Popular Exam resources
- Get Lead4Pass Coupons (12% OFF)
- What are the advantages of Lead4pass?
Latest Microsoft Azure Security Engineer Associate az-500 pdf
[PDF] Free Microsoft Azure Security Engineer Associate az-500 pdf dumps download from Google Drive: https://drive.google.com/open?id=1wmsYeyeykzlfx271VyQr0Fy-W8hqGt3F
Exam AZ-500: Microsoft Azure Security Technologies (beta):https://www.microsoft.com/en-us/learning/exam-az-500.aspx
Candidates for this exam are Microsoft Azure security engineers who implement security controls, maintain the security posture,
manages identity and access, and protects data, applications, and networks. Candidates identify and remediate vulnerabilities by using
a variety of security tools implements threat protection and responds to security incident escalations. As a Microsoft Azure security
engineer, candidates often serve as part of a larger team dedicated to cloud-based management and security and may also secure hybrid
environments as part of an end-to-end infrastructure.
Skills measured
- Manage identity and access (20-25%)
- Implement platform protection (35-40%)
- Manage security operations (15-20%)
- Secure data and applications (30-35%)
Microsoft Azure Security Engineer Associate az-500 Exam Practice Questions
QUESTION 1
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain.
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named
contoso.com.
You plan to deploy Azure AD Connect and to integrate Active Directory and the Azure AD tenant.
You need to recommend an integration solution that meets the following requirements:
Ensures that password policies and user logon restrictions apply to user accounts that are synced to the tenant
Minimizes the number of servers required for the solution.
Which authentication method should you include in the recommendation?
A. federated identity with Active Directory Federation Services (AD FS)
B. password hash synchronization with seamless single sign-on (SSO)
C. pass-through authentication with seamless single sign-on (SSO)
Correct Answer: B
Password hash synchronization requires the least effort regarding deployment, maintenance, and infrastructure. This
level of effort typically applies to organizations that only need their users to sign in to Office 365, SaaS apps, and other
Azure AD-based resources. When turned on, password hash synchronization is part of the Azure AD Connect sync
process and runs every two minutes.
Incorrect Answers:
A: A federated authentication system relies on an external trusted system to authenticate users. Some companies want
to reuse their existing federated system investment with their Azure AD hybrid identity solution. The maintenance and
management of the federated system falls outside the control of Azure AD. It\\’s up to the organization by using the
federated system to make sure it\\’s deployed securely and can handle the authentication load.
C: For pass-through authentication, you need one or more (we recommend three) lightweight agents installed on
existing servers. These agents must have access to your on-premises Active Directory Domain Services, including your
on-premises AD domain controllers. They need outbound access to the Internet and access to your domain controllers.
For this reason, it\\’s not supported to deploy the agents in a perimeter network.
Pass-through Authentication requires unconstrained network access to domain controllers. All network traffic is
encrypted and limited to authentication requests.
References: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta
QUESTION 2
What is the membership of Group1 and Group2? To answer, select the appropriate options in the answer area. NOTE:
Each correct selection is worth one point.
Hot Area: 
Correct Answer:
Explanation:
Box 1: User1, User2, User3, User4
Contains “ON” is true for Montreal (User1), MONTREAL (User2), London (User 3), and Ontario (User4) as string and
regex operations are not case sensitive.
Box 2: Only User3
Match “*on” is only true for London (User3).
Scenario:
Contoso.com contains the users shown in the following table.
Contoso.com contains the security groups shown in the following table.
References: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
QUESTION 3
You need to ensure that users can access VM0. The solution must meet the platform protection requirements. What
should you do?
A. Move VM0 to Subnet1.
B. On Firewall, configure a network traffic filtering rule.
C. Assign RT1 to AzureFirewallSubnet.
D. On Firewall, configure a DNAT rule.
Correct Answer: A
Explanation:
Azure Firewall has the following known issue:
Conflict with Azure Security Center (ASC) Just-in-Time (JIT) feature.
If a virtual machine is accessed using JIT, and is in a subnet with a user-defined route that points to Azure Firewall as a
default gateway, ASC JIT doesn’t work. This is a result of asymmetric routing
QUESTION 4
You have an Azure subscription that contains the virtual networks shown in the following table.
The Azure virtual machines on SpokeVNetSubnet0 can communicate with the computers on the on-premises network.
You plan to deploy an Azure firewall to HubVNet.
You create the following two routing tables:
RT1: Includes a user-defined route that points to the private IP address of the Azure firewall as a next hop address RT2:
Disables BGP route propagation and defines the private IP address of the Azure firewall as the default gateway
You need to ensure that traffic between SpokeVNetSubnet0 and the on-premises network flows through the Azure
firewall.
To which subnet should you associate each route table? To answer, drag the appropriate subnets to the correct route
tables. Each subnet may be used once, more than once, or not at all. You may need to drag the split bar between panes
or
scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Correct Answer:
QUESTION 5
You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server 2016.
You need to implement a policy to ensure that each virtual machine has a custom antimalware virtual machine
extension installed.
How should you complete the policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: DeployIfNotExists
DeployIfNotExists executes a template deployment when the condition is met.
Box 2: Template
The details property of the DeployIfNotExists effects has all the subproperties that define the related resources to match
and the template deployment to execute.
Deployment [required]
This property should include the full template deployment as it would be passed to the Microsoft.Resources/deployment
References:
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects
QUESTION 6
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com.
The company is developing an application named App1. App1 will run as a service on server that runs Windows Server
2016. App1 will authenticate to contoso.com and access Microsoft Graph to read directory data.
You need to delegate the minimum required permissions to App1.
Which three actions should you perform in sequence from the Azure portal? To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Step 1: Create an app registration
First the application must be created/registered.
Step 2: Add an application permission
Application permissions are used by apps that run without a signed-in user present.
Step 3: Grant permissions
Incorrect Answers:
Delegated permission
Delegated permissions are used by apps that have a signed-in user present.
Application Proxy:
Azure Active Directory\\’s Application Proxy provides secure remote access to on-premises web applications.
References:
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent
QUESTION 7
Exhibit tab.)
You are testing an Azure Kubernetes Service (AKS) cluster. The cluster is configured as shown in the exhibit. (Click the 
You plan to deploy the cluster to production. You disable HTTP application routing.
You need to implement application routing that will provide reverse proxy and TLS termination for AKS services by using
a single IP address.
What should you do?
A. Create an AKS Ingress controller.
B. Install the container network interface (CNI) plug-in.
C. Create an Azure Standard Load Balancer.
D. Create an Azure Basic Load Balancer.
Correct Answer: A
An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and TLS termination
for Kubernetes services.
References: https://docs.microsoft.com/en-us/azure/aks/ingress-tls Topic 3, Manage security operations
QUESTION 8
Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory Azure (Azure AD)
tenant named contoso.com.
The company develops a mobile application named App1. App1 uses the OAuth 2 implicit grant type to acquire Azure
AD access tokens.
You need to register App1 in Azure AD.
What information should you obtain from the developer to register the application?
A. a redirect URI
B. a reply URL
C. a key
D. an application ID
Correct Answer: A
For Native Applications you need to provide a Redirect URI, which Azure AD will use to return token responses.
References: https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code
QUESTION 9
You need to configure an access review. The review will be assigned to a new collection of reviews and reviewed by
resource owners.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Step 1: Create an access review program Step 2: Create an access review control Step 3: Set Reviewers to Group
owners
In the Reviewers section, select either one or more people to review all the users in scope. Or you can select to have
the members review their own access. If the resource is a group, you can ask the group owners to review.
References:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review
https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-programs-controls
QUESTION 10
You need to create an Azure key vault. The solution must ensure that any object deleted from the key vault be retained
for 90 days.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: -EnablePurgeProtection
If specified, protection against immediate deletion is enabled for this vault; requires soft delete to be enabled as well.
Box 2: -EnableSoftDelete
Specifies that the soft-delete functionality is enabled for this key vault. When soft-delete is enabled, for a grace period,
you can recover this key vault and its contents after it is deleted.
References:
https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/new-azurermkeyvault
QUESTION 11
You have an Azure subscription named Sub1. Sub1 contains a virtual network named VNet1 that contains one subnet
named Subnet1.
You create a service endpoint for Subnet1.
Subnet1 contains an Azure virtual machine named VM1 that runs Ubuntu Server 18.04.
You need to deploy Docker containers to VM1. The containers must be able to access Azure Storage resources and
Azure SQL databases by using the service endpoint.
A. Create an application security group and a network security group (NSG).
B. Edit the docker-compose.yml file.
C. Install the container network interface (CNI) plug-in.
Correct Answer: C
The Azure Virtual Network container network interface (CNI) plug-in installs in an Azure Virtual Machine. The plug-in
supports both Linux and Windows platform. The plug-in assigns IP addresses from a virtual network to containers
brought
up in the virtual machine, attaching them to the virtual network, and connecting them directly to other containers and
virtual network resources. The plug-in doesn\\’t rely on overlay networks, or routes, for connectivity, and provides the
same
performance as virtual machines.
The following picture shows how the plug-in provides Azure Virtual Network capabilities to Pods:
References: https://docs.microsoft.com/en-us/azure/virtual-network/container-networking-overview
QUESTION 12
You suspect that users are attempting to sign in to resources to which they have no access.
You need to create an Azure Log Analytics query to identify failed user sign-in attempts from the last three days. The
results must only show users who had more than five failed sign-in attempts.
How should you configure the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
The following example identifies user accounts that failed to log in more than five times in the last day, and when they
last attempted to log in.
let timeframe = 1d; SecurityEvent | where TimeGenerated > ago(1d) | where AccountType == \\’User\\’ and EventID ==
4625 // 4625 – failed log in | summarize failed_login_attempts=count(), latest_failed_login=arg_max(TimeGenerated,
Account) by Account | where failed_login_attempts > 5 | project-away Account1
References: https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/examples
QUESTION 13
You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the
following table.
You configure an access review named Review1 as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information
presented in the graphic. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: User3 only
Use the Members (self) option to have the users review their own role assignments.
Box 2: User3 will receive a confirmation request
Use the Should reviewer not respond list to specify what happens for users that are not reviewed by the reviewer within
the review period. This setting does not impact users who have been reviewed by the reviewers manually. If the final
reviewer\\’s decision is Deny, then the user\\’s access will be removed.
No change – Leave user\\’s access unchanged
Remove access – Remove user\\’s access
Approve access – Approve user\\’s access
Take recommendations – Take the system\\’s recommendation on denying or approving the user\\’s continued access
References:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-start-security-review
Related az-500 Popular Exam resources
| title | youtube | Microsoft | lead4pass | Lead4Pass Total Questions | |
|---|---|---|---|---|---|
| Microsoft Azure Security Engineer Associate | lead4pass az-500 dumps pdf | lead4pass az-500 youtube | Exam AZ-500: Microsoft Azure Security Technologies (beta) | https://www.lead4pass.com/az-500.html | 97 Q&A |
Get Lead4Pass Coupons(12% OFF)
What are the advantages of Lead4pass?
We have a number of Cisco, Microsoft, IBM, CompTIA and other exam experts. We update exam data throughout the year.
Top exam pass rate! We have a large user base. We are an industry leader! Choose Lead4Pass to pass the exam with ease!
Summarize:
The free Microsoft Azure Security Engineer Associate az-500 exam dumps can help you improve your skills and exam experience!
To pass the cisco az-500 exam at once: https://www.lead4pass.com/az-500.html We make Microsoft az-500 videos and az-500 pdf for you to learn! I hope you can pass the exam easily.
- Published On : 3 years ago on September 30, 2019
- Author By : admin
- Last Updated : September 30, 2019 @ 6:40 am
- In The Categories Of : Azure Security Engineer Associate, Microsoft
- Tagged With : az-500 exam dumps, az-500 exam questions, az-500 practice exam, az-500 study guide
NEXT ARTICLE
Easy to learn, you’ll pass the Microsoft MCSE 70-412 exam! Free 70-412 dumps
PREVIOUS ARTICLE
Microsoft 70-483 exam questions, 70-483 dumps easy to prepare for passing exams
About the author
admin
Share free EMC IT certification exam questions (CLOUD, CONVERGED INFRASTRUCTURE, DATA PROTECTION, DATA SCIENCE, NETWORKING, SECURITY, SERVERS, Dell Technologies vSAN Ready Node...). Participate in EMC community practice and use community recommendations to easily pass the exam.