Best Free Actual Exam Prep Sources

JOB Exam Prep
Menu

Microsoft Azure : AZ-500 Microsoft Azure Security Technologies Questions and Answers

👉Get Full PDF

Question.1
HOTSPOT – Your company has an Azure subscription named Subscription1. Subscription1 is associated with the Azure Active Directory tenant that includes the users shown in the following table.

The company is sold to a new owner. The company needs to transfer ownership of Subscription1. Which user can transfer the ownership and which tool should the user use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:

1. Click here to View Answer

Correct Answer :

Exaplanation : 1. User2-Billing Administrator 2. Azure Portal ( Azure account center)

Question.2
HOTSPOT – You have an Azure Subscription that is connected to an on-premises datacenter and contains the resources shown in the following table

You need to configure virtual network service endpoints for VNet1 and VNet2. The solution must meet the following requirements: •The virtual machines that connect to the subnet of VNet1 must access storage1, storage2, and Azure AD by using the Microsoft backbone network. •The virtual machines that connect to the subnet of VNet2 must access storage1 and KeyVault1 by using the Microsoft backbone network. •The virtual machines must use the Microsoft backbone network to communicate between VNet1 and VNet2. How many service endpoints should you configure for each virtual network? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
2. Click here to View Answer

Correct Answer :

Exaplanation : VNet1: 1 VNet2: 2

Question.3
DRAG DROP – You have an Azure subscription that contains 100 virtual machines. Azure Diagnostics is enabled on all the virtual machines. You are planning the monitoring of Azure services in the subscription. You need to retrieve the following details: ✑ Identify the user who deleted a virtual machine three weeks ago. ✑ Query the security events of a virtual machine that runs Windows Server 2016. What should you use in Azure Monitor? To answer, drag the appropriate configuration settings to the correct details. Each configuration setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place:
3. Click here to View Answer

Correct Answer :

Exaplanation : Box1: Activity log – Azure activity logs provide insight into the operations that were performed on resources in your subscription. Activity logs were previously known as audit logs or operational logs, because they report control-plane events for your subscriptions. Activity logs help you determine the what, who, and when for write operations (that is, PUT, POST, or DELETE). Box 2: Logs – Log Integration collects Azure diagnostics from your Windows virtual machines, Azure activity logs, Azure Security Center alerts, and Azure resource provider logs. This integration provides a unified dashboard for all your assets, whether they’re on-premises or in the cloud, so that you can aggregate, correlate, analyze, and alert for security events. Reference: https://docs.microsoft.com/en-us/azure/security/azure-log-audit

Question.4
HOTSPOT – You have an Azure subscription that contains an Azure key vault. The role assignments for the key vault are shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Hot Area:
4. Click here to View Answer

Correct Answer :

Exaplanation : User1 – has ownership at subscription level therefore has access to the control plane of the key vault but not to the data plane. therefore User1 can manage RBAC permissions but cannot create/access keys or secrets (unless bthey can grant themself ‘Key Administrator’ access and do this, which again does not show up in this RBACs listed so we cannot assume that) – Therefore User1 has not access to the keys or secrets in this vault User2 – Is a Key VAult Crypto officer for the KeyVault1. so according to this:https://learn.microsoft.com/enus/azure/key-vault/general/rbac-guide?tabs=azure-cli#azure-built-in-roles-for-key-vault-data-planeoperations , they can manage keys (but not access secrets or manage permissions) User3 – Is a Secrets officer for the KeyVault1 scope. they can access secrets data in this key vault User4 – Here’s a tricky one. while they are indeed given ‘Key Vault Administrator’, notice the scope is set to “../KeyVault1/Keys/Key1”. So they should only be able to work with that key. 1st box – Only User2 2nd box – Only User3

Question.5
You have a sneaking suspicion that there are users trying to sign in to resources which are inaccessible to them. You decide to create an Azure Log Analytics query to confirm your suspicions. The query will detect unsuccessful user sign-in attempts from the last few days. You want to make sure that the results only show users who had failed to sign-in more than five times. Which of the following should be included in your query?

(A) The EventID and CountIf() parameters.
(B) The ActivityID and CountIf() parameters.
(C) The EventID and Count() parameters.
(D) The ActivityID and Count() parameters.
5. Click here to View Answer

Correct Answer : C

Exaplanation : KUSTO Query let timeframe = 1d; SecurityEvent | where TimeGenerated > ago(1d) | where AccountType == ‘User’ and EventID == 4625 // 4625 – failed log in | summarize failed_login_attempts=count(), latest_failed_login=arg_max(TimeGenerated, Account) by Account | where failed_login_attempts > 5 | project-away Account1 Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/examples

Pages: 1 2 3
Scroll to Top