👉Get Full PDF
| Question.6 You have an Azure subscription that contains the subnets shown in the following table. The subscription contains an Azure web app named WebApp1 that has the following configurations: •Region: West US •Virtual network: VNet1 •VNet integration: Enabled •Outbound subnet: Subnet11 •Windows plan (West US): ASP1 You plan to deploy an Azure web app named WebApp2 that will have the following settings: •Region: West US •VNet integration: Enabled •Windows plan (West US): ASP1 To which subnets can you integrate WebApp2? (A) Subnet11 only (B) Subnet12 only (C) Subnet11 or Subnet12 only (D) Subnet12 or Subnet21 only (E) Subnet11, Subnet12, or Subnet21 |
6. Click here to View Answer
Correct Answer : D
Exaplanation : Correct answer is D. Subnet12 or Subnet21 only. https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration
| Question.7 After creating a new Azure subscription, you are tasked with making sure that custom alert rules can be created in Azure Security Center. You have created an Azure Storage account. Which of the following is the action you should take? (A) You should make sure that Azure Active Directory (Azure AD) Identity Protection is removed. (B) You should create a DLP policy. (C) You should create an Azure Log Analytics workspace. (D) You should make sure that Security Center has the necessary tier configured. |
7. Click here to View Answer
Correct Answer : C
Exaplanation : C: You need write permission in the workspace that you select to store your custom alert. Reference: https://docs.microsoft.com/en-us/azure/security-center/security-center-custom-alert
| Question.8 HOTSPOT – AZ-500 You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table  You create a resource group named RG1. Which users can modify the permissions for RG1 and which users can create virtual networks in RG1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: |
8. Click here to View Answer
Correct Answer :
Exaplanation : Box 1: Only an owner can change permissions on resources. Box 2: A Contributor can create/modify/delete anything in the subscription but cannot change permissions.
| Question.9 You have an Azure subscription that contains the resources shown in the following table. Both VM1 and VM2 connect to VNET1 and are configured to use NSG1. You need to ensure that only VM1 and VM2 can access DB1. What should you do? (A) For NSG1, configure a rule that has a service tag. (B) Add the IP address range of VNET1 to the Firewall settings of DB1. (C) Create an application security group (D) Configure DB1 to allow access from only VNET1 |
9. Click here to View Answer
Correct Answer : D
Exaplanation : Configure DB1 to allow access from only VNET1. How would configuring the NSG that VM1 and VM2 are attached to influence who is allowed to access DB1? You have to configure DB1 in a way that I only allows VM1 & VM2, one possible option would be allowing the VNET1 to access DB1
| Question.10 You have an Azure subscription that contains 100 virtual machines and has Azure Defender enabled. You plan to perform a vulnerability scan of each virtual machine. AZ-500 You need to deploy the vulnerability scanner extension to the virtual machines by using an Azure Resource Manager template. Which two values should you specify in the code to automate the deployment of the extension to the virtual machines? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. (A) the user-assigned managed identity (B) the workspace ID (C) the Azure Active Directory (Azure AD) ID (D) the Key Vault managed storage account key (E) the system-assigned managed identity (F) the primary shared key |
10. Click here to View Answer
Correct Answer : B, E
Exaplanation : Since we are deploying the template across several VMs and need to authenticate with the extension repository ( for downloading extensions), we need to provide the VM an identity to authenticate with the repository. This is best done by assigning the VM with a “user assigned managed identity”. We can set up this managed identity to have the required permissions on the extension repository via RBAC roles. The managed identity requests permissions via the Azure IMDS from the Azure AD and hence needs to know the right Tenant ID to get the token from. I believe the Azure AD ID is the same as the Tenant ID.