Microsoft AZ-500 Practice Exams
Last updated on Apr 01,2025- Exam Code: AZ-500
- Exam Name: Microsoft Azure Security Technologies
- Certification Provider: Microsoft
- Latest update: Apr 01,2025
You have an Azure virtual machine named VM1.
From Azure Security Center, you get the following high-severity recommendation: “Install endpoint protection solutions on virtual machine”.
You need to resolve the issue causing the high-severity recommendation.
What should you do?
- A . Add the Microsoft Antimalware extension to VM1.
- B . Install Microsoft System Center Security Management Pack for Endpoint Protection on VM1.
- C . Add the Network Watcher Agent for Windows extension to VM1.
- D . Onboard VM1 to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
You have an Azure subscription that contains the resources shown in the following table.
You plan to enable Azure Defender for the subscription.
Which resources can be protected by using Azure Defender?
- A . VM1, VNET1, storage1, and Vault1
- B . VM1, VNET1, and storage1 only
- C . VM1, storage1, and Vault1 only
- D . VM1 and VNET1 only
- E . VM1 and storage1 only
You need to recommend which virtual machines to use to host App1. The solution must meet the technical requirements for KeyVault1.
Which virtual machines should you use?
- A . VM1 only
- B . VM1 and VM2 only
- C . VM1, VM2, and VM4 only
- D . VM1, VM2, VM3. and VM4
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.
VNet1 contains the subnets shown in the following table.
You plan to use the Azure portal to deploy an Azure firewall named AzFW1 to VNet1.
Which resource group and subnet can you use to deploy AzFW1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You have an Azure subscription named Sub1.
You create a virtual network that contains one subnet.
On the subnet, you provision the virtual machines shown in the following table.
Currently, you have not provisioned any network security groups (NSGs).
You need to implement network security to meet the following requirements:
– Allow traffic to VM4 from VM3 only.
– Allow traffic from the Internet to VM1 and VM2 only.
– Minimize the number of NSGs and network security rules.
How many NSGs and network security rules should you create? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You need to deploy Microsoft Antimalware to meet the platform protection requirements.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a Microsoft Entra tenant that contains a user named User1.
You plan to enable passwordless authentication for the tenant.
You need to ensure that User1 can enable the combined registration experience. The solution must use the principle of least privilege.
Which role should you assign to User1?
- A . Security Administrator
- B . Global Administrator
- C . Privileged Role Administrator
- D . Authentication Administrator
You are troubleshooting a security issue for an Azure Storage account.
You enable the diagnostic logs for the storage account.
What should you use to retrieve the diagnostics logs?
- A . Azure Storage Explorer
- B . SQL query editor in Azure
- C . File Explorer in Windows
- D . Azure Security Center
You have a Microsoft 365 tenant that uses an Azure Active Directory (Azure AD) tenant The Azure AD tenant syncs to an on-premises Active Directory domain by using an instance of Azure AD Connect.
You create a new Azure subscription
You discover that the synced on-premises user accounts cannot be assigned rotes in the new subscription.
You need to ensure that you can assign Azure and Microsoft 365 roles to the synced Azure AD user accounts.
What should you do first?
- A . Change the Azure AD tenant used by the new subscription.
- B . Configure the Azure AD tenant used by the new subscription to use pass-through authenticate
- C . Configure the Azure AD tenant used by the new subscription to use federated authentication.
- D . Configure a second instance of Azure AD Connect.
You plan to deploy Azure container instances.
You have a containerized application that validates credit cards. The application is comprised of two
containers: an application container and a validation container.
The application container is monitored by the validation container. The validation container performs security checks by making requests to the application container and waiting for responses after every transaction.
You need to ensure that the application container and the validation container are scheduled to be deployed together. The containers must communicate to each other only on ports that are not externally exposed.
What should you include in the deployment?
- A . application security groups
- B . network security groups (NSGs)
- C . management groups
- D . container groups