Microsoft AZ-500 Practice Exams
Last updated on Apr 09,2025- Exam Code: AZ-500
- Exam Name: Microsoft Azure Security Technologies
- Certification Provider: Microsoft
- Latest update: Apr 09,2025
HOTSPOT
You plan to deploy a custom policy initiative for Microsoft Defender for Cloud.
You need to identify all the resource groups that have a Delete lock.
How should you complete the policy definition? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You plan to deploy a custom policy initiative for Microsoft Defender for Cloud.
You need to identify all the resource groups that have a Delete lock.
How should you complete the policy definition? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure subscription.
You create a new virtual network named VNet1.
You plan to deploy an Azure web app named App1 that will use VNet1 and will be reachable by using private IP addresses. The solution must support inbound and outbound network traffic.
What should you do?
- A . Create an Azure App Service Hybrid Connection.
- B . Configure regional virtual network integration.
- C . Create an App Service Environment
- D . Create an Azure application gateway.
You have an Azure subscription that contains an Azure Data Lake Storage account named sa1.
You plan to deploy an app named Appl that will access sa1 and perform operations, including Read.
List, Create Directory, and Delete Directory.
You need to ensure that Appl can connect securely to sa1 by using a private endpoint
What is the minimum number of private endpoints required for sa1?
- A . 1
- B . 2
- C . 3
- D . 4
- E . 5
You have an Azure subscription that contains an Azure Blob storage account bolb1.
You need to configure attribute-based access control (ABAC) for blob1.
Which attributes can you use in access conditions?
- A . blob index tags only
- B . blob index tags and container names only
- C . file extensions and container names only
- D . blob index tags, file extensions, and container names
You have an Azure AD tenant that contains the users shown in the following table.
You need to ensure that the users cannot create app passwords. The solution must ensure that User1 can continue to use the Mail and Calendar app.
What should you do?
- A . Assign User! the Authentication Policy Administrator role.
- B . Enable Azure AD Password Protection.
- C . Configure a multi-factor authentication (MFA) registration policy.
- D . Create a new app registration.
You have an Azure AD tenant that contains the users shown in the following table.
You need to ensure that the users cannot create app passwords. The solution must ensure that User1 can continue to use the Mail and Calendar app.
What should you do?
- A . Assign User! the Authentication Policy Administrator role.
- B . Enable Azure AD Password Protection.
- C . Configure a multi-factor authentication (MFA) registration policy.
- D . Create a new app registration.
HOTSPOT
Your on-premises network contains an Active Directory Domain Services (AD DS) domain and the devices shown in the following table.
You have a hybrid Microsoft Entra tenant that contains a synced user named User1.
You have an Azure subscription that contains the Azure Files shares shown in the following table.
Used is assigned the Storage File Data SMB Share Contributor role tor storage1 and storage2.
The Security settings for Share! are configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise. Select No. NOTE: Each correct selection is worth one point.
HOTSPOT
Your on-premises network contains an Active Directory Domain Services (AD DS) domain and the devices shown in the following table.
You have a hybrid Microsoft Entra tenant that contains a synced user named User1.
You have an Azure subscription that contains the Azure Files shares shown in the following table.
Used is assigned the Storage File Data SMB Share Contributor role tor storage1 and storage2.
The Security settings for Share! are configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise. Select No. NOTE: Each correct selection is worth one point.
DRAG DROP
You have an on-premises datacenter.
You have an Azure subscription that contains a virtual machine named VM1. VM1 is connected to a virtual network named VNet1. VNet1 is connected to the on-premises datacenter by using a Site-to-Site (S2S) VPN.
You plan to create an Azure storage account named storage1 and deploy an Azure web app named App1.
You need to ensure that network communication to each resource meets the following requirements:
• Connections to App1 must be allowed only from corporate network NAT addresses.
• Connections from VNet1 to storage1 must use the Microsoft backbone network.
• The solution must minimize costs.
What should you configure for each resource? To answer, drag the appropriate components to the correct resources. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
