Free Microsoft Azure Security Technologies AZ-500 Exam Practice Test

Lab TaskTask 7You need to ensure that connections through an Azure Application Gateway named Homepage-AGW are inspected for malicious requests.

• see the task answer with step by step below

You have an Azure subscription that uses Microsoft Sentinel.You need to create a Microsoft Sentinel notebook that will use the Guided Investigation - Anomaly Lookup template.What should you create first?

• an analytics rule
• a Log Analytics workspace
• an Azure Machine Learning workspace
• a hunting query

You have an Azure subscription that contains 100 virtual machines and has Azure Security Center Standard tier enabled.You plan to perform a vulnerability scan of each virtual machine.You need to deploy the vulnerability scanner extension to the virtual machines by using an Azure Resource Manager template.Which two values should you specify in the code to automate the deployment of the extension to the virtual machines? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

• the user-assigned managed identity
• the workspace ID
• the Azure Active Directory (Azure AD) ID
• the Key Vault managed storage account key
• the system-assigned managed identity
• the primary shared key

You plan to implement JIT VM access. Which virtual machines will be supported?

• VM1 and VM3 only
• VM1. VM2. VM3, and VM4
• VM2, VM3, and VM4 only
• VM1 only

You have an Azure subscription.You configure the subscription to use a different Azure Active Directory (Azure AD) tenant.What are two possible effects of the change? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.

• Role assignments at the subscription level are lost.
• Virtual machine managed identities are lost.
• Virtual machine disk snapshots are lost.
• Existing Azure resources are deleted.

You have an Azure Storage account named storage1 that has a container named container1. You need to prevent the blobs in container1 from being modified. What should you do?

• From container1, change the access level.
• From container1 add an access policy.
• From container1, modify the Access Control (1AM) settings.
• From storage1 , enable soft delete for blobs.

You need to ensure that users can access VM0. The solution must meet the platform protection requirements.What should you do?

• Move VM0 to Subnet1.
• On Firewall, configure a network traffic filtering rule.
• Assign RT1 to AzureFirewallSubnet.
• On Firewall, configure a DNAT rule.

You have an Azure subscription that contains a user named User1 and an Azure Container Registry named ConReg1.You enable content trust for ContReg1.You need to ensure that User1 can create trusted images in ContReg1. The solution must use the principle of least privilege.Which two roles should you assign to User1? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

• AcrQuarantineReader
• Contributor
• AcrPush
• AcrImageSigner
• AcrQuarantineWriter

You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.You need to use automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry.What should you create?

• a secret in Azure Key Vault
• a role assignment
• an Azure Active Directory (Azure AD) user
• an Azure Active Directory (Azure AD) group

You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM).A user named User1 is eligible for the Billing administrator role.You need to ensure that the role can only be used for a maximum of two hours.What should you do?

• Create a new access review.
• Edit the role assignment settings.
• Update the end date of the user assignment
• Edit the role activation settings.