DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Boost Your Performance in the Microsoft AZ-500 Exam with Practice Tests

Explore the benefits of SPOTO Microsoft AZ-500 exam questions for Microsoft Azure Security Engineer Associate certification. Our exam questions and answers cover crucial areas such as managing identity and access, implementing platform protection, security operations management, and data and application security. Prepare effectively with our comprehensive test questions designed to mirror real exam scenarios. Access expertly crafted study materials to ensure thorough exam preparation. Take advantage of valuable exam resources and tips to enhance your exam strategy. Utilize our mock exams to assess readiness and build confidence for a successful exam outcome. Trust SPOTO for a reliable path to achieving your Microsoft Azure Security Engineer Associate certification.
Take other online exams

Question #1
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.You are assigned the Global administrator role for the tenant. You are responsible for managing Azure Security Center settings. You need to create a custom sensitivity label.What should you do first?
A. reate a custom sensitive information type
B. levate access for global administrators in Azure AD
C. pgrade the pricing tier of the Security Center to Standard
D. nable integration with Microsoft Cloud App Security
View answer
Correct Answer: A

View The Updated AZ-500 Exam Questions

SPOTO Provides 100% Real AZ-500 Exam Questions for You to Pass Your AZ-500 Exam!

Question #2
You have multiple development teams that will create apps in Azure.You plan to create a standard development environment that will be deployed for each team.You need to recommend a solution that will enforce resource locks across the development environments and ensure that the locks are applied in a consistent manner.What should you include in the recommendation?
A. n Azure policy
B. n Azure Resource Manager template
C. management group
D. n Azure blueprint
View answer
Correct Answer: D
Question #3
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription that contains a resource group named RG1. RG1 contains a virtual machine named VM1 that uses Azure Active Directory (Azure AD) authentication.You have two custom Azure roles named Role1 and Role2 that are scoped to RG1.The permissions for Role1 are shown in the following JSON code. The permissions for Role2 are shown in the following JSON code. You assign the roles to the users shown in the following table. For each of the following stat
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #4
You have been tasked with applying conditional access policies for your company's current Azure Active Directory (Azure AD).The process involves assessing the risk events and risk levels.Which of the following is the risk level that should be configured for users that have leaked credentials?
A. one
B. ow
C. edium
D. igh
View answer
Correct Answer: D
Question #5
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription named Sub 1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.Each user is assigned an Azure AD Premium P2 license.You plan to onboard and configure Azure AD Identity Protection.Which users can onboard Azure AD Identity Protection, remediate users, and configure policies? To answer, select the appropriate options in the answer area.NOTE: Each co
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #6
You have an Azure subscription that contains the Azure virtual machines shown in the following table.You create an MDM Security Baseline profile named Profile1.You need to identify to which virtual machines Profile1 can be applied. Which virtual machines should you identify?
A. M1 only
B. M1, VM2, and VM3 only
C. M1 and VM3 only
D. M1, VM2, VM3, and VM4
View answer
Correct Answer: A
Question #7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure Subscription. The subscription contains 50 virtual machines th
A. es
B. o
View answer
Correct Answer: B
Question #8
SIMULATIONThe developers at your company plan to publish an app named App11641655 to Azure.You need to ensure that the app is registered to Azure Active Directory (Azure AD). The registration must use the sign-on URLs of https://app.contoso.com.To complete this task, sign in to the Azure portal and modify the Azure resources.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #9
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.An administrator named Admin1 has access to the following identities:-An OpenID-enabled user account-A Hotmail account-An account in contoso.com-An account in an Azure AD tenant named fabrikam.comYou plan to use Azure Account Center to transfer the ownership of Sub1 to Admin1.To which accounts can you transfer the ownership of Sub1?
A. ontoso
B. ontoso
C. ontoso
D. ontoso
View answer
Correct Answer: C
Question #10
HOTSPOT (Drag and Drop is not supported)You need to deploy Microsoft Antimalware to meet the platform protection requirements. What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #11
You have an Azure subscription.You enable Azure Active Directory (Azure AD) Privileged Identity Management (PIM). Your company’s security policy for administrator accounts has the following conditions:-The accounts must use multi-factor authentication (MFA). -The accounts must use 20-character complex passwords. -The passwords must be changed every 180 days.-The accounts must be managed by using PIM.You receive multiple alerts about administrators who have not changed their password during the last 90 days.
A. oles are being assigned outside of Privileged Identity Management
B. oles don't require multi-factor authentication for activation
C. dministrators aren't using their privileged roles
D. otential stale accounts in a privileged role
View answer
Correct Answer: D
Question #12
You have an Azure subscription that contains an app named App1. App1 has the app registration shown in the following table.You need to ensure that App1 can read all user calendars and create appointments. The solution must use the principle of least privilege.What should you do?
A. dd a new Delegated API permission for Microsoft
B. dd a new Application API permission for Microsoft
C. elect Grant admin consent
D. dd new Delegated API permission for Microsoft
View answer
Correct Answer: A
Question #13
You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM).A user named User1 is eligible for the Billing administrator role.You need to ensure that the role can only be used for a maximum of two hours.What should you do?
A. reate a new access review
B. dit the role assignment settings
C. pdate the end date of the user assignment
D. dit the role activation settings
View answer
Correct Answer: B
Question #14
Your company’s Azure subscription includes a hundred virtual machines that have Azure Diagnostics enabled.You have been tasked with retrieving the identity of the user that removed a virtual machine fifteen days ago. You have already accessed Azure Monitor.Which of the following options should you use?
A. pplication Log
B. etrics
C. ctivity Log
D. ogs
View answer
Correct Answer: C
Question #15
HOTSPOT (Drag and Drop is not supported)You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.In Azure AD Privileged Identity Management (PIM), the Role settings for the Contributor role are configured as shown in the exhibit. (Click the Exhibit tab.)You assign users the Contributor role on May 1, 2019 as shown in the following table.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #16
You have an Azure subscription that contains an Azure Files share named share1 and a user named User1. Identity-based authentication is configured for share1.User1 attempts to access share1 from a Windows 10 device by using SMB.Which type of token will Azure Files use to authorize the request?
A. Auth 2
B. SON Web Token (JWT)
C. AML
D. erberos
View answer
Correct Answer: D
Question #17
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription that contains the resources shown in the following table. You perform the following tasks:-Create a managed identity named Managed1.-Create a Microsoft 365 group named Group1.-Register an enterprise application named App1.-Enable a system-assigned managed identity for VM1.You need to identify which service principals were created and which identities can be assigned the Reader role for RG1.What should you identify? To answer, select the
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #18
HOTSPOT (Drag and Drop is not supported)You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.The tenant contains the named locations shown in the following table.You create the conditional access policies for a cloud app named App1 as shown in the following table.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #19
You plan to create an Azure Kubernetes Service (AKS) cluster in an Azure subscription. The manifest of the registered server application is shown in the following exhibit.You need to ensure that the AKS cluster and Azure Active Directory (Azure AD) are integrated. Which property should you modify in the manifest?
A. ccessTokenAcceptedVersion
B. eyCredentials
C. roupMembershipClaims
D. cceptMappedClaims
View answer
Correct Answer: C
Question #20
SIMULATIONYou need to email an alert to a user named admin1@contoso.com if the average CPU usage of a virtual machine named VM1 is greater than 70 percent for a period of 15 minutes.To complete this task, sign in to the Azure portal.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #21
You are configuring and securing a network environment.You deploy an Azure virtual machine named VM1 that is configured to analyze network traffic.You need to ensure that all network traffic is routed through VM1.What should you configure?
A. system route
B. network security group (NSG)
C. user-defined route
View answer
Correct Answer: C
Question #22
SIMULATIONYou need to collect all the audit failure data from the security log of a virtual machine named VM1 to an Azure Storage account.To complete this task, sign in to the Azure portal.This task might take several minutes to complete You can perform other tasks while the task completes.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #23
You have a hybrid configuration of Azure Active Directory (Azure AD) that has Single Sign-On (SSO) enabled. You have an Azure SQL Database instance that is configured to support Azure AD authentication.Database developers must connect to the database instance from the domain joined device and authenticate by using their on-premises Active Directory account.You need to ensure that developers can connect to the instance by using Microsoft SQL Server Management Studio. The solution must minimize authentication
A. Active Directory - Password
B. Active Directory - Universal with MFA support
C. SQL Server Authentication
D. Active Directory - Integrated
View answer
Correct Answer: D
Question #24
You have Azure Resource Manager templates that you use to deploy Azure virtual machines.You need to disable unused Windows features automatically as instances of the virtual machines are provisioned. What should you use?
A. evice configuration policies in Microsoft Intune
B. n Azure Desired State Configuration (DSC) virtual machine extension
C. pplication security groups
D. evice compliance policies in Microsoft Intune
View answer
Correct Answer: B
Question #25
You have an Azure subscription that contains a virtual network. The virtual network contains the subnets shown in the following table.The subscription contains the virtual machines shown in the following table.You enable just in time (JIT) VM access for all the virtual machines. You need to identify which virtual machines are protected by JIT. Which virtual machines should you identify?
A. M4 only
B. M1 and VM3 only
C. M1, VM3 and VM4 only
D. M1, VM2, VM3, and VM4
View answer
Correct Answer: C
Question #26
HOTSPOT (Drag and Drop is not supported)You have an Azure Sentinel workspace that contains an Azure Active Directory (Azure AD) connector, an Azure Log Analytics query named Query1, and a playbook named Playbook1.Query1 returns a subset of security events generated by Azure AD.You plan to create an Azure Sentinel analytic rule based on Query1 that will trigger Playbook1. You need to ensure that you can add Playbook1 to the new rule.What should you do? To answer, select the appropriate options in the answer
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #27
You have an Azure subscription that contains an Azure Data Lake Storage Gen2 account named storage1.You deploy an Azure Synapse Analytics workspace named synapsews1 to a managed virtual network.You need to enable access from synapsews1 to storage1.What should you configure?
A. eering
B. private endpoint
C. network security group (NSG)
D. virtual network gateway
View answer
Correct Answer: B
Question #28
HOTSPOT (Drag and Drop is not supported)You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.You configure an access review named Review1 as shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #29
You need to consider the underlined segment to establish whether it is accurate.Your Azure Active Directory Azure (Azure AD) tenant has an Azure subscription linked to it.Your developer has created a mobile application that obtains Azure AD access tokens using the OAuth 2 implicit grant type.The mobile application must be registered in Azure AD.You require a redirect URI from the developer for registration purposes.Select “No adjustment required” if the underlined segment is accurate. If the underlined segm
A. o adjustment required
B. secret
C. login hint
D. client ID
View answer
Correct Answer: A
Question #30
You plan to configure Azure Disk Encryption for VM4. Which key vault can you use to store the encryption key?
A. eyVault1
B. eyVault2
C. eyVault3
View answer
Correct Answer: A
Question #31
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription that contains the virtual machines shown in the following table.VNET1, VNET2, and VNET3 are peered with each other.You perform the following actions:-Create two application security groups named ASG1 and ASG2 in the West US region.-Add the network interface of VM1 to ASG1.The network interfaces of which virtual machines can you add to ASG1 and ASG2? To answer, select the appropriate options in the answer area.NOTE: Each correct selection
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #32
DRAG DROP (Drag and Drop is not supported)Your company has an Azure SQL database that has Always Encrypted enabled.You are required to make the relevant information available to application developers to allow them to access data in the database.Which two of the following options should be made available? Answer by dragging the correct options from the list to the answer area.
A. ssign User2 the Global administrator role
B. onfigure authentication methods for contoso
C. onfigure the identity secure score for contoso
D. nable multi-factor authentication (MFA) for User2
View answer
Correct Answer: A
Question #33
DRAG DROP (Drag and Drop is not supported)You have an Azure subscription that contains the following resources:-A virtual network named VNET1 that contains two subnets named Subnet1 and Subnet2. -A virtual machine named VM1 that has only a private IP address and connects to Subnet1.You need to ensure that Remote Desktop connections can be established to VM1 from the internet.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer are
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #34
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has Azure subscription linked to their Azure Active Directory (Azure AD) tenant.As a Global administrator for the tenant, part of your responsibilities involves managing Azure Security Center settings.You are currently preparing to create a custom sensitivity label.Solution: You start by integrating Secu
A. es
B. o
View answer
Correct Answer: B
Question #35
SIMULATIONYou need to configure network connectivity between a virtual network named VNET1 and a virtual network named VNET2. The solution must ensure that virtual machines connected to VNET1 can communicate with virtual machines connected to VNET2.To complete this task, sign in to the Azure portal and modify the Azure resources.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #36
You have an Azure subscription named Sub1. Sub1 contains a virtual network named VNet1 that contains one subnet named Subnet1.Subnet1 contains an Azure virtual machine named VM1 that runs Ubuntu Server 18.04. You create a service endpoint for MicrosoftStorage in Subnet1.You need to ensure that when you deploy Docker containers to VM1, the containers can access Azure Storage resources by using the service endpoint.What should you do on VM1 before you deploy the container?
A. reate an application security group and a network security group (NSG)
B. dit the docker-compose
C. nstall the container network interface (CNI) plug-in
View answer
Correct Answer: C
Question #37
SIMULATIONYou need to ensure that a user named Danny1234578 can sign in to any SQL database on a Microsoft SQL server named web1234578 by using SQL Server Management Studio (SSMS) and Azure Active Directory (Azure AD) credentials.To complete this task, sign in to the Azure portal.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #38
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure subscription named Sub1. You have an Azure Storage account nam
A. es
B. o
View answer
Correct Answer: B
Question #39
You have an Azure subscription that is linked to an Azure AD tenant and contains the resources shown in the following table. Which resources can be assigned the Contributor role for VM1?
A. anaged1 and App1 only
B. roup1 and Managed1 only
C. roup1, Managed1, and VM2 only
D. roup1, Managed1, VM1, and App1 only
View answer
Correct Answer: A
Question #40
DRAG DROP (Drag and Drop is not supported)You have an Azure subscription that contains the resources shown in the following table. You plan to perform the following actions:-Deploy a new app named App1 that will require access to Vault1.-Configure a shared identity for VM1 and VM2 to access st1.You need to configure identities for each requirement. The solution must minimize administrative effort.Which type of identity should you configure for each requirement? To answer, drag the appropriate identity types
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #41
HOTSPOT (Drag and Drop is not supported)Your company has an Azure subscription named Subscription1 that contains the users shown in the following table.The company is sold to a new owner.The company needs to transfer ownership of Subscription1.Which user can transfer the ownership and which tool should the user use? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #42
You need to consider the underlined segment to establish whether it is accurate.You have configured an Azure Kubernetes Service (AKS) cluster in your testing environment. You are currently preparing to deploy the cluster to the production environment.After disabling HTTP application routing, you want to replace it with an application routing solution that allows for reverse proxy and TLS termination for AKS services via a solitary IP address.You must create an AKS Ingress controller.Select “No adjustment re
A. o adjustment required
B. network security group
C. n application security group
D. n Azure Basic Load Balancer
View answer
Correct Answer: A
Question #43
DRAG DROP (Drag and Drop is not supported)You need to configure an access review. The review will be assigned to a new collection of reviews and reviewed by resource owners.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #44
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.Your strategy for the integ
A. es
B. o
View answer
Correct Answer: B
Question #45
HOTSPOT (Drag and Drop is not supported)You plan to implement an Azure function named Function1 that will create new storage accounts for containerized application instances.You need to grant Function1 the minimum required privileges to create the storage accounts. The solution must minimize administrative effort.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #46
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure Subscription named Sub1.You have an Azure Storage account name
A. es
B. o
View answer
Correct Answer: B
Question #47
HOTSPOT (Drag and Drop is not supported)You are evaluating the security of VM1, VM2, and VM3 in Sub2.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #48
SIMULATIONYou need to ensure that a user named user2-12345678 can manage the properties of the virtual machines in the RG1lod12345678 resource group. The solution must use the principle of least privilege.To complete this task, sign in to the Azure portal.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #49
You plan to deploy an app that will modify the properties of Azure Active Directory (Azure AD) users by using Microsoft Graph.You need to ensure that the app can access Azure AD. What should you configure first?
A. n app registration
B. n external identity
C. custom role-based access control (RBAC) role
D. n Azure AD Application Proxy
View answer
Correct Answer: A
Question #50
HOTSPOT (Drag and Drop is not supported)You create a new Azure subscription that is associated to a new Azure Active Directory (Azure AD) tenant.You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the Microsoft Azure Management cloud app.The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.)The Grant settings for Portal Policy are configured as shown in the Grant exhibit. (Click the
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #51
HOTSPOT (Drag and Drop is not supported)You implement the planned changes for ASG1 and ASG2.In which NSGs can you use ASG1, and the network interfaces of which virtual machines can you assign to ASG2? Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #52
You have been tasked with applying conditional access policies for your company's current Azure Active Directory (Azure AD).The process involves assessing the risk events and risk levels.Which of the following is the risk level that should be configured for sign ins that originate from IP addresses with dubious activity?
A. one
B. ow
C. edium
D. igh
View answer
Correct Answer: C
Question #53
HOTSPOT (Drag and Drop is not supported)You have a network security group (NSG) bound to an Azure subnet.You run Get-AzureRmNetworkSecurityRuleConfig and receive the output shown in the following exhibit.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #54
You have an Azure subscription that contains the virtual machines shown in the following table.From Azure Security Center, you turn on Auto Provisioning.You deploy the virtual machines shown in the following table.On which virtual machines is the Log Analytics Agent installed?
A. M3 only
B. M1 and VM3 only
C. M3 and VM4 only
D. M1, VM2, VM3, and VM4
View answer
Correct Answer: D
Question #55
You have been tasked with configuring an access review, which you plan to assigned to a new collection of reviews. You also have to make sure that the reviews can be reviewed by resource owners.You start by creating an access review program and an access review control.You now need to configure the Reviewers.Which of the following should you set Reviewers to?
A. elected users
B. embers (Self)
C. roup Owners
D. nyone
View answer
Correct Answer: C
Question #56
You have an Azure subscription named Subcription1 that contains an Azure Active Directory (Azure AD) tenant named contoso.com and a resource group named RG1. You create a custom role named Role1 for contoso.com.Where you can use Role1 for permission delegation?
A. ontoso
B. ontoso
C. ontoso
D. ontoso
View answer
Correct Answer: D
Question #57
You have an Azure subscription that uses Azure Active Directory (Azure AD) Privileged Identity Management (PIM).A PIM user that is assigned the User Access Administrator role reports receiving an authorization error when performing a role assignment or viewing the list of assignments.You need to resolve the issue by ensuring that the PIM service principal has the correct permissions for the subscription. The solution must use the principle of least privilege.Which role should you assign to the PIM service p
A. ontributor
B. ser Access Administrator
C. anaged Application Operator
D. esource Policy Contributor
View answer
Correct Answer: B
Question #58
You need to recommend which virtual machines to use to host App1. The solution must meet the technical requirements for KeyVault1.Which virtual machines should you use?
A. M1 only
B. M1, VM2, VM3, and VM4
C. M1 and VM2 only
D. M1, VM2, and VM4 only
View answer
Correct Answer: D
Question #59
You have an Azure Active Directory (Azure AD) tenant named contoso.com.You need to configure diagnostic settings for contoso.com. The solution must meet the following requirements: -Retain logs for two years.-Query logs by using the Kusto query language.-Minimize administrative effort.Where should you store the logs?
A. n Azure event hub
B. n Azure Log Analytics workspace
C. n Azure Storage account
View answer
Correct Answer: B
Question #60
HOTSPOT (Drag and Drop is not supported)You have a management group named Group1 that contains an Azure subscription named sub1. Sub1 has a subscription ID of 11111111-1234-1234-1234-1111111111.You need to create a custom Azure role-based access control (RBAC) role that will delegate permissions to manage the tags on all the objects in Group1.What should you include in the role definition of Role1? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.H
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #61
You have an Azure subscription that contains a storage account named storage1 and two web apps named app1 and app2.Both apps will write data to storage1.You need to ensure that each app can read only the data that it has written.What should you do?
A. rovide each app with a system-assigned identity and configure storage1 to use Azure AD User account authentication
B. rovide each app with a separate Storage account key and configure the app to send the key with each request
C. rovide each app with a user-managed identity and configure storage1 to use Azure AD User account authentication
D. rovide each app with a unique Base64-encoded AES-256 encryption key and configure the app to send the key with each request
View answer
Correct Answer: C
Question #62
You onboard Azure Sentinel. You connect Azure Sentinel to Azure Security Center.You need to automate the mitigation of incidents in Azure Sentinel. The solution must minimize administrative effort. What should you create?
A. n alert rule
B. playbook
C. function app
D. runbook
View answer
Correct Answer: B
Question #63
SIMULATIONYou need to configure Azure to allow RDP connections from the Internet to a virtual machine named VM1. The solution must minimize the attack surface of VM1.To complete this task, sign in to the Azure portal.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #64
You have Azure Resource Manager templates that you use to deploy Azure virtual machines.You need to disable unused Windows features automatically as instances of the virtual machines are provisioned. What should you use?
A. evice compliance policies in Microsoft Intune
B. zure Automation State Configuration
C. pplication security groups
D. zure Advisor
View answer
Correct Answer: B
Question #65
SIMULATIONYou need to configure a virtual network named VNET2 to meet the following requirements: Administrators must be prevented from deleting VNET2 accidentally.Administrators must be able to add subnets to VNET2 regularly.To complete this task, sign in to the Azure portal and modify the Azure resources.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #66
You have an Azure Active Directory (Azure AD) tenant that contains 500 users and an administrative unit named AU1.From the Azure Active Directory admin center, you plan to add the users to AU1 by using Bulk add members.You need to create and upload a file for the bulk add.What should you include in the file?
A. nly the display name of each user
B. nly the user principal name (UPN) of each user
C. nly the user principal name (UPN) and display name of each user
D. nly the user principal name (UPN) and object identifier of each user
E. nly the object identifier of each user
View answer
Correct Answer: C
Question #67
You are securing access to the resources in an Azure subscription.A new company policy states that all the Azure virtual machines in the subscription must use managed disks.You need to prevent users from creating virtual machines that use unmanaged disks.What should you do?
A. zure Monitor
B. zure Policy
C. zure Security Center
D. zure Service Health
View answer
Correct Answer: B
Question #68
HOTSPOT (Drag and Drop is not supported)Your company has two offices in Seattle and New York. Each office connects to the Internet by using a NAT device. The offices use the IP addresses shown in the following table. The company has an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table. The MFA service settings are configured as shown in the exhibit. (Click the Exhibit tab.) For each of the following statements, select Yes if the statement
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #69
DRAG DROP (Drag and Drop is not supported)You have an Azure subscription named Sub1.You have an Azure Active Directory (Azure AD) group named Group1 that contains all the members of your IT team.You need to ensure that the members of Group1 can stop, start, and restart the Azure virtual machines in Sub1. The solution must use the principle of least privilege.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange the
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #70
You have an Azure subscription.You need to deploy an Azure virtual WAN to meet the following requirements.* Create three secured virtual hubs located in the East US, West US, and North Europe Azure regions.* Ensure that security rules sync between the regions.What should you use?
A. zure Firewall Manager
B. zure Virtual Network Manager
C. zure Network Function Manager
D. zure Front Door
View answer
Correct Answer: A
Question #71
You have an Azure subscription that contains a user named User1 and a storage account that hosts a blob container named blob1.You need to grant User1 access to blob1. The solution must ensure that the access expires after six days.What should you use?
A. shared access signature (SAS)
B. ole-based access control (RBAC)
C. shared access policy
D. managed identity
View answer
Correct Answer: A
Question #72
DRAG DROP (Drag and Drop is not supported)You are implementing conditional access policies.You must evaluate the existing Azure Active Directory (Azure AD) risk events and risk levels to configure and implement the policies. You need to identify the risk level of the following risk events:-Users with leaked credentials -Impossible travel to atypical locations-Sign ins from IP addresses with suspicious activityWhich level should you identify for each risk event? To answer, drag the appropriate levels to the
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #73
HOTSPOT (Drag and Drop is not supported)You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.You create and enforce an Azure AD Identity Protection user risk policy that has the following settings:-Assignment: Include Group1, Exclude Group2 -Conditions: Sign-in risk of Medium and above -Access: Allow access, Require password changeFor each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each c
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #74
Your network contains an on-premises Active Directory domain named corp.contoso.com.You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. You sync all on-premises identities to Azure AD.You need to prevent users who have a givenName attribute that starts with TEST from being synced to Azure AD. The solution must minimize administrative effort. What should you use?
A. ynchronization Rules Editor
B. eb Service Configuration Tool
C. he Azure AD Connect wizard
D. ctive Directory Users and Computers
View answer
Correct Answer: A
Question #75
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your Company’s Azure subscription includes a virtual network that has a single subnet configured.You have created a service endpoint for the subnet, which includes an Azure virtual machine that has Ubuntu Server 18.04 installed.You are preparing to deploy Docker containers to the virtual machine. You need to make sur
A. es
B. o
View answer
Correct Answer: B
Question #76
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.When a developer attempts to register an app named App1 in the tenant, the developer receives the error message shown in the following exhibit.You need to ensure that the developer can register App1 in the tenant. What should you do for the tenant?
A. pp Configuration Data Owner for the subscription
B. anaged Application Contributor for the subscription
C. loud application administrator in Azure AD
D. pplication developer in Azure AD
View answer
Correct Answer: D
Question #77
DRAG DROP (Drag and Drop is not supported)You need to perform the planned changes for OU2 and User1.Which tools should you use? To answer, drag the appropriate tools to the correct resources. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point. Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #78
HOTSPOT (Drag and Drop is not supported)You have the hierarchy of Azure resources shown in the following exhibit.RG1, RG2, and RG3 are resource groups. RG2 contains a virtual machine named VM1.You assign role-based access control (RBAC) roles to the users shown in the following table.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #79
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.Your strategy for the integ
A. es
B. o
View answer
Correct Answer: B
Question #80
Your company makes use of Azure Active Directory (Azure AD) in a hybrid configuration. All users are making use of hybrid Azure AD joined Windows 10 computers.You manage an Azure SQL database that allows for Azure AD authentication.You need to make sure that database developers are able to connect to the SQL database via Microsoft SQL Server Management Studio (SSMS). You also need to make sure the developers use their on-premises Active Directory account for authentication. Your strategy should allow for au
A. zure AD token
B. zure Multi-Factor authentication
C. ctive Directory integrated authentication
D. ctive Directory integrated authentication
View answer
Correct Answer: C
Question #81
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription that contains a storage account named contoso2023.You need to perform the following tasks:-Verify that identity-based authentication over SMB is enabled.-Only grant users access to contoso2023 in the year 2023.Which two settings should you use? To answer, select the appropriate settings in the answer area.NOTE: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #82
You have an Azure subscription that contains the Azure Log Analytics workspaces shown in the following table.You create the virtual machines shown in the following table.You plan to use Azure Sentinel to monitor Windows Defender Firewall on the virtual machines. Which virtual machines you can connect to Azure Sentinel?
A. M1 only
B. M1 and VM3 only
C. M1, VM2, VM3, and VM4
D. M1 and VM2 only
View answer
Correct Answer: C
Question #83
You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.You need to use automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry.What should you create?
A. secret in Azure Key Vault
B. role assignment
C. n Azure Active Directory (Azure AD) user
D. n Azure Active Directory (Azure AD) group
View answer
Correct Answer: B
Question #84
You have an Azure subscription that contains the virtual machines shown in the following table.From Azure Security Center, you turn on Auto Provisioning.You deploy the virtual machines shown in the following table.On which virtual machines is the Log Analytics agent installed?
A. M3 only
B. M1 and VM3 only
C. M3 and VM4 only
D. M1, VM2, VM3, and VM4
View answer
Correct Answer: D
Question #85
HOTSPOT (Drag and Drop is not supported)You create resources in an Azure subscription as shown in the following table.VNET1 contains two subnets named Subnet1 and Subnet2. Subnet1 has a network ID of 10.0.0.0/24. Subnet2 has a network ID of 10.1.1.0/24.Contoso1901 is configured as shown in the exhibit. (Click the Exhibit tab.)For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #86
HOTSPOT (Drag and Drop is not supported)You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains three security groups named Group1, Group2, and Group3 and the users shown in the following table.Group3 is a member of Group2.In contoso.com, you register an enterprise application named App1 that has the following settings: Owners: User1Users and groups: Group2You configure the properties of App1 as shown in the following exhibit.For each of the following statements, select Yes if t
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #87
HOTSPOT (Drag and Drop is not supported)You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.Azure AD Privileged Identity Management (PIM) is enabled for the tenant.In PIM, the Password Administrator role has the following settings:-Maximum activation duration (hours): 2-Send email notifying admins of activation: Disable-Require incident/request ticket number during activation: Disable-Require Azure Multi-Factor Authentication for activa
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #88
HOTSPOT (Drag and Drop is not supported)You need to ensure that the Azure AD application registration and consent configurations meet the identity and access requirements.What should you use in the Azure portal? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #89
You have an Azure subscription that contains a Microsoft Defender External Attack Surface Management (Defender EASM) resource named EASM1. You review the Attack Surface Summary dashboard. You need to identify the following insights.* Deprecated technologies that are no longer supported* Infrastructure that will soon expireWhich section of the dashboard should you review?
A. ecuring the Cloud
B. ensitive Services
C. ttack surface composition
D. ttack Surface Priorities
View answer
Correct Answer: C
Question #90
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure subscription named Sub1.You have an Azure Storage account name
A. Yes
B. No
View answer
Correct Answer: A
Question #91
You are in the process of configuring an Azure policy via the Azure portal.Your policy will include an effect that will need a managed identity for it to be assigned. Which of the following is the effect in question?
A. uditIfNotExist
B. isabled
C. eployIfNotExist
D. nforceOPAConstraint
View answer
Correct Answer: C
Question #92
Your company recently created an Azure subscription.You have been tasked with making sure that a specified user is able to implement Azure AD Privileged Identity Management (PIM).Which of the following is the role you should assign to the user?
A. he Global administrator role
B. he Security administrator role
C. he Password administrator role
D. he Compliance administrator role
View answer
Correct Answer: A
Question #93
HOTSPOT (Drag and Drop is not supported)You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.From Azure AD Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as shown in the following exhibit.From PIM, you assign the Security Administrator role to the following groups:-Group1: Active assignment type, permanently assigned -Group2: Eligible assignment type, permanently eligibleFor each of the following state
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #94
HOTSPOT (Drag and Drop is not supported)You have an Azure Active Directory (Azure AD) tenant that contains two users named User1 and User2 and a registered app named App1.You create an app-specific role named Role1.You need to assign Role1 to User1 and enable User2 to request access to App1.Which two settings should you modify? To answer, select the appropriate settings in the answer area.NOTE: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #95
HOTSPOT (Drag and Drop is not supported)You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as shown in the following table.You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6.Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #96
DRAG DROP (Drag and Drop is not supported)You have an Azure AD tenant that contains the users shown in the following table. You enable passwordless authentication for the tenant.Which authentication method can each user use for passwordless authentication? To answer, drag the appropriate authentication methods to the correct users. Each authentication method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selectio
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #97
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription named Subscription1 that contains the resources shown in the following table.You create a custom RBAC role in Subscription1 by using the following JSON file.You assign Role1 to User1 on RG1.For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #98
HOTSPOT (Drag and Drop is not supported)You have an Azure Active directory tenant that syncs with an Active Directory Domain Services (AD DS) domain.You plan to create an Azure file share that will contain folders and files.Which identity store can you use to assign permissions to the Azure file share and folders within the share? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #99
Your company has an Azure Container Registry.You have been tasked with assigning a user a role that allows for the downloading of images from the Azure Container Registry. The role assigned should not require more privileges than necessary.Which of the following is the role you should assign?
A. eader
B. ontributor
C. crDelete
D. crPull
View answer
Correct Answer: A
Question #100
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a hybrid configuration of Azure Active Directory (AzureAD). You have an
A. es
B. o
View answer
Correct Answer: A
Question #101
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription that contains the virtual machines shown in the following table.You create the Azure policies shown in the following table.You create the resource locks shown in the following table.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #102
SIMULATIONYou need to grant the required permissions to a user named User211641655 to manage the virtual networks in the RG1lod11641655 resource group. The solution must use the principle of least privilege.To complete this task, sign in to the Azure portal.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #103
You have an Azure subscription that contains a resource group named RG1 and the identities shown in the following table. You assign Group4 the Contributor role for RG1.Which identities can you add to Group4 as members?
A. ser1 only
B. ser1 and Group3 only
C. ser1, Group1, and Group3 only
D. ser1, Group2, and Group3 only
E. ser1, Group1, Group2, and Group3
View answer
Correct Answer: B
Question #104
Your company’s Azure subscription includes Windows Server 2016 Azure virtual machines.You are informed that every virtual machine must have a custom antimalware virtual machine extension installed. You are writing the necessary code for a policy that will help you achieve this.Which of the following is an effect that must be included in your code?
A. isabled
B. odify
C. uditIfNotExists
D. eployIfNotExists
View answer
Correct Answer: D
Question #105
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription that contains an Azure SQL database named SQL1.You plan to deploy a web app named App1.You need to provide App1 with read and write access to SQL1. The solution must meet the following requirements:-Provide App1 with access to SQL1 without storing a password.-Use the principle of least privilege.-Minimize administrative effort.Which type of account should App1 use to access SQL1, and which database roles should you assign to App1? To ans
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #106
You are troubleshooting a security issue for an Azure Storage account.You enable the diagnostic logs for the storage account.What should you use to retrieve the diagnostics logs?
A. he Security & Compliance admin center
B. zure Security Center
C. zure Cosmos DB explorer
D. zCopy
View answer
Correct Answer: D
Question #107
You need to meet the technical requirements for the finance department users. Which CAPolicy1 settings should you modify?
A. loud apps or actions
B. onditions
C. rant
D. ession
View answer
Correct Answer: D
Question #108
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The User administrator role is assigned to a user named Admin1.An external partner has a Microsoft account that uses the user1@outlook.com sign in.Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: “Unable to invite user user1@outlook.com Generic authorization exception.”You need to ensure that Admin1 can invite the external partner to sign in to the Azu
A. rom the Roles and administrators blade, assign the Security administrator role to Admin1
B. rom the Organizational relationships blade, add an identity provider
C. rom the Custom domain names blade, add a custom domain
D. rom the Users blade, modify the External collaboration settings
View answer
Correct Answer: D
Question #109
You have an Azure subscription that contains a user named User1.You need to ensure that User1 can create managed identities. The solution must use the principle of least privilege.What should you do?
A. reate a management group and assign User1 the Hybrid Identity Administrator Azure Active Directory (Azure AD) role
B. reate a management group and assign User1 the Managed Identity Operator role
C. reate a resource group and assign User1 to the Managed Identity Contributor role
D. reate an organizational unit (OU) and assign User1 the User administrator Azure Active Directory (Azure AD) role
View answer
Correct Answer: C
Question #110
Your company has an Azure subscription that includes two virtual machines, named VirMac1 and VirMac2, which both have a status of Stopped (Deallocated). The virtual machines belong to different resource groups, named ResGroup1 and ResGroup2.You have also created two Azure policies that are both configured with the virtualMachines resource type. The policy configured for ResGroup1 has a policy definition of Not allowed resource types, while the policy configured for ResGroup2 has a policy definition of Allow
A. zure Information Protection
B. BAC
C. zure AD Privileged Identity Management (PIM)
D. zure DevOps
View answer
Correct Answer: BC
Question #111
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has Azure subscription linked to their Azure Active Directory (Azure AD) tenant.As a Global administrator for the tenant, part of your responsibilities involves managing Azure Security Center settings.You are currently preparing to create a custom sensitivity label. Solution: You start by creating a cust
A. es
B. o
View answer
Correct Answer: A
Question #112
HOTSPOT (Drag and Drop is not supported)You have an Azure key vault.You need to delegate administrative access to the key vault to meet the following requirements:-Provide a user named User1 with the ability to set advanced access policies for the key vault. -Provide a user named User2 with the ability to add and delete certificates in the key vault.-Use the principle of least privilege.What should you use to assign access to each user? To answer, select the appropriate options in the answer area.NOTE: Each
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #113
You have an Azure subscription that contains two virtual machines named VM1 and VM2 that run Windows Server 2019.-You are implementing Update Management in Azure Automation. -You plan to create a new update deployment named Update1.You need to ensure that Update1 meets the following requirements:-Automatically applies updates to VM1 and VM2.-Automatically adds any new Windows Server 2019 virtual machines to Update1.What should you include in Update1?
A. security group that has a Membership type of Assigned
B. security group that has a Membership type of Dynamic Device
C. dynamic group query
D. Kusto query language query
View answer
Correct Answer: C
Question #114
HOTSPOT (Drag and Drop is not supported)You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.You create and enforce an Azure AD Identity Protection sign-in risk policy that has the following settings: -Assignments: Include Group1, exclude Group2-Conditions: Sign-in risk level: Medium and above -Access Allow access, Require multi-factor authenticationYou need to identify what occurs when the users sign in to Azure AD.What should you identify for each user?
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #115
Your company has an Azure Container Registry.You have been tasked with assigning a user a role that allows for the uploading of images to the Azure Container Registry. The role assigned should not require more privileges than necessary.Which of the following is the role you should assign?
A. wner
B. ontributor
C. crPush
D. crPull
View answer
Correct Answer: C
Question #116
Your company recently created an Azure subscription.You have been tasked with making sure that a specified user is able to implement Azure AD Privileged Identity Management (PIM).Which of the following is the role you should assign to the user?
A. he Global administrator role
B. he Security administrator role
C. he Password administrator role
D. he Compliance administrator role
View answer
Correct Answer: A
Question #117
HOTSPOT (Drag and Drop is not supported)You are evaluating the security of the network communication between the virtual machines in Sub2. For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #118
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant and a user named User1.The App registrations settings for the tenant are configured as shown in the following exhibit.You plan to deploy an app named App1.You need to ensure that User1 can register App1 in Azure AD. The solution must use the principle of least privilege.Which role should you assign to User1?
A. M2 only
B. M2 and VM3 only
C. M2, VM3, VM4, and VM5
D. M2, VM3, and VM5 only
View answer
Correct Answer: D
Question #119
SIMULATIONYou need to create a new Azure AD directory named 28681041.onmicrosoft.com. The new directory must contain a new user named user1@28681041.onmicrosoft.com.To complete this task, sign in to the Azure portal.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #120
After creating a new Azure subscription, you are tasked with making sure that custom alert rules can be created in Azure Security Center.You have created an Azure Storage account.Which of the following is the action you should take?
A. ou should make sure that Azure Active Directory (Azure AD) Identity Protection is removed
B. ou should create a DLP policy
C. ou should create an Azure Log Analytics workspace
D. ou should make sure that Security Center has the necessary tier configured
View answer
Correct Answer: C
Question #121
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a hybrid configuration of Azure Active Directory (Azure AD).You have an
A. Yes
B. No
View answer
Correct Answer: B
Question #122
You have been tasked with configuring an access review, which you plan to assigned to a new collection of reviews. You also have to make sure that the reviews can be reviewed by resource owners.You start by creating an access review program and an access review control. You now need to configure the Reviewers.Which of the following should you set Reviewers to?
A. elected users
B. embers (Self)
C. roup Owners
D. nyone
View answer
Correct Answer: C
Question #123
HOTSPOT (Drag and Drop is not supported)You have an Azure Active Directory (Azure AD) tenant that contains the resources shown in the following table.User2 is the owner of Group2.The user and group settings for App1 are configured as shown in the following exhibit.You enable self-service application access for App1 as shown in the following exhibit.User3 is configured to approve access to Appl.You need to identify the owners of Group2 and the users of Appl.What should you identify? To answer, select the app
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #124
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.Your strategy for the integ
A. es
B. o
View answer
Correct Answer: B
Question #125
Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure Active Directory (Azure AD). Azure AD Connect is installed on a domain member server named Server1.You need to ensure that a domain administrator for the adatum.com domain can modify the synchronization options. The solution must use the principle of least privilege.Which Azure AD role should you assign to the domain administrator?
A. ecurity administrator
B. lobal administrator
C. ser administrator
View answer
Correct Answer: B
Question #126
You want to gather logs from a large number of Windows Server 2016 computers using Azure Log Analytics.You are configuring an Azure Resource Manager template to deploy the Microsoft Monitoring Agent to all the servers automatically.Which of the following should be included in the template? (Choose all that apply.)
A. es
B. o
View answer
Correct Answer: AC
Question #127
You have been tasked with applying conditional access policies for your company’s current Azure Active Directory (Azure AD).The process involves assessing the risk events and risk levels.Which of the following is the risk level that should be configured for sign ins that originate from IP addresses with dubious activity?
A. one
B. ow
C. edium
D. igh
View answer
Correct Answer: C
Question #128
You plan to use Azure Resource Manager templates to perform multiple deployments of identically configured Azure virtual machines. The password for theadministrator account of each deployment is stored as a secret in different Azure key vaults.You need to identify a method to dynamically construct a resource ID that will designate the key vault containing the appropriate secret during each deployment. Thename of the key vault and the name of the secret will be provided as inline parameters.What should you u
A. key vault access policy
B. linked template
C. parameters file
D. n automation account
View answer
Correct Answer: C
Question #129
SIMULATIONYou need to ensure that a user named user2-28681041 can manage the properties of the virtual machines in the RG1lod28681041 resource group. The solution must use the principle of least privilege.To complete this task, sign in to the Azure portal.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #130
HOTSPOT (Drag and Drop is not supported)You work at a company named Contoso, Ltd. that has the offices shown in the following table.Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com. All contoso.com users have Azure Multi-Factor Authentication (MFA) enabled. The tenant contains the users shown in the following table.The multi-factor settings for contoso.com are configured as shown in the following exhibit.For each of the following statements, select Yes if the statement is true. Othe
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #131
You have an Azure subscription that contains the virtual machines shown in the following table.All the virtual networks are peered. You deploy Azure Bastion to VNET2.Which virtual machines can be protected by the bastion host?
A. M1, VM2, VM3, and VM4
B. M1, VM2, and VM3 only
C. M2 and VM4 only
D. M2 only
View answer
Correct Answer: A
Question #132
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription that contains a user named Admin1 and an Azure key vault named Vault1.You plan to implement Microsoft Entra Verified ID.You need to create an access policy to ensure that Admin1 has permissions to Vault1 that support the implementation of the Verified ID service. The solution must use the principle of least privilege.Which three key permissions should you select? To answer, select the appropriate permissions in the answer area.NOTE: Each
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #133
HOTSPOT (Drag and Drop is not supported)You need to delegate the creation of RG2 and the management of permissions for RG1.Which users can perform each task? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #134
HOTSPOT (Drag and Drop is not supported)You have the hierarchy of Azure resources shown in the following exhibit.You create the Azure Blueprints definitions shown in the following table.To which objects can you assign Blueprint1 and Blueprint2? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A

View The Updated Microsoft Exam Questions

SPOTO Provides 100% Real Microsoft Exam Questions for You to Pass Your Microsoft Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: