MICROSOFT-AZ500

Microsoft's AZ-500 You have a sneaking suspicion that there are users trying to sign in to resources which are inaccessible to them.You decide to create an Azure Log Analytics query to confirm your suspicions. The query will detect unsuccessful user sign-in attempts from the last few days.You want to make sure that the results only show users who had failed to sign-in more than five times.Which of the following should be included in your query?

Microsoft's AZ-500 Your company uses Azure DevOps with branch policies configured.Which of the following is TRUE with regards to branch policies? (Choose all that apply.)

Microsoft's AZ-500 After creating a new Azure subscription, you are tasked with making sure that custom alert rules can be created in Azure Security Center.You have created an Azure Storage account.Which of the following is the action you should take?

Microsoft's AZ-500 Your company's Azure subscription includes an Azure Log Analytics workspace.Your company has a hundred on-premises servers that run either Windows Server 2012 R2 or Windows Server 2016, and is linked to the Azure Log Analytics workspace. The Azure Log Analytics workspace is set up to gather performance counters associated with security from these linked servers.You have been tasked with configuring alerts according to the information gathered by the Azure Log Analytics workspace.You have to make sure that alert rules allow for dimensions, and that alert creation time should be kept to a minimum. Furthermore, a single alert notification must be created when the alert is created and when the alert is sorted out.You need to make use of the necessary signal type when creating the alert rules.Which of the following is the option you should use?

Microsoft's AZ-500 Your company's Azure subscription includes a hundred virtual machines that have Azure Diagnostics enabled.You have been tasked with retrieving the identity of the user that removed a virtual machine fifteen days ago. You have already accessed Azure Monitor.Which of the following options should you use?

Microsoft's AZ-500 Your company's Azure subscription includes a hundred virtual machines that have Azure Diagnostics enabled.You have been tasked with analyzing the security events of a Windows Server 2016 virtual machine. You have already accessed Azure Monitor.Which of the following options should you use?

Microsoft's AZ-500 You have been tasked with making sure that you are able to modify the operating system security configurations via Azure Security Center.To achieve your goal, you need to have the correct pricing tier for Azure Security Center in place.Which of the following is the pricing tier required?

Microsoft's AZ-500 Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company's Azure subscription is linked to their Azure Active Directory (Azure AD) tenant.After an internally developed application is registered in Azure AD, you are tasked with making sure that the application has the ability to access Azure Key Vault secrets on application the users' behalf.Solution: You configure a delegated permission with admin consent.Does the solution meet the goal?

Microsoft's AZ-500 Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company's Azure subscription is linked to their Azure Active Directory (Azure AD) tenant.After an internally developed application is registered in Azure AD, you are tasked with making sure that the application has the ability to access Azure Key Vault secrets on application the users' behalf.Solution: You configure a delegated permission with no admin consent.Does the solution meet the goal?

Microsoft's AZ-500 You need to consider the underlined segment to establish whether it is accurate.Your Azure Active Directory Azure (Azure AD) tenant has an Azure subscription linked to it.Your developer has created a mobile application that obtains Azure AD access tokens using the OAuth 2 implicit grant type.The mobile application must be registered in Azure AD.You require a redirect URI from the developer for registration purposes.Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.

Microsoft's AZ-500 You are in the process of configuring an Azure policy via the Azure portal.Your policy will include an effect that will need a managed identity for it to be assigned.Which of the following is the effect in question?

Microsoft's AZ-500 You have been tasked with creating an Azure key vault using PowerShell. You have been informed that objects deleted from the key vault must be kept for a set period of 90 days.Which two of the following parameters must be used in conjunction to meet the requirement? (Choose two.)

Microsoft's AZ-500 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure subscription named Sub1.You have an Azure Storage account named sa1 in a resource group named RG1.Users and applications access the blob service and the file service in sa1 by using several shared access signatures (SASs) and stored access policies.You discover that unauthorized users accessed both the file service and the blob service.You need to revoke all access to sa1.Solution: You create a new stored access policy.Does this meet the goal?

Microsoft's AZ-500 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a hybrid configuration of Azure Active Directory (Azure AD).You have an Azure HDInsight cluster on a virtual network.You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.You need to configure the environment to support the planned authentication.Solution: You deploy the On-premises data gateway to the on-premises network.Does this meet the goal?

Microsoft's AZ-500 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a hybrid configuration of Azure Active Directory (Azure AD).You have an Azure HDInsight cluster on a virtual network.You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.You need to configure the environment to support the planned authentication.Solution: You create a site-to-site VPN between the virtual network and the on-premises network.Does this meet the goal?

Microsoft's AZ-500 Your network contains an Active Directory forest named contoso.com. The forest contains a single domain.You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.You plan to deploy Azure AD Connect and to integrate Active Directory and the Azure AD tenant.You need to recommend an integration solution that meets the following requirements:✑ Ensures that password policies and user logon restrictions apply to user accounts that are synced to the tenant✑ Minimizes the number of servers required for the solution.Which authentication method should you include in the recommendation?

Microsoft's AZ-500 Your network contains an on-premises Active Directory domain named corp.contoso.com.You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.You sync all on-premises identities to Azure AD.You need to prevent users who have a givenName attribute that starts with TEST from being synced to Azure AD. The solution must minimize administrative effort.What should you use?

Microsoft's AZ-500 You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.An administrator named Admin1 has access to the following identities:✑ An OpenID-enabled user account✑ A Hotmail account✑ An account in contoso.com✑ An account in an Azure AD tenant named fabrikam.comYou plan to use Azure Account Center to transfer the ownership of Sub1 to Admin1.To which accounts can you transfer the ownership of Sub1?

Microsoft's AZ-500 Your company plans to create separate subscriptions for each department. Each subscription will be associated to the same Azure Active Directory (Azure AD) tenant.You need to configure each subscription to have the same role assignments.What should you use?

Microsoft's AZ-500 You have an Azure subscription.You create an Azure web app named Contoso1812 that uses an S1 App Service plan.You plan to -create a CNAME DNS record for www.contoso.com that points to Contoso1812.You need to ensure that users can access Contoso1812 by using the https://www.contoso.com URL.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. E. Scale up the App Service plan of Contoso1812. F. Upload a PFX file to Contoso1812.

Microsoft's AZ-500 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure subscription named Sub1.You have an Azure Storage account named sa1 in a resource group named RG1.Users and applications access the blob service and the file service in sa1 by using several shared access signatures (SASs) and stored access policies.You discover that unauthorized users accessed both the file service and the blob service.You need to revoke all access to sa1.Solution: You create a lock on sa1.Does this meet the goal?

Microsoft's AZ-500 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a hybrid configuration of Azure Active Directory (Azure AD).You have an Azure HDInsight cluster on a virtual network.You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.You need to configure the environment to support the planned authentication.Solution: You deploy Azure Active Directory Domain Services (Azure AD DS) to the Azure subscription.Does this meet the goal?

Microsoft's AZ-500 Your network contains an Active Directory forest named contoso.com. You have an Azure Active Directory (Azure AD) tenant named contoso.com.You plan to configure synchronization by using the Express Settings installation option in Azure AD Connect.You need to identify which roles and groups are required to perform the planned configuration. The solution must use the principle of least privilege.Which two roles and groups should you identify? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. E. the Enterprise Admins group in Active Directory

Microsoft's AZ-500 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a hybrid configuration of Azure Active Directory (Azure AD).You have an Azure HDInsight cluster on a virtual network.You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.You need to configure the environment to support the planned authentication.Solution: You deploy an Azure AD Application Proxy.Does this meet the goal?

Microsoft's AZ-500 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure subscription named Sub1.You have an Azure Storage account named sa1 in a resource group named RG1.Users and applications access the blob service and the file service in sa1 by using several shared access signatures (SASs) and stored access policies.You discover that unauthorized users accessed both the file service and the blob service.You need to revoke all access to sa1.Solution: You regenerate the Azure storage account access keys.Does this meet the goal?

Microsoft's AZ-500 You have a hybrid configuration of Azure Active Directory (Azure AD) that has Single Sign-On (SSO) enabled. You have an Azure SQL Database instance that is configured to support Azure AD authentication.Database developers must connect to the database instance from the domain joined device and authenticate by using their on-premises Active Directory account.You need to ensure that developers can connect to the instance by using Microsoft SQL Server Management Studio. The solution must minimize authentication prompts.Which authentication method should you recommend?

Microsoft's AZ-500 You plan to use Azure Resource Manager templates to perform multiple deployments of identically configured Azure virtual machines. The password for the administrator account of each deployment is stored as a secret in different Azure key vaults.You need to identify a method to dynamically construct a resource ID that will designate the key vault containing the appropriate secret during each deployment.The name of the key vault and the name of the secret will be provided as inline parameters.What should you use to construct the resource ID?

Microsoft's AZ-500 You have an Azure subscription.You configure the subscription to use a different Azure Active Directory (Azure AD) tenant.What are two possible effects of the change? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.

Microsoft's AZ-500 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure subscription named Sub1.You have an Azure Storage account named sa1 in a resource group named RG1.Users and applications access the blob service and the file service in sa1 by using several shared access signatures (SASs) and stored access policies.You discover that unauthorized users accessed both the file service and the blob service.You need to revoke all access to sa1.Solution: You generate new SASs.Does this meet the goal?

Microsoft's AZ-500 You have an Azure subscription that contains virtual machines.You enable just in time (JIT) VM access to all the virtual machines.You need to connect to a virtual machine by using Remote Desktop.What should you do first?