MICROSOFT-AZ500

Microsoft's AZ-500 You are configuring and securing a network environment.You deploy an Azure virtual machine named VM1 that is configured to analyze network traffic.You need to ensure that all network traffic is routed through VM1.What should you configure?

Microsoft's AZ-500 You have an Azure subscription that contains the virtual networks shown in the following table.The subscription contains the virtual machines shown in the following table.On NIC1, you configure an application security group named ASG1.On which other network interfaces can you configure ASG1?

Microsoft's AZ-500 You have 15 Azure virtual machines in a resource group named RG1.All the virtual machines run identical applications.You need to prevent unauthorized applications and malware from running on the virtual machines.What should you do?

Microsoft's AZ-500 You have a web app hosted on an on-premises server that is accessed by using a URL of https://www.contoso.com.You plan to migrate the web app to Azure. You will continue to use https://www.contoso.com.You need to enable HTTPS for the Azure web app.What should you do first?

Microsoft's AZ-500 You plan to deploy Azure container instances.You have a containerized application that is comprised of two containers: an application container and a validation container. The application container is monitored by the validation container. The validation container performs security checks by making requests to the application container and waiting for responses after every transaction.You need to ensure that the application container and the validation container are scheduled to be deployed together. The containers must communicate to each other only on ports that are not externally exposed.What should you include in the deployment?

Microsoft's AZ-500 You are securing access to the resources in an Azure subscription.A new company policy states that all the Azure virtual machines in the subscription must use managed disks.You need to prevent users from creating virtual machines that use unmanaged disks.What should you use?

Microsoft's AZ-500 You plan to create an Azure Kubernetes Service (AKS) cluster in an Azure subscription.The manifest of the registered server application is shown in the following exhibit.You need to ensure that the AKS cluster and Azure Active Directory (Azure AD) are integrated.Which property should you modify in the manifest?

Microsoft's AZ-500 You have multiple development teams that will create apps in Azure.You plan to create a standard development environment that will be deployed for each team.You need to recommend a solution that will enforce resource locks across the development environments and ensure that the locks are applied in a consistent manner.What should you include in the recommendation?

Microsoft's AZ-500 You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.You need to use the automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry.What should you create?

Microsoft's AZ-500 You have an Azure subscription that contains two virtual machines named VM1 and VM2 that run Windows Server 2019.You are implementing Update Management in Azure Automation.You plan to create a new update deployment named Update1.You need to ensure that Update1 meets the following requirements:✑ Automatically applies updates to VM1 and VM2.✑ Automatically adds any new Windows Server 2019 virtual machines to Update1.What should you include in Update1?

Microsoft's AZ-500 You have the Azure virtual machines shown in the following table.For which virtual machines can you enable Update Management? E. VM1, VM2, and VM3 only

Microsoft's AZ-500 You have an Azure subscription that contains an Azure key vault.You need to configure the maximum number of days for which new keys are valid. The solution must minimize administrative effort.What should you use?

Microsoft's AZ-500 You have an Azure subscription that contains an Azure Data Lake Storage Gen2 account named storage1.You deploy an Azure Synapse Analytics workspace named synapsews1 to a managed virtual network.You need to enable access from synapsews1 to storage1.What should you configure?

Microsoft's AZ-500 You have a Microsoft Entra tenant named Contoso.com and an Azure Kubernetes Service (AKS) cluster AKS1.You discover that AKS1 cannot be accessed by using accounts from Contoso.com.You need to ensure AKS1 can be accessed by using accounts from Contoso.com. The solution must minimize administrative effort.What should you do first?

Microsoft's AZ-500 You are testing an Azure Kubernetes Service (AKS) cluster. The cluster is configured as shown in the exhibit. (Click the Exhibit tab.)You plan to deploy the cluster to production. You disable HTTP application routing.You need to implement application routing that will provide reverse proxy and TLS termination for AKS services by using a single IP address.What should you do?

Microsoft's AZ-500 You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains the subnets shown in the following table.You create the virtual machines shown in the following table.You plan to configure just-in-time (JIT) VM access for the virtual machines. The solution must minimize administrative effort.For which virtual machines can you configure JIT VM access? E. VM1, VM2, VM3, and VM4

Microsoft's AZ-500 You have an Azure Storage account named storage1 that has a container named container1.You need to prevent the blobs in container1 from being modified.What should you do?

Microsoft's AZ-500 Your company has an Azure Active Directory (Azure AD) tenant named contoso.com.You plan to create several security alerts by using Azure Monitor.You need to prepare the Azure subscription for the alerts.What should you create first?

Microsoft's AZ-500 You company has an Azure subscription named Sub1. Sub1 contains an Azure web app named WebApp1 that uses Azure Application Insights. WebApp1 requires users to authenticate by using OAuth 2.0 client secrets.Developers at the company plan to create a multi-step web test app that preforms synthetic transactions emulating user traffic to Web App1.You need to ensure that web tests can run unattended.What should you do first?

Microsoft's AZ-500 You have an Azure subscription named Subscription1.You deploy a Linux virtual machine named VM1 to Subscription1.You need to monitor the metrics and the logs of VM1.What should you use?

Microsoft's AZ-500 You onboard Azure Sentinel. You connect Azure Sentinel to Azure Security Center.You need to automate the mitigation of incidents in Azure Sentinel. The solution must minimize administrative effort.What should you create?

Microsoft's AZ-500 You have an Azure Active Directory (Azure AD) tenant named contoso.com.You need to configure diagnostic settings for contoso.com. The solution must meet the following requirements:✑ Retain logs for two years.✑ Query logs by using the Kusto query language.✑ Minimize administrative effort.Where should you store the logs?

Microsoft's AZ-500 You are troubleshooting a security issue for an Azure Storage account.You enable the diagnostic logs for the storage account.What should you use to retrieve the diagnostics logs?

Microsoft's AZ-500 You have an Azure subscription that contains the virtual machines shown in the following table.From Azure Security Center, you turn on Auto Provisioning.You deploy the virtual machines shown in the following table.On which virtual machines is the Microsoft Monitoring Agent installed?

Microsoft's AZ-500 You have 10 virtual machines on a single subnet that has a single network security group (NSG).You need to log the network traffic to an Azure Storage account.What should you do?

Microsoft's AZ-500 You have an Azure subscription that contains the virtual machines shown in the following table.From Azure Security Center, you turn on Auto Provisioning.You deploy the virtual machines shown in the following table.On which virtual machines is the Log Analytics Agent installed?

Microsoft's AZ-500 You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.You are assigned the Global administrator role for the tenant. You are responsible for managing Azure Security Center settings.You need to create a custom sensitivity label.What should you do?

Microsoft's AZ-500 You have an Azure subscription that contains the Azure Log Analytics workspaces shown in the following table.You create the virtual machines shown in the following table.You plan to use Azure Sentinel to monitor Windows Defender Firewall on the virtual machines.Which virtual machines you can connect to Azure Sentinel?

Microsoft's AZ-500 You have an Azure subscription that contains 100 virtual machines and has Azure Defender enabled.You plan to perform a vulnerability scan of each virtual machine.You need to deploy the vulnerability scanner extension to the virtual machines by using an Azure Resource Manager template.Which two values should you specify in the code to automate the deployment of the extension to the virtual machines? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. E. the system-assigned managed identity F. the primary shared key

Microsoft's AZ-500 You have an Azure subscription that contains a user named Admin1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer.Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center.You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1.What should you do?