Microsoft's AZ-500 You have the Azure resources shown in the following table.You need to meet the following requirements:✑ Internet-facing virtual machines must be protected by using network security groups (NSGs).✑ All the virtual machines must have disk encryption enabled.What is the minimum number of security policies that you should create in Microsoft Defender for Cloud?
#181
Answer: B✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription that contains a resource group named RG1 and the network security groups (NSGs) shown in the following table.You create the Azure policy shown in the following exhibit.You assign the policy to RG1.What will occur if you assign the policy to NSG1 and NSG2?
#182
Answer: B✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure Active Directory (Azure AD) tenant.You need to prevent nonprivileged Azure AD users from creating service principles in Azure AD.What should you do in the Azure Active Directory admin center of the tenant?
#183
Answer: A✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription that contains a managed identity named Identity1 and the Azure key vaults shown in the following table.KeyVault1 contains an access policy that grants Identity1 the following key permissions:• Get• List• Wrap• UnwrapYou need to provide Identity1 with the same permissions for KeyVault2. The solution must use the principle of least privilege.Which role should you assign to Identity1?
#184
Answer: A✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription named Sub1.In Microsoft Defender for Cloud, you have a workflow automation named WF1. WF1 is configured to send an email message to a user named User1.You need to modify WF1 to send email messages to a distribution group named Alerts.What should you use to modify WF1?
#185
Answer: A✅ Correct❌ Incorrect
Microsoft's AZ-500 Your on-premises network contains a Hyper-V virtual machine named VM1.You need to use Azure Arc to onboard VM1 to Microsoft Defender for Cloud.What should you install first?
#186
Answer: D✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud.You have the management group hierarchy shown in the following exhibit.You create the definitions shown in the following table.You need to use Defender for Cloud to add a security policy.Which definitions can you use as a security policy? E. Policy1, Initiative1, Initiative2, and Initiative3
#187
Answer: D✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription that contains a Microsoft Defender External Attack Surface Management (Defender EASM) resource named EASM1. EASM1 has discovery enabled and contains several inventory assets.You need to identify which inventory assets are vulnerable to the most critical web app security risks.Which Defender EASM dashboard should you use?
#188
Answer: B✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription that uses Microsoft Defender for Cloud.You need to use Defender for Cloud to review regulatory compliance with the Azure CIS 1.4.0 standard. The solution must minimize administrative effort.What should you do first?
#189
Answer: C✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription that contains an Azure key vault named Vault1 and a virtual machine named VM1.VM1 is connected to a virtual network named VNet1.You need to allow access to Vault1 only from VM1.What should you do in the Networking settings of Vault1?
#190
Answer: A✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription.You create a new virtual network named VNet1.You plan to deploy an Azure web app named App1 that will use VNet1 and will be reachable by using private IP addresses. The solution must support inbound and outbound network traffic.What should you do?
#191
Answer: C✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription that uses Microsoft Defender for Cloud. The subscription contains the Azure Policy definitions shown in the following table.Which definitions can be assigned as a security policy in Defender for Cloud? E. Policy1, Policy2, Initiative1, and Initiative2
#192
Answer: B✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription that uses Microsoft Defender for Cloud.You have accounts for the following cloud services:• Alibaba Cloud• Amazon Web Services (AWS)• Google Cloud Platform (GCP)What can you add to Defender for Cloud? E. Alibaba Cloud, AWS, and GCP
#193
Answer: D✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription.You plan to map an online infrastructure and perform vulnerability scanning for the following:• ASNs• Hostnames• IP addresses• SSL certificatesWhat should you use?
#194
Answer: B✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription that uses Microsoft Defender for Cloud.You have an Amazon Web Services (AWS) account.You need to ensure that when you deploy a new AWS Elastic Compute Cloud (EC2) instance, the Microsoft Defender for Servers agent installs automatically.What should you configure first?
#195
Answer: D✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription that uses Microsoft Defender for Cloud.You have an Amazon Web Services (AWS) account named AWS1 that is connected to Defender for Cloud.You need to ensure that AWS1 uses AWS Foundational Security Best Practices. The solution must minimize administrative effort.What should you do in Defender for Cloud?
#196
Answer: A✅ Correct❌ Incorrect
Microsoft's AZ-500 You are troubleshooting a security issue for an Azure Storage account.You enable Azure Storage Analytics logs and archive it to a storage account.What should you use to retrieve the diagnostics logs?
#197
Answer: D✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription that contains a Microsoft Defender External Attack Surface Management (Defender EASM) resource named EASM1.You review the Attack Surface Summary dashboard.You need to identify the following insights:• Deprecated technologies that are no longer supported• Infrastructure that will soon expireWhich section of the dashboard should you review?
#198
Answer: C✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription.You plan to deploy Microsoft Defender External Attack Surface Management (Defender EASM) to identify and monitor externally facing assets.You create a new Defender EASM instance named EASM1.What should you do next?
#199
Answer: D✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription that contains an Azure Key Vault Standard key vault named Vault1. Vault1 hosts a 2048-bit RSA key named key1.You need to ensure that key1 is rotated every 90 days.What should you do first?
#200
Answer: A✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription named Sub1 that has Security defaults disabled. The subscription contains the following users:• Five users that have owner permissions for Sub1.• Ten users that have owner permissions for Azure resources.None of the users have multi-factor authentication (MFA) enabled.Sub1 has the secure score as shown in the Secure Score exhibit. (Click the Secure Score tab.)You plan to enable MFA for the following users:• Five users that have owner permission for Sub1.• Five users that have owner permissions for Azure resources.By how many points will the secure score increase after you perform the planned changes? E. 14
#201
Answer: C✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription that uses Microsoft Defender for Cloud.You need to add a custom security recommendation to Defender for Cloud. The recommendation must be assigned the custom severity rating of the subscription.What should you create?
#202
Answer: C✅ Correct❌ Incorrect
Microsoft's AZ-500 Your company has an Azure subscription named Sub1.You plan to create several security alerts by using Azure Monitor.You need to prepare Sub1 for the alerts.What should you create first?
#203
Answer: C✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription that contains the Azure App Service web apps shown in the following table.You upload a private key certificate named Cert1.pfx to App1.Which apps can use Cert1? E. App1, App2, App3, and App4
#204
Answer: A✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription that uses Microsoft Defender for Cloud.You have an Amazon Web Services (AWS) account.You need to add the AWS account to Defender for Cloud.What should you do first?
#205
Answer: A✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure subscription that contains an Azure key vault.You create a storage account named storage1.You plan to store data in the following storage1 services:• Azure Files• Azure Blob storage• Azure Table storage• Azure Queue storageFor which two services can you configure data encryption by using the keys stored in the key vault? Each correct answer presents a complete solution,NOTE: Each correct selection is worth one point.
#206
Answer: A✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure SQL Database server named SQL1.For SQL1, you turn on Azure Defender for SQL to detect all threat detection types.Which action will Azure Defender for SQL detect as a threat?
#207
Answer: B✅ Correct❌ Incorrect
Microsoft's AZ-500 Your company uses Azure DevOps.You need to recommend a method to validate whether the code meets the company's quality standards and code review standards.What should you recommend implementing in Azure DevOps?
#208
Answer: C✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure web app named WebApp1.You upload a certificate to WebApp1.You need to make the certificate accessible to the app code of WebApp1.What should you do?
#209
Answer: B✅ Correct❌ Incorrect
Microsoft's AZ-500 You have an Azure web app named webapp1.You need to configure continuous deployment for webapp1 by using an Azure Repo.What should you create first?