MICROSOFT-AZ500

Microsoft's AZ-500 Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.The company develops an application named App1. App1 is registered in Azure AD.You need to ensure that App1 can access secrets in Azure Key Vault on behalf of the application users.What should you configure?

Microsoft's AZ-500 Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.The company develops a mobile application named App1. App1 uses the OAuth 2 implicit grant type to acquire Azure AD access tokens.You need to register App1 in Azure AD.What information should you obtain from the developer to register the application?

Microsoft's AZ-500 From the Azure portal, you are configuring an Azure policy.You plan to assign policies that use the DeployIfNotExist, AuditIfNotExist, Append, and Deny effects.Which effect requires a managed identity for the assignment?

Microsoft's AZ-500 You have an Azure subscription that contains an Azure key vault named Vault1.In Vault1, you create a secret named Secret1.An application developer registers an application in Azure Active Directory (Azure AD).You need to ensure that the application can use Secret1.What should you do?

Microsoft's AZ-500 You have an Azure SQL database.You implement Always Encrypted.You need to ensure that application developers can retrieve and decrypt data in the database.Which two pieces of information should you provide to the developers? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. E. the column master key

Microsoft's AZ-500 You have a hybrid configuration of Azure Active Directory (Azure AD).All users have computers that run Windows 10 and are hybrid Azure AD joined.You have an Azure SQL database that is configured to support Azure AD authentication.Database developers must connect to the SQL database by using Microsoft SQL Server Management Studio (SSMS) and authenticate by using their on-premisesActive Directory account.You need to tell the developers which authentication method to use to connect to the SQL database from SSMS. The solution must minimize authentication prompts.Which authentication method should you instruct the developers to use?

Microsoft's AZ-500 You have an Azure subscription that contains four Azure SQL managed instances.You need to evaluate the vulnerability of the managed instances to SQL injection attacks.What should you do first?

Microsoft's AZ-500 You have an Azure subscription that contains a virtual machine named VM1.You create an Azure key vault that has the following configurations:✑ Name: Vault5✑ Region: West US✑ Resource group: RG1You need to use Vault5 to enable Azure Disk Encryption on VM1. The solution must support backing up VM1 by using Azure Backup.Which key vault settings should you configure?

Microsoft's AZ-500 You have an Azure subscription named Sub1 that contains the resources shown in the following table.You need to ensure that you can provide VM1 with secure access to a database on SQL1 by using a contained database user.What should you do?

Microsoft's AZ-500 You have an Azure subscription named Sub1 that contains the Azure key vaults shown in the following table:In Sub1, you create a virtual machine that has the following configurations:✑ Name: VM1✑ Size: DS2v2✑ Resource group: RG1✑ Region: West Europe✑ Operating system: Windows Server 2016You plan to enable Azure Disk Encryption on VM1.In which key vaults can you store the encryption key for VM1?

Microsoft's AZ-500 You have a web app named WebApp1.You create a web application firewall (WAF) policy named WAF1.You need to protect WebApp1 by using WAF1.What should you do first?

Microsoft's AZ-500 You have an Azure subscription that contains an Azure SQL database named sql1.You plan to audit sql1.You need to configure the audit log destination. The solution must meet the following requirements:✑ Support querying events by using the Kusto query language.✑ Minimize administrative effort.What should you configure?

Microsoft's AZ-500 You have an Azure subscription that contains as Azure key vault and an Azure Storage account. The key vault contains customer-managed keys. The storage account is configured to use the customer-managed keys stored in the key vault.You plan to store data in Azure by using the following services:✑ Azure Files✑ Azure Blob storage✑ Azure Table storage✑ Azure Queue storageWhich two services support data encryption by using the keys stored in the key vault? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.

Microsoft's AZ-500 You have an Azure subscription that contains an Azure SQL database named DB1 in the East US Azure region.You create the storage accounts shown in the following table.You plan to enable auditing for DB1.Which storage accounts can you use as the auditing destination for DB1? E. storage2 and storage3 only

Microsoft's AZ-500 You have an on-premises network and an Azure subscription.You have the Microsoft SQL Server instances shown in the following table.You plan to implement Microsoft Defender for SQL.Which SQL Server instances will be protected by Microsoft Defender for SQL?

Microsoft's AZ-500 You have an Azure subscription that contains an Azure SQL Database logic server named SQL1 and an Azure virtual machine named VM1. VM1 uses a private IP address only.The Firewall and virtual networks settings for SQL1 are shown in the following exhibit.You need to ensure that VM1 can connect to SQL1. The solution must use the principle of least privilege.What should you do?

Microsoft's AZ-500 You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1.You need to ensure that the members of Group1 sign in by using passwordless authentication.What should you do?

Microsoft's AZ-500 You have an Azure subscription that contains the resources shown in the following table.You need to configure storage1 to regenerate keys automatically every 90 days.Which cmdlet should you run?

Microsoft's AZ-500 You have an Azure subscription that contains an Azure key vault named Vault1 and a virtual machine named VM1. VM1 has the Key Vault VM extension installed.For Vault1, you rotate the keys, secrets, and certificates.What will be updated automatically on VM1? E. the secrets and certificates only F. the keys, secrets, and certificates

Microsoft's AZ-500 You have an Azure subscription that contains the resources shown in the following table.Both VM1 and VM2 connect to VNET1 and are configured to use NSG1.You need to ensure that only VM1 and VM2 can access DB1.What should you do?

Microsoft's AZ-500 You have an Azure AD tenant that contains a user named User1.You purchase an app named App1.User1 needs to publish App1 by using Azure AD Application Proxy.Which role should you assign to User1?

Microsoft's AZ-500 You have an Azure subscription that contains the virtual machines shown in the following table.Which computers will support file integrity monitoring?

Microsoft's AZ-500 You have an Azure subscription that contains the virtual machines shown in the following table.You are configuring Microsoft Defender for Servers.You plan to enable adaptive application controls to create an allowlist of known-safe apps on the virtual machines.Which virtual machines support the use of adaptive application controls?

Microsoft's AZ-500 You have an Azure subscription. The subscription contains a virtual network named VNet1 that contains the subnets shown in the following table.The subscription contains the function apps shown in the following table.The outbound traffic of which app is controlled by using NSG1?

Microsoft's AZ-500 You have a Microsoft Entra tenant named contoso.com.You collaborate with a partner organization that has a Microsoft Entra tenant named fabrikam.com.You need to create an allow list of cloud apps from fabrikam.com that can be used by the users in contoso.com.What should you do for contoso.com in the Microsoft Entra admin center?

Microsoft's AZ-500 You have an Azure subscription that contains a resource group named RG1 and the network security groups (NSGs) shown in the following table.You create and assign the Azure policy shown in the following exhibit.What is the flow log status of NSG1 and NSG2 after the Azure policy is assigned?

Microsoft's AZ-500 You need to meet the identity and access requirements for Group1.What should you do?

Microsoft's AZ-500 You have an Azure subscription that contains a storage account named storage1 and a virtual machine named VM1.VM1 is connected to a virtual network named VNet1 that contains one subnet and uses Azure DNS.You need to ensure that VM1 connects to storage1 by using a private IP address. The solution must minimize administrative effort.What should you do?

Microsoft's AZ-500 You have an Azure subscription that contains a web app named App1. App1 provides users with product images and videos. Users access App1 by using a URL of HTTPS://app1.contoso.com.You deploy two server pools named Pool1 and Pool2. Pool1 hosts product images. Pool2 hosts product videos.You need to optimize the performance of App1. The solution must meet the following requirements:• Minimize the performance impact of TLS connections on Pool1 and Pool2.• Route user requests to the server pools based on the requested URL path.What should you include in the solution?

Microsoft's AZ-500 You have an Azure subscription that contains an instance of Azure Firewall Standard named AzFW1.You need to identify whether you can use the following features with AzFW1:• TLS inspection• Threat intelligence• The network intrusion detection and prevention systems (IDPS)What can you use? E. TLS inspection, threat intelligence, and the IDPS