Try Before You Buy

Download a free sample of any of our exam questions and answers

  • 24/7 customer support, Secure shopping site
  • Free One year updates to match real exam scenarios
  • If you failed your exam after buying our products we will refund the full amount back to you.
Free Download
  • Home
  • Articles
  • [Feb 14, 2024] AZ-500 Exam Dumps 100% Same Q&A In Your Real Exam [Q238-Q254]

[Feb 14, 2024] AZ-500 Exam Dumps 100% Same Q&A In Your Real Exam [Q238-Q254]

Share

[Feb 14, 2024] AZ-500 Exam Dumps 100% Same Q&A In Your Real Exam

AZ-500 Test Engine Dumps Training With 401 Questions


The Microsoft AZ-500 exam covers a range of topics related to securing Microsoft Azure, including identity and access management, platform protection, data and application protection, and security operations. It is intended for individuals who have experience working with Azure security technologies and are looking to validate their knowledge and skills in this area. AZ-500 exam is also ideal for those seeking to advance their careers in cloud security.

 

NEW QUESTION # 238
You have an Azure subscription named Subcription1 that contains the resources shown in the following table.

You have an Azure subscription named Subcription2 that contains the following resources:
* An Azure Sentinel workspace
* An Azure Event Grid instance
You need to ingest the CEF messages from the NVAs to Azure Sentinel.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 239
You have an Azure subscription named Sub 1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

Each user is assigned an Azure AD Premium P2 license.
You plan lo onboard and configure Azure AD identity Protection.
Which users can onboard Azure AD Identity Protection, remediate users, and configure policies? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point

Answer:

Explanation:


NEW QUESTION # 240
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Sub1.
You have an Azure Storage account named Sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in Sa1 by using several shared access signatures (SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to Sa1.
Solution: You create a lock on Sa1.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
Explanation/Reference:
Explanation:
To revoke a stored access policy, you can either delete it, or rename it by changing the signed identifier.
Changing the signed identifier breaks the associations between any existing signatures and the stored access policy. Deleting or renaming the stored access policy immediately affects all of the shared access signatures associated with it.
References:
https://docs.microsoft.com/en-us/rest/api/storageservices/Establishing-a-Stored-Access-Policy


NEW QUESTION # 241
You have an Azure subscription that contains the virtual machines shown in the following table.

From Azure Security Center, you turn on Auto Provisioning.
You deploy the virtual machines shown in the following table.

On which virtual machines is the Log Analytics agent installed?

  • A. VM3 only
  • B. VM1 and VM3 only
  • C. VM1, VM2, VM3, and VM4
  • D. VM3 and VM4 only

Answer: C

Explanation:
Explanation
When automatic provisioning is On, Security Center provisions the Log Analytics Agent on all supported Azure VMs and any new ones that are created.
Supported Operating systems include: Ubuntu 14.04 LTS (x86/x64), 16.04 LTS (x86/x64), and 18.04 LTS (x64) and Windows Server 2008 R2, 2012, 2012 R2, 2016, version 1709 and 1803 Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection


NEW QUESTION # 242
You have an Azure subscription named Sub1 that contains the virtual machines shown in the following table.

You need to ensure that the virtual machines in RG1 have the Remote Desktop port closed until an authorized user requests access.
What should you configure?

  • A. Azure Active Directory (Azure AD) conditional access
  • B. just in time (JIT) VM access
  • C. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
  • D. an application security group

Answer: B

Explanation:
Explanation
Just-in-time (JIT) virtual machine (VM) access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.
Note: When just-in-time is enabled, Security Center locks down inbound traffic to your Azure VMs by creating an NSG rule. You select the ports on the VM to which inbound traffic will be locked down. These ports are controlled by the just-in-time solution.
When a user requests access to a VM, Security Center checks that the user has Role-Based Access Control (RBAC) permissions that permit them to successfully request access to a VM. If the request is approved, Security Center automatically configures the Network Security Groups (NSGs) and Azure Firewall to allow inbound traffic to the selected ports and requested source IP addresses or ranges, for the amount of time that was specified. After the time has expired, Security Center restores the NSGs to their previous states. Those connections that are already established are not being interrupted, however.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time


NEW QUESTION # 243
You have an Azure Sentinel workspace that has the following data connectors:
Azure Active Directory Identity Protection
Common Event Format (CEF)
Azure Firewall
You need to ensure that data is being ingested from each connector.
From the Logs query window, which table should you query for each connector? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 244
You need to ensure that users can access VM0. The solution must meet the platform protection requirements.
What should you do?

  • A. On Firewall, configure a DNAT rule.
  • B. On Firewall, configure a network traffic filtering rule.
  • C. Move VM0 to Subnet1.
  • D. Assign RT1 to AzureFirewallSubnet.

Answer: A

Explanation:
https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-dnat
Topic 2, Contoso
Technical Requirements
Contoso identifies the following technical requirements:
Deploy Azure Firewall to VNetWork1 in Sub2.
Register an application named App2 in contoso.com.
Whenever possible, use the principle of least privilege.
Enable Azure AD Privileged Identity Management (PIM) for contoso.com
Existing Environment
Azure AD
Contoso.com contains the users shown in the following table.

Contoso.com contains the security groups shown in the following table.

Sub1
Sub1 contains six resource groups named RG1, RG2, RG3, RG4, RG5, and RG6.
User2 creates the virtual networks shown in the following table.

Sub1 contains the locks shown in the following table.

Sub1 contains the Azure policies shown in the following table.

Sub2

Sub2 contains the virtual machines shown in the following table.

All virtual machines have the public IP addresses and the Web Server (IIS) role installed. The firewalls for each virtual machine allow ping requests and web requests.
Sub2 contains the network security groups (NSGs) shown in the following table.

NSG1 has the inbound security rules shown in the following table.

NSG2 has the inbound security rules shown in the following table.

NSG3 has the inbound security rules shown in the following table.

NSG4 has the inbound security rules shown in the following table.

NSG1, NSG2, NSG3, and NSG4 have the outbound security rules shown in the following table.

Contoso identifies the following technical requirements:
Deploy Azure Firewall to VNetwork1 in Sub2.
Register an application named App2 in contoso.com.
Whenever possible, use the principle of least privilege.
Enable Azure AD Privileged Identity Management (PIM) for contoso.com.


NEW QUESTION # 245
You have an Azure subscription that contains the virtual machines shown in the following table.

From Azure Security Center, you turn on Auto Provisioning.
You deploy the virtual machines shown in the following table.

On which virtual machines is the Microsoft Monitoring agent installed?

  • A. VM3 only
  • B. VM1 and VM3 only
  • C. VM1, VM2, VM3, and VM4
  • D. VM3 and VM4 only

Answer: C

Explanation:
Explanation
When automatic provisioning is enabled, Security Center provisions the Microsoft Monitoring Agent on all supported Azure VMs and any new ones that are created.
Supported Operating systems include: Ubuntu 14.04 LTS (x86/x64), 16.04 LTS (x86/x64), and 18.04 LTS (x64) and Windows Server 2008 R2, 2012, 2012 R2, 2016, version 1709 and 1803.
References:
https://docs.microsoft.com/en-us/azure/security-center/security-center-faq


NEW QUESTION # 246
You have an Azure subscription that contains the virtual machines shown in the following table.

All the virtual networks are peered.
You deploy Azure Bastion to VNET2.
Which virtual machines can be protected by the bastion host?

  • A. VM2 only
  • B. VM1, VM2, VM3, and VM4
  • C. VM1, VM2, and VM3 only
  • D. VM2 and VM4 only

Answer: B

Explanation:
Explanation
https://docs.microsoft.com/en-us/azure/bastion/vnet-peering


NEW QUESTION # 247
You create resources in an Azure subscription as shown in the following table.

VNET1 contains two subnets named Subnet1 and Subnet2. Subnet1 has a network ID of 10.0.0.0/24. Subnet2 has a network ID of 10.1.1.0/24.
Contoso1901 is configured as shown in the exhibit. (Click the Exhibit tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 248
You have an Azure subscription that contains the storage accounts shown in the following table.

You need to configure authorization access.
Which authorization types can you use for each storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/storage/common/authorize-data-access


NEW QUESTION # 249
You have an Azure subscription named Sub1.
You create a virtual network that contains one subnet. On the subnet, you provision the virtual machines shown in the following table.

Currently, you have not provisioned any network security groups (NSGs).
You need to implement network security to meet the following requirements:
* Allow traffic to VM4 from VM3 only.
* Allow traffic from the Internet to VM1 and VM2 only.
* Minimize the number of NSGs and network security rules.
How many NSGs and network security rules should you create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation
NSGs: 1
Network security rules: 3
Not 2: You cannot specify multiple service tags or application groups) in a security rule.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview


NEW QUESTION # 250
You have an Azure subscription that contains the storage accounts shown in the following table.

You need to configure authorization access.
Which authorization types can you use for each storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/storage/common/authorize-data-access


NEW QUESTION # 251
You need to meet the identity and access requirements for Group1.
What should you do?

  • A. Change the membership type of Group1 to Assigned. Create two groups that have dynamic memberships.
    Add the new groups to Group1.
  • B. Add a membership rule to Group1.
  • C. Delete Group1. Create a new group named Group1 that has a membership type of Office 365. Add users
    and devices to the group.
  • D. Modify the membership rule of Group1.

Answer: C

Explanation:
Incorrect Answers:
A, C: You can create a dynamic group for devices or for users, but you can't create a rule that contains both
users and devices.
D: For assigned group you can only add individual members.
Scenario:
Litware identifies the following identity and access requirements: All San Francisco users and their devices
must be members of Group1.
The tenant currently contain this group:

References:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-
portal
Manage identity and access
Testlet 2
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like
to complete each case. However, there may be additional case studies and sections on this exam. You must
manage your time to ensure that you are able to complete all questions included on this exam in the time
provided.
To answer the questions included in a case study, you will need to reference information that is provided in the
case study. Case studies might contain exhibits and other resources that provide more information about the
scenario that is described in the case study. Each question is independent of the other question on this case
study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and
to make changes before you move to the next sections of the exam. After you begin a new section, you cannot
return to this section.
To start the case study
To display the first question on this case study, click the Next button. Use the buttons in the left pane to explore
the content of the case study before you answer the questions. Clicking these buttons displays information
such as business requirements, existing environment, and problem statements. If the case study has an All
Information tab, note that the information displayed is identical to the information displayed on the subsequent
tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and
New York.
The company hosts its entire server infrastructure in Azure.
Contoso has two Azure subscriptions named Sub1 and Sub2. Both subscriptions are associated to an Azure
Active Directory (Azure AD) tenant named contoso.com.
Technical requirements
Contoso identifies the following technical requirements:
* Deploy Azure Firewall to VNetWork1 in Sub2.
* Register an application named App2 in contoso.com.
* Whenever possible, use the principle of least privilege.
* Enable Azure AD Privileged Identity Management (PIM) for contoso.com
Existing Environment
Azure AD
Contoso.com contains the users shown in the following table.

Contoso.com contains the security groups shown in the following table.

Sub1
Sub1 contains six resource groups named RG1, RG2, RG3, RG4, RG5, and RG6.
User2 creates the virtual networks shown in the following table.

Sub1 contains the locks shown in the following table.

Sub1 contains the Azure policies shown in the following table.

Sub2

Sub2 contains the virtual machines shown in the following table.

All virtual machines have the public IP addresses and the Web Server (IIS) role installed. The firewalls for each
virtual machine allow ping requests and web requests.
Sub2 contains the network security groups (NSGs) shown in the following table.

NSG1 has the inbound security rules shown in the following table.

NSG2 has the inbound security rules shown in the following table.

NSG3 has the inbound security rules shown in the following table.

NSG4 has the inbound security rules shown in the following table.

NSG1, NSG2, NSG3, and NSG4 have the outbound security rules shown in the following table.

Contoso identifies the following technical requirements:
* Deploy Azure Firewall to VNetwork1 in Sub2.
* Register an application named App2 in contoso.com.
* Whenever possible, use the principle of least privilege.
* Enable Azure AD Privileged Identity Management (PIM) for contoso.com.
AZ-500
Number: AZ-500
Passing Score: 800
Time Limit: 120 min
File Version: 1
AZ-500
Manage identity and access
Testlet 1
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like
to complete each case. However, there may be additional case studies and sections on this exam. You must
manage your time to ensure that you are able to complete all questions included on this exam in the time
provided.
To answer the questions included in a case study, you will need to reference information that is provided in the
case study. Case studies might contain exhibits and other resources that provide more information about the
scenario that is described in the case study. Each question is independent of the other question on this case
study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and
to make changes before you move to the next sections of the exam. After you begin a new section, you cannot
return to this section.
To start the case study
To display the first question on this case study, click the Next button. Use the buttons in the left pane to explore
the content of the case study before you answer the questions. Clicking these buttons displays information
such as business requirements, existing environment, and problem statements. If the case study has an All
Information tab, note that the information displayed is identical to the information displayed on the subsequent
tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Litware, Inc. is a digital media company that has 500 employees in the Chicago area and 20 employees in the
San Francisco area.
Existing Environment
Litware has an Azure subscription named Sub1 that has a subscription ID of 43894a43-17c2-4a39-8cfc-
3540c2653ef4.
Sub1 is associated to an Azure Active Directory (Azure AD) tenant named litwareinc.com. The tenant contains
the user objects and the device objects of all the Litware employees and their devices. Each user is assigned
an Azure AD Premium P2 license. Azure AD Privileged Identity Management (PIM) is activated.
The tenant contains the groups shown in the following table.

The Azure subscription contains the objects shown in the following table.

Azure Security Center is set to the Free tier.
Planned changes
Litware plans to deploy the Azure resources shown in the following table.

Litware identifies the following identity and access requirements:
* All San Francisco users and their devices must be members of Group1.
* The members of Group2 must be assigned the Contributor role to Resource Group2 by using a permanent
eligible assignment.
* Users must be prevented from registering applications in Azure AD and from consenting to applications that
access company information on the users' behalf.
Platform Protection Requirements
Litware identifies the following platform protection requirements:
* Microsoft Antimalware must be installed on the virtual machines in Resource Group1.
* The members of Group2 must be assigned the Azure Kubernetes Service Cluster Admin Role.
* Azure AD users must be to authenticate to AKS1 by using their Azure AD credentials.
* Following the implementation of the planned changes, the IT team must be able to connect to VM0 by using
JIT VM access.
* A new custom RBAC role named Role1 must be used to delegate the administration of the managed disks
in Resource Group1. Role1 must be available only for Resource Group1.
Security Operations Requirements
Litware must be able to customize the operating system security configurations in Azure Security Center.
Data and Application Requirements
Litware identifies the following data and applications requirements:
* The users in Group2 must be able to authenticate to SQLDB1 by using their Azure AD credentials
* WebApp1 must enforce mutual authentication
General Requirements
Litware identifies the following general requirements:
* Whenever possible, administrative effort must be minimized
* Whenever possible, use of automation must be minimized


NEW QUESTION # 252
You are configuring network connectivity for two Azure virtual networks named VNET1 and VNET2.
You need to implement VPN gateways for the virtual networks to meet the following requirements:
* VNET1 must have six site-to-site connections that use BGP.
* VNET2 must have 12 site-to-site connections that use BGP.
* Costs must be minimized.
Which VPN gateway SKI) should you use for each virtual network? To answer, drag the appropriate SKUs to the correct networks. Each SKU may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point

Answer:

Explanation:
Explanation

References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#gwsku


NEW QUESTION # 253
You have an Azure Active Directory (Azure AD) tenant.
You have the deleted objects shown in the following table.

On May 4, 2020, you attempt to restore the deleted objects by using the Azure Active Directory admin center.
Which two objects can you restore? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Group2
  • B. Group1
  • C. User2
  • D. User1

Answer: A,C

Explanation:
Section: [none]
Explanation:
Deleted users and deleted Office 365 groups are available for restore for 30 days.
You cannot restore a deleted security group.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-restore-deleted


NEW QUESTION # 254
......

AZ-500 Practice Test Pdf Exam Material: https://www.dumptorrent.com/AZ-500-braindumps-torrent.html

AZ-500 Questions Pass on Your First Attempt Dumps for Microsoft Azure Security Engineer Associate Certified: https://drive.google.com/open?id=114dz2L0Kzjpy-hKPd1LwJZHvT5uGLq5H

Related Articles

more
Microsoft AZ-500 Certification Practice Exam

All Reliable Guide Torrent are edited by our professional education experts. If you choose to purchase our High-quality Exam Torrent and Valid Test Dumps, you will mostly pass the exams. No Pass No Pay.

Latest Exam Braindumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 DumpTorrent NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimer:
DumpTorrent doesn't offer Real CompTIA Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
DumpTorrent material do not contain actual actual Oracle Exam Questions or material.
DumpTorrent doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
DumpTorrent Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
DumpTorrent.com does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. DumpTorrent does not own or claim any ownership on any of the brands.