December/2020 Latest Braindump2go AZ-500 Exam Dumps with PDF and VCE Free Updated Today! Following are some new AZ-500 Real Exam Questions!
QUESTION 192
You have an Azure Active Directory (Azure AD) tenant.
You have the deleted objects shown in the following table.
On May 4, 2020, you attempt to restore the deleted objects by using the Azure Active Directory admin center.
Which two objects can you restore? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Group1
B. Group2
C. User2
D. User1
Answer: BC
Explanation:
Deleted users and deleted Office 365 groups are available for restore for 30 days.
You cannot restore a deleted security group.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-restore-deleted
QUESTION 193
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named User1.
You plan to publish several apps in the tenant.
You need to ensure that User1 can grant admin consent for the published apps.
Which two possible user roles can you assign to User1 to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Security administrator
B. Cloud application administrator
C. Application administrator
D. User administrator
E. Application developer
Answer: BC
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent
QUESTION 194
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.
When a developer attempts to register an app named App1 in the tenant, the developer receives the error message shown in the following exhibit.
You need to ensure that the developer can register App1 in the tenant.
What should you do for the tenant?
A. Modify the Directory properties.
B. Set Enable Security defaults to Yes.
C. Configure the Consent and permissions settings for enterprise applications.
D. Modify the User settings.
Answer: D
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are-added
QUESTION 195
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant and a user named User1.
The App registrations settings for the tenant are configured as shown in the following exhibit.
You plan to deploy an app named App1.
You need to ensure that User1 can register App1 in Azure AD. The solution must use the principle of least privilege.
Which role should you assign to User1?
A. App Configuration Data Owner for the subscription
B. Managed Application Contributor for the subscription
C. Cloud application administrator in Azure AD
D. Application developer in Azure AD
Answer: D
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task
QUESTION 196
You have the Azure virtual machines shown in the following table.
Each virtual machine has a single network interface.
You add the network interface of VM1 to an application security group named ASG1.
You need to identify the network interfaces of which virtual machines you can add to ASG1.
What should you identify?
A. VM2 only
B. VM2 and VM3 only
C. VM2, VM3, VM4, and VM5
D. VM2, VM3, and VM5 only
Answer: B
Explanation:
https://docs.microsoft.com/en-us/azure/virtual-network/application-security-groups
QUESTION 197
You have an Azure subscription named Subcription1 that contains an Azure Active Directory (Azure AD) tenant named contoso.com and a resource group named RG1.
You create a custom role named Role1 for contoso.com.
You need to identify where you can use Role1 for permission delegation.
What should you identify?
A. contoso.com only
B. contoso.com and RG1 only
C. contoso.com and Subscription1 only
D. contoso.com, RG1, and Subcription1
Answer: D
QUESTION 198
You have an Azure subscription.
You enable Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
Your company’s security policy for administrator accounts has the following conditions:
– The accounts must use multi-factor authentication (MFA).
– The accounts must use 20-character complex passwords.
– The passwords must be changed every 180 days.
– The accounts must be managed by using PIM.
You receive multiple alerts about administrators who have not changed their password during the last 90 days.
You need to minimize the number of generated alerts.
Which PIM alert should you modify?
A. Roles are being assigned outside of Privileged Identity Management
B. Roles don’t require multi-factor authentication for activation
C. Administrators aren’t using their privileged roles
D. Potential stale accounts in a privileged role
Answer: D
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-configure-security-alerts?tabs=new
QUESTION 199
You have an Azure Active Directory (Azure AD) tenant named Contoso.com and an Azure Kubernetes Service (AKS) cluster AKS1.
You discover that AKS1 cannot be accessed by using accounts from Contoso.com.
You need to ensure AKS1 can be accessed by using accounts from Contoso.com. The solution must minimize administrative effort.
What should you do first?
A. From Azure recreate AKS1.
B. From AKS1, upgrade the version of Kubernetes.
C. From Azure AD, implement Azure AD Premium.
D. From Azure AD, configure the User settings.
Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration-cli
QUESTION 200
You have an Azure subscription that contains an Azure Container Registry named Registry1. The subscription uses the Standard use tier of Azure Security Center.
You upload several container images to Register1.
You discover that vulnerability security scans were not performed.
You need to ensure that the images are scanned for vulnerabilities when they are uploaded to Registry1.
What should you do?
A. From the Azure portal modify the Pricing tier settings.
B. From Azure CLI, lock the container images.
C. Upload the container images by using AzCopy.
D. Push the container images to Registry1 by using Docker
Answer: A
Explanation:
https://charbelnemnom.com/scan-container-images-in-azure-container-registry-with-azure-security-center/
QUESTION 201
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You need to configure diagnostic settings for contoso.com. The solution must meet the following requirements:
– Retain logs for two years.
– Query logs by using the Kusto query language.
– Minimize administrative effort.
Where should you store the logs?
A. an Azure event hub
B. an Azure Log Analytics workspace
C. an Azure Storage account
Answer: B
QUESTION 202
You have an Azure subscription that contains the Azure Log Analytics workspaces shown in the following table.
You create the virtual machines shown in the following table.
You plan to use Azure Sentinel to monitor Windows Defender Firewall on the virtual machines.
Which virtual machines you can connect to Azure Sentinel?
A. VM1 only
B. VM1 and VM3 only
C. VM1, VM2, VM3, and VM4
D. VM1 and VM2 only
Answer: C
Explanation:
https://docs.microsoft.com/en-us/azure/sentinel/connect-windows-firewall
QUESTION 203
You have an Azure subscription that contains 100 virtual machines and has Azure Security Center Standard tier enabled.
You plan to perform a vulnerability scan of each virtual machine.
You need to deploy the vulnerability scanner extension to the virtual machines by using an Azure Resource Manager template.
Which two values should you specify in the code to automate the deployment of the extension to the virtual machines? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. the user-assigned managed identity
B. the workspace ID
C. the Azure Active Directory (Azure AD) ID
D. the Key Vault managed storage account key
E. the system-assigned managed identity
F. the primary shared key
Answer: AC
QUESTION 204
You have an Azure subscription that contains a user named Admin1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer.
Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center.
You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1.
What should you do?
A. Create and configure a network security group (NSG).
B. Create and configure an additional public IP address for VM1.
C. Replace the Basic Load Balancer with an Azure Standard Load Balancer.
D. Assign an Azure Active Directory Premium Plan 1 license to Admin1.
Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-config-asc%2Cjit-request-asc
QUESTION 205
You have an Azure Active Directory (Azure AD) tenant and a root management group.
You create 10 Azure subscriptions and add the subscriptions to the root management group.
You need to create an Azure Blueprints definition that will be stored in the root management group.
What should you do first?
A. Modify the role-based access control (RBAC) role assignments for the root management group.
B. Add an Azure Policy definition to the root management group.
C. Create a user assigned identity.
D. Create a service principal.
Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin
QUESTION 206
You have three on-premises servers named Server1, Server2, and Server3 that run Windows. Server1 and Server2 and located on the Internal network. Server3 is located on the premises network. All servers have access to Azure.
From Azure Sentinel, you install a Windows firewall data connector.
You need to collect Microsoft Defender Firewall data from the servers for Azure Sentinel.
What should you do?
A. Create an event subscription from Server1, Server2 and Server3
B. Install the On-premises data gateway on each server.
C. Install the Microsoft Agent on each server.
D. Install the Microsoft Agent on Server1 and Server2 install the on-premises data gateway on Server3.
Answer: C
Explanation:
https://docs.microsoft.com/en-us/azure/sentinel/connect-windows-firewall
QUESTION 207
You have an Azure subscription that contains several Azure SQL databases and an Azure Sentinel workspace.
You need to create a saved query in the workspace to find events reported by Advanced Threat Protection for Azure SQL Database.
What should you do?
A. From Azure CLI run the Get-AzOperationalInsightsworkspace cmdlet.
B. From the Azure SQL Database query editor, create a Transact-SQL query.
C. From the Azure Sentinel workspace, create a Kusto Query Language query.
D. From Microsoft SQL Server Management Studio (SSMS), create a Transact-SQL query.
Answer: C
QUESTION 208
You are collecting events from Azure virtual machines to an Azure Log Analytics workspace.
You plan to create alerts based on the collected events.
You need to identify which Azure services can be used to create the alerts.
Which two services should you identify? Each correct answer presents a complete solution
NOTE: Each correct selection is worth one point.
A. Azure Monitor
B. Azure Security Center
C. Azure Analytics Services
D. Azure Sentinel
E. Azure Advisor
Answer: AD
QUESTION 209
Hotspot Question
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
You create an Azure role by using the following JSON file.
You assign Role1 to User1 for RG1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#compute
QUESTION 210
SIMULATION
You need to create a new Azure Active Directory (Azure AD) directory named 10317806.onmicrosoft.com. The new directory must contain a user named user10317806 who is configured to sign in by using Azure Multi-Factor Authentication (MFA).
Answer: See the explanation below.
Explanation:
To create a new Azure AD tenant:
1. Browse to the Azure portal and sign in with an account that has an Azure subscription.
2. Select the plus icon (+) and search for Azure Active Directory.
3. Select Azure Active Directory in the search results.
4. Select Create.
5. Provide an Organization name (10317806) and an Initial domain name (10317806). Then select Create. This will create the directory named
10317806.onmicrosoft.com.
6. After directory creation is complete, select the information box to manage your new directory.
To create the user:
1. In the Azure portal, make sure you are on the Azure Active Directory fly out.
If not, select the Azure Active Directory icon from the left services navigation.
2. Under Manage, select Users.
3. Select All users and then select + New user.
4. Provide a Name and User name (user10317806) for the user. When you’re done, select Create.
To enable MFA:
1. In the Azure portal, make sure you are on the Azure Active Directory fly out.
If not, select the Azure Active Directory icon from the left services navigation.
2. Under Manage, select Users.
3. Click on the Multi-Factor Authentication link.
4. Tick the checkbox next to the user’s name and click the Enable link.
Reference:
https://docs.microsoft.com/en-us/power-bi/developer/create-an-azure-active-directory-tenant
QUESTION 211
Hotspot Question
You have the hierarchy of Azure resources shown in the following exhibit.
You create the Azure Blueprints definitions shown in the following table.
To which objects can you assign Blueprint1 and Blueprint2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Blueprints can only be assigned to subscriptions.
QUESTION 212
Hotspot Question
You have an Azure subscription that contains a user named Admin1 and a resource group named RG1.
In Azure Monitor, you create the alert rules shown in the following table.
Admin1 performs the following actions on RG1:
– Adds a virtual network named VNET1
– Adds a Delete lock named Lock1
Which rules will trigger an alert as a result of the actions of Admin1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Resources From:
1.2020 Latest Braindump2go AZ-500 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/az-500.html
2.2020 Latest Braindump2go AZ-500 PDF and VCE Dumps Free Share:
https://drive.google.com/drive/folders/1sQAsVdJ79oBKFiswxjUzGT6Gt6a6PYWl?usp=sharing
3.2020 Free Braindump2go AZ-500 PDF Download:
https://www.braindump2go.com/free-online-pdf/AZ-500-PDF-Dumps(192-202).pdf
https://www.braindump2go.com/free-online-pdf/AZ-500-VCE-Dumps(203-212).pdf
Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!