The latest updated Microsoft AZ-500 exam dumps and free AZ-500 exam practice questions and answers! Latest updates from leads4pass Microsoft AZ-500 Dumps PDF and AZ-500 Dumps VCE, leads4pass AZ-500 exam questions updated and answers corrected! Get the full Microsoft AZ-500 dumps from https://www.leads4pass.com/az-500.html (VCE&PDF)
Latest AZ-500 PDF for free
Share the Microsoft AZ-500 Dumps PDF for free From leads4pass AZ-500 Dumps part of the distraction collected on Google Drive shared by leads4pass
https://drive.google.com/file/d/1ZTuEy5t-Bem6PA2L9VKGS_2am_QS88pT/
The latest updated Microsoft AZ-500 Exam Practice Questions and Answers Online Practice Test is free to share from leads4pass (Q1-Q13)
QUESTION 1
DRAG DROP
You have an Azure Storage account named storage1 and an Azure virtual machine named VM1. VM1 has a premium
SSD-managed disk.
You need to enable Azure Disk Encryption for VM1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault
QUESTION 2
SIMULATION
You need to configure network connectivity between a virtual network named VNET1 and a virtual network named
VNET2. The solution must ensure that virtual machines connected to VNET1 can communicate with virtual machines
connected to VNET2.
To complete this task, sign in to the Azure portal and modify the Azure resources.
A. See the below.
Correct Answer: A
You need to configure VNet Peering between the two networks. The question states, “The solution must ensure that
virtual machines connected to VNET1 can communicate with virtual machines connected to VNET2”. It doesn\\’t says the
VMs on VNET2 should be able to communicate with VMs on VNET1. Therefore, we need to configure the peering to
allow just one-way communication.
1.
In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select
VNET1. Alternatively, browse Virtual Networks in the left navigation pane.
2.
In the properties of VNET1, click on Peerings.
3.
In the Peerings blade, click Add to add a new peering.
4.
In the Name of the peering from VNET1 to a remote virtual network box, enter a name such as VNET1-VNET2 (this is the
name that the peering will be displayed as in VNET1)
5.
In the Virtual Network box, select VNET2.
6.
In the Name of the peering from the remote virtual network to the VNET1 box, enter a name such as VNET2-VNET1 (this is the
name that the peering will be displayed as in VNET2). There is an option Allow virtual network access from VNET to
the remote virtual network. This should be left as Enabled.
7.
For the option Allow virtual network access from the remote network to VNET1, click the slider button to Disabled.
8.
Click the OK button to save the changes.
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering
QUESTION 3
SIMULATION
You plan to use Azure Disk Encryption for several virtual machine disks.
You need to ensure that Azure Disk Encryption can retrieve secrets from the KeyVault11641655 Azure key vault.
To complete this task, sign in to the Azure portal and modify the Azure resources.
A. See the below.
Correct Answer: A
1.
In the Azure portal, type Key Vaults in the search box, select Key Vaults from the search results then select
KeyVault11641655. Alternatively, browse to Key Vaults in the left navigation pane.
2.
In the Key Vault properties, scroll down to the Settings section and select Access Policies.
3.
Select the Azure Disk Encryption for volume encryption
4.
Click Save to save the changes.
QUESTION 4
You have an Azure subscription named Subcription1 that contains an Azure Active Directory (Azure AD) tenant named
contoso.com and a resource group named RG1.
You create a custom role named Role1 for contoso.com.
You need to identify where you can use Role1 for permission delegation.
What should you identify?
A. contoso.com only
B. contoso.com and RGT only
C. contoso.com and Subscription1 only
D. contoso.com, RG1, and Subcription1
Correct Answer: D
QUESTION 5
DRAG DROP
You have an Azure subscription that contains the following resources:
1.
A virtual network named VNET1 contains two subnets named Subnet1 and Subnet2.
2.
A virtual machine named VM1 has only a private IP address and connects to Subnet1.
You need to ensure that Remote Desktop connections can be established to VM1 from the internet.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
QUESTION 6
You need to deploy AKS1 to meet the platform protection requirements.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to
the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Select and Place:
Correct Answer:
QUESTION 7
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
From Azure AD Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as
shown in the following exhibit.
From PIM, you assign the Security Administrator role to the following groups:
1.
Group1: Active assignment type, permanently assigned
2.
Group2: Eligible assignment type, permanently eligible
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Box 1: Yes
Eligible Type: A role assignment that requires a user to perform one or more actions to use the role. If a user has been
made eligible for a role, that means they can activate the role when they need to perform privileged tasks. There\\’s no
difference in the access given to someone with a permanent versus an eligible role assignment. The only difference is
that some people don\\’t need that access all the time.
You can choose from two assignment duration options for each assignment type (eligible and active) when you
configure settings for a role. These options become the default maximum duration when a user is assigned to the role
in
Privileged Identity Management.
Use the Activation maximum duration slider to set the maximum time, in hours, that a role stays active before it expires.
This value can be from one to 24 hours.
Box 2: Yes
Active Type: A role assignment that doesn\\’t require a user to perform any action to use the role. Users assigned as
active have the privileges assigned to the role
Box 3: Yes
User3 is a member of Group2.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
https://docs.microsoft.com/bs-cyrl-ba/azure/active-directory/privileged-identity-management/pim-resource-rolesconfigure-role-settings
QUESTION 8
DRAG DROP
You have an Azure subscription named Sub1.
You have an Azure Active Directory (Azure AD) group named Group1 that contains all the members of your IT team.
You need to ensure that the members of Group1 can stop, start, and restart the Azure virtual machines in Sub1. the solution must use the principle of least privilege.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
References: https://www.petri.com/cloud-security-create-custom-rbac-role-microsoft-azure
QUESTION 9
HOTSPOT
You have an Azure subscription named Subcription1 that contains the resources shown in the following table.
You have an Azure subscription named Subcription2 that contains the following resources:
1. An Azure Sentinel workspace
2. An Azure Event Grid instance
You need to ingest the CEF messages from the NVAs to Azure Sentinel.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
QUESTION 10
You have an Azure subscription that contains a virtual machine named VM1.
You create an Azure key vault that has the following configurations:
Name: Vault5 Region: West US Resource group: RG1
You need to use Vault5 to enable Azure Disk Encryption on VM1. The solution must support backing up VM1 by using
Azure Backup.
Which key vault settings should you configure?
A. Access policies
B. Secrets
C. Keys
D. Locks
Correct Answer: A
References: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault
QUESTION 11
You have the Azure virtual machines shown in the following table.
Each virtual machine has a single network interface.
You add the network interface of VM1 to an application security group named ASG1.
You need to identify the network interfaces of which virtual machines you can add to ASG1.
What should you identify?
A. VM2 only
B. VM2, VM3, VM4, and VM5
C. VM2, VM3, and VM5 only
D. VM2 and VM3 only
Correct Answer: D
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/application-security-groups
QUESTION 12
HOTSPOT
You need to ensure that the Azure AD application registration and consent configurations meet the identity and access
requirements.
What should you use in the Azure portal? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-user-consent
QUESTION 13
SIMULATION
You need to add the network interface of a virtual machine named VM1 to an application security group named ASG1.
To complete this task, sign in to the Azure portal.
A. See the below.
Correct Answer: A
1.
In the Search resources, services, and docs box at the top of the portal, begin typing the name of a virtual machine,
VM1 has a network interface that you want to add to or remove from, an application security group.
2.
When the name of your VM appears in the search results, select it.
3.
Under SETTINGS, select Networking. Select Configure the application security groups, select the application security
groups that you want to add the network interface to, or unselect the application security groups that you want to
remove the network interface from, and then select Save.
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
Fulldumps shares the latest updated Microsoft AZ-500 exam exercise questions, AZ-500 dumps pdf for free.
All exam questions and answers come from the leads4pass exam dumps shared part! leads4pass updates throughout the year and shares a portion of your exam questions for free to help you understand the exam content and enhance your exam experience!
Get the full Microsoft AZ-500 exam dumps questions at https://www.leads4pass.com/az-500.html (pdf&vce)
ps.
Get free Microsoft AZ-500 dumps PDF online: https://drive.google.com/file/d/1ZTuEy5t-Bem6PA2L9VKGS_2am_QS88pT/