Microsoft Azure Security Technologies - AZ-500 Exam Practice Test

Your company uses cloud-based resources from the following platforms:
* Azure
* Amazon Web Services (AWS)
* Google Cloud Platform (GCP)
You plan to implement Microsoft Defender for Cloud.
On which platforms can you use Defender for Cloud to protect containers and storage? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:

Explanation:
You have the Azure resource shown in the following table.

You need to meet the following requirements:
* Internet-facing virtual machines must be protected by using network security groups (NSGs).
* All the virtual machines must have disk encryption enabled.
What is the minimum number of security that you should create in Azure Security Center?
Correct Answer: B Vote an answer
You have an Azure subscription that contains a
You need to grant user1 access to blob1. The solution must ensure that the access expires after six days.
What should you use?
Correct Answer: D Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Lab Task
use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password. place your cursor in the Enter password box and click on the password below.
Azure Username: Userl [email protected]
Azure Password: GpOAe4@lDg
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 28681041
Task 1
You need to configure Azure to allow RDP connections from the Internet to a virtual machine named VM1.
The solution must minimize the attack surface of VM1.
Correct Answer:
Check below steps in explanation for Task.
Explanation:
To configure Azure to allow RDP connections from the Internet to a virtual machine named VM1, you can follow the steps below:
* Create a new inbound security rule in the network security group (NSG) that is associated with the virtual network subnet that contains VM1. The rule should allow RDP traffic from the Internet to the virtual network subnet. You can use the Azure portal, Azure PowerShell, or Azure CLI to create the rule.
* Configure the network security group (NSG) to associate it with the virtual network subnet that contains VM1.
* Configure the virtual machine to allow RDP traffic. You can use the Azure portal, Azure PowerShell, or Azure CLI to configure the virtual machine.
To minimize the attack surface of VM1, you can use the following best practices:
* Use a strong password for the local administrator account on the virtual machine.
* Use Network Security Groups (NSGs) to restrict traffic to only the necessary ports and protocols.
* Use Azure Security Center to monitor and protect your virtual machines.
You have a Microsoft Entra tenant that contains the users shown in the following table.

You configure a Conditional Access policy that has the following settings:
* Name: CAPolicy1
* Assignments
o Users or workload identities: Group1
o Target resources: All cloud apps
* Access controls
o Grant access: Require multifactor authentication
From Microsoft Authenticator settings for the tenant, the Enable and Target settings are configured as shown in the Enable and Target exhibit. (Click the Enable and Target tab.)

From Microsoft Authenticator settings for the tenant, the Configure settings are configured as shown in the Configure exhibit. (Click the Configure tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Correct Answer:

Explanation:
You have an Azure subscription named Sub1. Sub1 has an Azure Storage account named Storage1 that contains the resources shown in the following table.

You generate a shared access signature (SAS) to connect to the blob service and the file service.
Which tool can you use to access the contents in Container1 and Share! by using the SAS? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:

Explanation:
You have an Azure subscription that is linked to a Microsoft Entra tenant named contoso.com. In contoso.
com, you register an app named App1. You need to perform the following tasks for App1:
* Add and configure the Mobile and desktop applications platform.
* Add the ipaddr optional claim.
Which two settings should you select for App1? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:

Explanation:
You have three on-premises servers named Server1, Server2, and Server3 that run Windows Server1 and Server2 and located on the Internal network. Server3 is located on the premises network. All servers have access to Azure.
From Azure Sentinel, you install a Windows firewall data connector.
You need to collect Microsoft Defender Firewall data from the servers for Azure Sentinel.
What should you do?
Correct Answer: A Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
You have an Azure subscription that contains an instance of Azure Firewall Standard named AzFWL You need to identify whether you can use the following features with AzFW1:
* TLS inspection
* Threat intelligence
* The network intrusion detection and prevention systems (IDPS)
What can you use?
Correct Answer: E Vote an answer
You are configuring just in time (JIT) VM access to a set of Azure virtual machines.
You need to grant users PowerShell access to the virtual machine by using JIT VM access.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:

Explanation:
1. Read permission
2. 5986
https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained#what-permissions-are-needed- to-configure-and-use-jit
You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have the management group hierarchy shown in the following exhibit.

You create the definitions shown in the following table.

You need to use Defender for Cloud to add a security policy. Which definitions can you use as a security policy?
Correct Answer: A Vote an answer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Subscription named Sub1. Sub1 contains an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to encrypt VM1 disks by using Azure Disk Encryption.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Correct Answer:

Explanation:

References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/encrypt-disks
You have an Azure environment.
You need to identify any Azure configurations and workloads that are non-compliant with ISO 27001 standards. What should you use?
Correct Answer: B Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).