Certs Club
Home
Oracle Microsoft Cisco CompTIA Salesforce Amazon AACE International Acams Anthropic Apple View All Vendors →
Login Register

Microsoft AZ-500 - Microsoft Azure Security Technologies Certification Exam

Download Exam View Entire Exam
Page: 1 / 2
Question #1 (Topic: demo questions)

You need to configure WebApp1 to meet the data and application requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A.
Upload a public certificate.
B.
Turn on the HTTPS Only protocol setting.
C.
Set the Minimum TLS Version protocol setting to 1.2.
D.
Change the pricing tier of the App Service plan.
E.
Turn on the Incoming client certificates protocol setting.
Correct Answer: B
Explanation:
The correct answers are B. Turn on the HTTPS Only protocol setting and E. Turn on the Incoming client certificates protocol setting. Enabling HTTPS Only ensures that all communication between users and WebApp1 is encrypted by forcing requests to use HTTPS instead of HTTP, helping to protect sensitive data during transmission. Enabling Incoming client certificates allows the application to receive and validate client certificates from users or devices, which is required when certificate-based authentication is part of the application requirements. The other options do not fully meet the stated requirements. Uploading a public certificate is primarily used for custom domain SSL configuration, setting the minimum TLS version only controls the security protocol version, and changing the App Service pricing tier is unnecessary unless a specific feature requires it. Therefore, turning on HTTPS Only and Incoming client certificates is the correct solution.
Question #2 (Topic: demo questions)

You need to ensure that you can meet the security operations requirements.
What should you do first?

A.
Turn on Auto Provisioning in Security Center.

B.
Integrate Security Center and Microsoft Cloud App Security.

C.
Upgrade the pricing tier of Security Center to Standard.
D.
Modify the Security Center workspace configuration.
Correct Answer: C
Explanation:
The Standard tier extends the capabilities of the Free tier to workloads running in private and other
public clouds, providing unified security management and threat protection across your hybrid cloud
workloads. The Standard tier also adds advanced threat detection capabilities, which uses built-in
behavioral analytics and machine learning to identify attacks and zero-day exploits, access and
application controls to reduce exposure to network attacks and malware, and more.
Scenario: Security Operations Requirements
Litware must be able to customize the operating system security configurations in Azure Security
Center.
Question #3 (Topic: demo questions)

You need to ensure that users can access VM0. The solution must meet the platform
protection requirements. What should you do?

A.
Move VM0 to Subnet1.
B.
On
Firewall, configure a network traffic filtering rule.
C.
Assign RT1 to
AzureFirewallSubnet.
D.
On Firewall, configure a DNAT rule.
Correct Answer: D
Explanation:
The correct answer is D. On Firewall, configure a DNAT (Destination Network Address Translation) rule. When a virtual machine is protected behind Azure Firewall, inbound internet traffic cannot reach the VM directly. To allow users to access VM0 while still meeting the platform protection requirements, Azure Firewall must translate incoming requests on its public IP address to the private IP address of the VM. This is achieved by configuring a DNAT rule. The other options do not provide external access to the VM. Moving the VM to another subnet, assigning a route table to AzureFirewallSubnet, or configuring a network traffic filtering rule alone will not publish the VM for inbound connections. Therefore, a DNAT rule is required to securely enable user access to VM0 through Azure Firewall.
Question #4 (Topic: demo questions)

HOTSPOT
You need to create Role1 to meet the platform protection requirements.
How should you complete the role definition of Role1? To answer, select the appropriate options in
the answer area.
NOTE: Each correct selection is worth one point.

A.


Correct Answer: A
Explanation:
Explanation:
1) Microsoft.Compute/
2) disks
3) /subscrption/{subscriptionId}/resourceGroups/{Resource Group Id}
A new custom RBAC role named Role1 must be used to delegate the administration of the managed
disks in Resource Group1. Role1 must be available only for Resource Group1.
Question #5 (Topic: demo questions)

You need to meet the identity and access requirements for Group1.
What should you do?

A.
Add a membership rule to Group1.
B.
Delete Group1. Create a new group named Group1 that has a membership type of Office 365. Add
users and devices to the group.
C.
Modify the membership rule of Group1.
D.
Change the membership type of Group1 to Assigned. Create two groups that have dynamic
memberships. Add the new groups to Group1.
Next Question
Correct Answer: D
Explanation:

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamicmembership
Scenario:
Litware identifies the following identity and access requirements: All San Francisco users and their
devices must be members of Group1.
The tenant currently contain this group: