Win IT Exam with Last Dumps 2025

Microsoft AZ-500 Exam

Page 18/45
Viewing Questions 171 180 out of 443 Questions
40.00%

Question 171
SIMULATION -
You need to configure a virtual network named VNET2 to meet the following requirements:
- Administrators must be prevented from deleting VNET2 accidentally.
- Administrators must be able to add subnets to VNET2 regularly.
To complete this task, sign in to the Azure portal and modify the Azure resources.



Locking prevents other users in your organization from accidentally deleting or modifying critical resources, such as Azure subscription, resource group, or resource.
Note: In Azure, the term resource refers to an entity managed by Azure. For example, virtual machines, virtual networks, and storage accounts are all referred to as Azure resources.
1. In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET2. Alternatively, browse to
Virtual Networks in the left navigation pane.
2. In the Settings blade for virtual network VNET2, select Locks.
AZ-500_171E_1.png related to the Microsoft AZ-500 Exam
3. To add a lock, select Add.
AZ-500_171E_2.png related to the Microsoft AZ-500 Exam
4. For Lock type select Delete lock, and click OK
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

Question 172
You have an Azure virtual machine named VM1.
From Microsoft Defender for Cloud, you get the following high-severity recommendation: `Install endpoint protection solutions on virtual machine`.
You need to resolve the issue causing the high-severity recommendation.
What should you do?



Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-endpoint-protection

Question 173
HOTSPOT -
You have a file named File1.yaml that contains the following contents.
AZ-500_173Q_1.png related to the Microsoft AZ-500 Exam
You create an Azure container instance named container1 by using File1.yaml.
You need to identify where you can access the values of Variable1 and Variable2.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-500_173Q_2.png related to the Microsoft AZ-500 Exam
Image AZ-500_173R.png related to the Microsoft AZ-500 Exam



Reference:
https://docs.microsoft.com/en-us/azure/container-instances/container-instances-environment-variables

Question 174
You have an Azure subscription that contains a virtual network. The virtual network contains the subnets shown in the following table.
AZ-500_174Q_1.png related to the Microsoft AZ-500 Exam
The subscription contains the virtual machines shown in the following table.
AZ-500_174Q_2.png related to the Microsoft AZ-500 Exam
You enable just in time (JIT) VM access for all the virtual machines.
You need to identify which virtual machines are protected by JIT.
Which virtual machines should you identify?



An NSG needs to be enabled, either at the VM level or the subnet level.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time

Question 175
HOTSPOT -
You have an Azure subscription that contains the virtual machines shown in the following table.
AZ-500_175Q_1.png related to the Microsoft AZ-500 Exam
Subnet1 and Subnet2 have a Microsoft.Storage service endpoint configured.
You have an Azure Storage account named storageacc1 that is configured as shown in the following exhibit.
AZ-500_175Q_2.jpg related to the Microsoft AZ-500 Exam
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
AZ-500_175Q_3.png related to the Microsoft AZ-500 Exam
Image AZ-500_175R.png related to the Microsoft AZ-500 Exam



Box 1: Yes -
The public IP of VM1 is allowed through the firewall.
Box 2: No -
The allowed virtual network list is empty so VM2 cannot access storageacc1 directly. The public IP address of VM2 is not in the allowed IP list so VM2 cannot access storageacc1 over the Internet.
Box 3: No -
The allowed virtual network list is empty so VM3 cannot access storageacc1 directly. VM3 does not have a public IP address so it cannot access storageacc1 over the Internet.
Reference:
https://docs.microsoft.com/en-gb/azure/storage/common/storage-network-security


Question 176
HOTSPOT -
You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as shown in the following table.
AZ-500_176Q_1.png related to the Microsoft AZ-500 Exam
You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6.
Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-500_176Q_2.jpg related to the Microsoft AZ-500 Exam
Image AZ-500_176R.jpg related to the Microsoft AZ-500 Exam



An update deployment can apply to Windows VMs or Linux VMs but not both. The VMs can be in different regions, different subscriptions and different resource groups.
Update1: VM1 and VM2 only -
VM3: Windows Server 2016.
Update2: VM4 and VM5 only -
VM6: CentOS 7.5.
For Linux, the machine must have access to an update repository. The update repository can be private or public.
Reference:
https://docs.microsoft.com/en-us/azure/automation/update-management/overview

Question 177
HOTSPOT -
You have an Azure subscription named Sub1.
You create a virtual network that contains one subnet. On the subnet, you provision the virtual machines shown in the following table.
AZ-500_177Q_1.png related to the Microsoft AZ-500 Exam
Currently, you have not provisioned any network security groups (NSGs).
You need to implement network security to meet the following requirements:
- Allow traffic to VM4 from VM3 only.
- Allow traffic from the Internet to VM1 and VM2 only.
- Minimize the number of NSGs and network security rules.
How many NSGs and network security rules should you create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-500_177Q_2.jpg related to the Microsoft AZ-500 Exam
Image AZ-500_177R.jpg related to the Microsoft AZ-500 Exam



NSGs: 2 -
Network security rules: 3 -
Not 2: You cannot specify multiple service tags or application groups) in a security rule.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

Question 178
HOTSPOT -
You have an Azure key vault.
You need to delegate administrative access to the key vault to meet the following requirements:
- Provide a user named User1 with the ability to set advanced access policies for the key vault.
- Provide a user named User2 with the ability to add and delete certificates in the key vault.
- Use the principle of least privilege.
What should you use to assign access to each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-500_178Q.png related to the Microsoft AZ-500 Exam
Image AZ-500_178R.png related to the Microsoft AZ-500 Exam



User1: RBAC -
RBAC is used as the Key Vault access control mechanism for the management plane. It would allow a user with the proper identity to:
- set Key Vault access policies
- create, read, update, and delete key vaults
- set Key Vault tags
Note: Role-based access control (RBAC) is a system that provides fine-grained access management of Azure resources. Using RBAC, you can segregate duties within your team and grant only the amount of access to users that they need to perform their jobs.
User2: A key vault access policy
A key vault access policy is the access control mechanism to get access to the key vault data plane. Key Vault access policies grant permissions separately to keys, secrets, and certificates.
References:
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault

Question 179
You have Azure Resource Manager templates that you use to deploy Azure virtual machines.
You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.
What should you use?



You can use Azure Automation State Configuration to manage Azure VMs (both Classic and Resource Manager), on-premises VMs, Linux machines, AWS VMs, and on-premises physical machines. Note: Azure Automation State Configuration provides a DSC pull server similar to the Windows Feature DSC Service so that target nodes automatically receive configurations, conform to the desired state, and report back on their compliance. The built-in pull server in Azure Automation eliminates the need to set up and maintain your own pull server. Azure Automation can target virtual or physical Windows or Linux machines, in the cloud or on- premises.

Question 180
You have an Azure Container Registry named Registry1.
From Azure Security Center, you enable Azure Container Registry vulnerability scanning of the images in Registry1.
You perform the following actions:
- Push a Windows image named Image1 to Registry1.
- Push a Linux image named Image2 to Registry1.
- Push a Windows image named Image3 to Registry1.
- Modify Image1 and push the new image as Image4 to Registry1.
Modify Image2 and push the new image as Image5 to Registry1.
Which two images will be scanned for vulnerabilities? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.



Only Linux images are scanned. Windows images are not scanned.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/azure-container-registry-integration