Win IT Exam with Last Dumps 2025

Microsoft AZ-500 Exam

Page 28/45
Viewing Questions 271 280 out of 443 Questions
62.22%

Question 271
HOTSPOT -
You have an Azure Sentinel workspace that has the following data connectors:
- Azure Active Directory Identity Protection
- Common Event Format (CEF)
Azure Firewall -
You need to ensure that data is being ingested from each connector.
From the Logs query window, which table should you query for each connector? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-500_271Q.png related to the Microsoft AZ-500 Exam
Image AZ-500_271R.png related to the Microsoft AZ-500 Exam



Reference:
https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-ad-identity-protection
https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-firewall
https://docs.microsoft.com/en-us/azure/sentinel/connect-data-sources

Question 272
You have 10 on-premises servers that run Windows Server 2019.
You plan to implement Azure Security Center vulnerability scanning for the servers.
What should you install on the servers first?



Reference:
https://docs.microsoft.com/en-us/azure/azure-arc/servers/agent-overview
https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm

Question 273
HOTSPOT -
You have an Azure subscription that contains three storage accounts, an Azure SQL managed instance named SQL1, and three Azure SQL databases.
The storage accounts are configured as shown in the following table.
AZ-500_273Q_1.png related to the Microsoft AZ-500 Exam
SQL1 has the following settings:
- Auditing: On
- Audit log destination: storage1
The Azure SQL databases are configured as shown in the following table.
AZ-500_273Q_2.png related to the Microsoft AZ-500 Exam
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-500_273Q_3.png related to the Microsoft AZ-500 Exam
Image AZ-500_273R.png related to the Microsoft AZ-500 Exam



Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/managed-instance/auditing-configure
https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview

Question 274
You have an Azure subscription name Sub1 that contains an Azure Policy definition named Policy1. Policy1 has the following settings:
- Definition location: Tenant Root Group
- Category: Monitoring
You need to ensure that resources that are noncompliant with Policy1 are listed in the Azure Security Center dashboard.
What should you do first?



Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview

Question 275
You have an Azure subscription.
You plan to create a workflow automation in Azure Security Center that will automatically remediate a security vulnerability.
What should you create first?



Reference:
https://docs.microsoft.com/en-us/azure/security-center/workflow-automation


Question 276
SIMULATION -
A user named Debbie has the Azure app installed on her mobile device.
You need to ensure that [email protected] is alerted when a resource lock is deleted.
To complete this task, sign in to the Azure portal.



You need to configure an alert rule in Azure Monitor.
1. Type Monitor into the search box and select Monitor from the search results.
2. Click on Alerts.
3. Click on +New Alert Rule.
4. In the Scope section, click on the Select resource link.
5. In the Filter by resource type box, type locks and select Management locks (locks) from the filtered results.
6. Select the subscription then click the Done button.
7. In the Condition section, click on the Select condition link.
8. Select the Delete management locks condition the click the Done button.
9. In the Action group section, click on the Select action group link.
10.Click the Create action group button to create a new action group.
11.Give the group a name such as Debbie Mobile App (it doesn't matter what name you enter for the exam) then click the Next: Notifications > button.
12.In the Notification type box, select the Email/SMS message/Push/Voice option.
13.In the Email/SMS message/Push/Voice window, tick the Azure app Push Notifications checkbox and enter [email protected] in the Azure account email field.
14.Click the OK button to close the window.
15.Enter a name such as Debbie Mobile App in the notification name box.
16.Click the Review & Create button then click the Create button to create the action group.
17.Back in the Create alert rule window, in the Alert rule details section, enter a name such as Management lock deletion in the Alert rule name field.
18.Click the Create alert rule button to create the alert rule.

Question 277
SIMULATION -
You plan to connect several Windows servers to the WS12345678 Azure Log Analytics workspace.
You need to ensure that the events in the System event logs are collected automatically to the workspace after you connect the Windows servers.
To complete this task, sign in to the Azure portal and modify the Azure resources.



Azure Monitor can collect events from the Windows event logs or Linux Syslog and performance counters that you specify for longer term analysis and reporting, and take action when a particular condition is detected. Follow these steps to configure collection of events from the Windows system log and Linux Syslog, and several common performance counters to start with.
Data collection from Windows VM -
1. In the Azure portal, locate the WS12345678 Azure Log Analytics workspace then select Advanced settings.
AZ-500_277E.jpg related to the Microsoft AZ-500 Exam
2. Select Data, and then select Windows Event Logs.
3. You add an event log by typing in the name of the log. Type System and then select the plus sign +.
4. In the table, check the severities Error and Warning. (for this question, select all severities to ensure that ALL logs are collected).
5. Select Save at the top of the page to save the configuration.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-azurevm

Question 278
SIMULATION -
You need to ensure that the AzureBackupReport log for the Vault1 Recovery Services vault is stored in the WS12345678 Azure Log Analytics workspace.
To complete this task, sign in to the Azure portal and modify the Azure resources.



1. In the Azure portal, type Recovery Services Vaults in the search box, select Recovery Services Vaults from the search results then select Vault1.
Alternatively, browse to Recovery Services Vaults in the left navigation pane.
2. In the properties of Vault1, scroll down to the Monitoring section and select Diagnostic Settings.
3. Click the Add a diagnostic setting link.
4. Enter a name in the Diagnostic settings name box.
5. In the Log section, select AzureBackupReport.
AZ-500_278E_1.png related to the Microsoft AZ-500 Exam
6. In the Destination details section, select Send to log analytics
AZ-500_278E_2.png related to the Microsoft AZ-500 Exam
7. Select the WS12345678 Azure Log Analytics workspace.
8. Click the Save button to save the changes.
Reference:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-diagnostic-events

Question 279
SIMULATION -
You need to ensure that the audit logs from the SQLdb1 Azure SQL database are stored in the WS12345678 Azure Log Analytics workspace.
To complete this task, sign in to the Azure portal and modify the Azure resources.



1. In the Azure portal, type SQL in the search box, select SQL databases from the search results then select SQLdb1. Alternatively, browse to SQL databases in the left navigation pane.
2. In the properties of SQLdb1, scroll down to the Security section and select Auditing.
3. Turn auditing on if it isn't already, tick the Log Analytics checkbox then click on Configure.
AZ-500_279E.png related to the Microsoft AZ-500 Exam
4. Select the WS12345678 Azure Log Analytics workspace.
5. Click Save to save the changes.

Question 280
HOTSPOT -
You are configuring just in time (JIT) VM access to a Windows Server 2019 Azure virtual machine.
You need to grant users PowerShell access to the virtual machine by using JIT VM access.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-500_280Q.jpg related to the Microsoft AZ-500 Exam
Image AZ-500_280R.jpg related to the Microsoft AZ-500 Exam