Win IT Exam with Last Dumps 2025

Microsoft AZ-500 Exam

Page 29/45
Viewing Questions 281 290 out of 443 Questions
64.44%

Question 281
HOTSPOT -
You have an Azure subscription that contains the resources shown in the following table.
AZ-500_281Q_1.png related to the Microsoft AZ-500 Exam
You create the Azure Storage accounts shown in the following table.
AZ-500_281Q_2.png related to the Microsoft AZ-500 Exam
You need to configure auditing for SQL1.
Which storage accounts and Log Analytics workspaces can you use as the audit log destination? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-500_281Q_3.jpg related to the Microsoft AZ-500 Exam
Image AZ-500_281R.jpg related to the Microsoft AZ-500 Exam




Question 282
You are troubleshooting a security issue for an Azure Storage account.
You enable the diagnostic logs for the storage account.
What should you use to retrieve the diagnostics logs?



If you want to download the metrics for long-term storage or to analyze them locally, you must use a tool or write some code to read the tables. You must download the minute metrics for analysis. The tables do not appear if you list all the tables in your storage account, but you can access them directly by name.
Many storage-browsing tools are aware of these tables and enable you to view them directly (see Azure Storage Client Tools for a list of available tools).
Microsoft provides several graphical user interface (GUI) tools for working with the data in your Azure Storage account. All of the tools outlined in the following table are free.
AZ-500_282E.png related to the Microsoft AZ-500 Exam
Note:
There are several versions of this question in the exam. The questions in the exam have two different correct answers:
1. Azure Storage Explorer
2. AZCopy
Other incorrect answer options you may see on the exam include the following:
1. Azure Monitor
2. The Security & Compliance admin center
3. Azure Cosmos DB explorer
4. Azure Monitor
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-analytics-metrics?toc=%2fazure%2fstorage%2fblobs%2ftoc.json
https://docs.microsoft.com/en-us/azure/storage/common/storage-explorers

Question 283
You are troubleshooting a security issue for an Azure Storage account.
You enable Azure Storage Analytics logs and archive it to a storage account.
What should you use to retrieve the diagnostics logs?




Question 284
You have an Azure Sentinel workspace.
You need to create a playbook.
Which two triggers will start the playbook? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.



Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook

Question 285
You are troubleshooting a security issue for an Azure Storage account.
You enable Azure Storage Analytics logs and archive it to a storage account.
What should you use to retrieve the diagnostics logs?





Question 286
You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.
You plan to enable passwordless authentication for the tenant.
You need to ensure that User1 can enable the combined registration experience. The solution must use the principle of least privilege.
Which role should you assign to User1?



Authentication Administrator.
Users with this role can set or reset any authentication method (including passwords) for non-administrators and some roles. Authentication Administrators can require users who are non-administrators or assigned to some roles to re-register against existing non-password credentials (for example, MFA or FIDO), and can also revoke remember MFA on the device, which prompts for MFA on the next sign-in.
Note: Before combined registration, users registered authentication methods for Azure AD Multi-Factor Authentication and self-service password reset (SSPR) separately. People were confused that similar methods were used for Azure AD Multi-Factor Authentication and SSPR but they had to register for both features.
Now, with combined registration, users can register once and get the benefits of both Azure AD Multi-Factor Authentication and SSPR.
Azure Active Directory role enable the combined registration experience
Incorrect:
Privileged Role Administrator.
Users with this role can manage role assignments in Azure Active Directory, as well as within Azure AD Privileged Identity Management. They can create and manage groups that can be assigned to Azure AD roles. In addition, this role allows management of all aspects of Privileged Identity Management and administrative units.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-registration-mfa-sspr-combined
https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#privileged-role-administrator

Question 287
You are troubleshooting a security issue for an Azure Storage account.
You enable Azure Storage Analytics logs and archive it to a storage account.
What should you use to retrieve the diagnostics logs?



One of the simplest ways to set/get an Azure Storage Blob's metadata is by using the cross-platform Microsoft Azure Storage Explorer, which is a standalone app from Microsoft that allows you to easily work with Azure Storage data on Windows, macOS and Linux.
Note: All logs are stored in block blobs in a container named $logs, which is automatically created when Storage Analytics is enabled for a storage account.
If you use your storage-browsing tool to navigate to the container directly, you will see all the blobs that contain your logging data. Most storage browsing tools enable you to view the metadata of blobs; you can also read this information using PowerShell or programmatically.
Reference:
https://azure.microsoft.com/en-us/features/storage-explorer/
https://docs.microsoft.com/en-us/azure/storage/common/storage-analytics-logging

Question 288
You have the Azure resources shown in the following table.
AZ-500_288Q.jpg related to the Microsoft AZ-500 Exam
You need to meet the following requirements:
- Internet-facing virtual machines must be protected by using network security groups (NSGs).
- All the virtual machines must have disk encryption enabled.
What is the minimum number of security policies that you should create in Microsoft Defender for Cloud?



Azure Policy definition Internet-facing virtual machines should be protected with network security groups. We need a security for each of the VMs for Internet- facing protection.
Note: A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.
We only need one security policy for disk encryption to apply on both for VM1 and VM2 (on all VMs).
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/policy-reference
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

Question 289
HOTSPOT -
You have an Azure subscription that contains an Azure key vault. The role assignments for the key vault are shown in the following exhibit.
AZ-500_289Q_1.jpg related to the Microsoft AZ-500 Exam
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-500_289Q_2.png related to the Microsoft AZ-500 Exam
Image AZ-500_289R.png related to the Microsoft AZ-500 Exam



Box 1: Only User1, User 2, and User4
* Owner (User1) - Has full access to all resources including the right to delegate access to others.
* Key Vault Crypto Officer (User2)
Perform any action on the keys of a key vault, except manage permissions.
* Key Vault Administrator (User 4)
Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets
Box 2: Only User1, User3, and User 4
* Key Vault Secrets Officer (User 3)
Perform any action on the secrets of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model.
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/rbac-guide

Question 290
HOTSPOT -
You have an Azure subscription that contains a blob container named cont1. Cont1 has the access policies shown in the following exhibit.
AZ-500_290Q_1.jpg related to the Microsoft AZ-500 Exam
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-500_290Q_2.jpg related to the Microsoft AZ-500 Exam
Image AZ-500_290R.jpg related to the Microsoft AZ-500 Exam



Box 1: 4 -
A container can have up to 5 stored access policies.
Maximum number of stored access policies per blob container: 5
Box 2: 1 -
Blob version supports one version-level immutability policy and one legal hold. A policy on a blob version can override a default policy specified on the account or container.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/scalability-targets
https://docs.microsoft.com/en-us/azure/storage/blobs/immutable-storage-overview