Win IT Exam with Last Dumps 2025

Microsoft AZ-500 Exam

Page 33/45
Viewing Questions 321 330 out of 443 Questions
73.33%

Question 321
You have an Azure subscription that contains an Azure SQL database named SQL1 and an Azure key vault named KeyVault1. KeyVault1 stores the keys shown in the following table.
AZ-500_321Q.png related to the Microsoft AZ-500 Exam
You need to configure Transparent Data Encryption (TDE). TDE will use a customer-managed key for SQL1.
Which keys can you use?



The key must be an asymmetric, RSA or RSA HSM key. The supported key lengths are 2048-bit and 3072-bit.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview

Question 322
SIMULATION -
You plan to use Azure Disk Encryption for several virtual machine disks.
You need to ensure that Azure Disk Encryption can retrieve secrets from the KeyVault12345678 Azure key vault.
To complete this task, sign in to the Azure portal and modify the Azure resources.



1. In the Azure portal, type Key Vaults in the search box, select Key Vaults from the search results then select KeyVault12345678. Alternatively, browse to Key
Vaults in the left navigation pane.
2. In the Key Vault properties, scroll down to the Settings section and select Access Policies.
3. Select the Azure Disk Encryption for volume encryption
AZ-500_322E.png related to the Microsoft AZ-500 Exam
4. Click Save to save the changes.

Question 323
HOTSPOT -
You have an Azure subscription that contains a web app named App1 and an Azure key vault named Vault1.
You need to configure App1 to store and access the secrets in Vault1.
How should you configure App1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-500_323Q.png related to the Microsoft AZ-500 Exam
Image AZ-500_323R.png related to the Microsoft AZ-500 Exam



Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet

Question 324
HOTSPOT -
You have an Azure key vault named KeyVault1 that contains the items shown in the following table.
AZ-500_324Q_1.png related to the Microsoft AZ-500 Exam
In KeyVault1, the following events occur in sequence:
- Item1 is deleted.
- Item2 and Policy1 are deleted.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-500_324Q_2.jpg related to the Microsoft AZ-500 Exam
Image AZ-500_324R.jpg related to the Microsoft AZ-500 Exam



Box1: No -
Policies cannot be recovered.
Box2: Soft delete is enabled by default on all key vaults. You cannot add a new key named Item1 because an object named Item1 exists in a soft-deleted state.
Box3: Soft delete is now enabled by default on all key vaults so you can recover Item2.
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview
https://docs.microsoft.com/en-us/azure/key-vault/general/soft-delete-change

Question 325
You have an Azure SQL Database server named SQL1.
For SQL1, you turn on Azure Defender for SQL to detect all threat detection types.
Which action will Azure Defender for SQL detect as a threat?



Advanced Threat Protection can detect potential SQL injections: This alert is triggered when an active exploit happens against an identified application vulnerability to SQL injection. This means the attacker is trying to inject malicious SQL statements using the vulnerable application code or stored procedures.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql


Question 326
HOTSPOT -
You have the Azure Information Protection labels as shown in the following table.
AZ-500_326Q_1.png related to the Microsoft AZ-500 Exam
You have the Azure Information Protection policies as shown in the following table.
AZ-500_326Q_2.png related to the Microsoft AZ-500 Exam
You need to identify how Azure Information Protection will label files.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-500_326Q_3.jpg related to the Microsoft AZ-500 Exam
Image AZ-500_326R.jpg related to the Microsoft AZ-500 Exam



Box 1: Label 2 only -
How multiple conditions are evaluated when they apply to more than one label
1. The labels are ordered for evaluation, according to their position that you specify in the policy: The label positioned first has the lowest position (least sensitive) and the label positioned last has the highest position (most sensitive).
2. The most sensitive label is applied.
3. The last sublabel is applied.
Box 2: No Label -
Automatic classification applies to Word, Excel, and PowerPoint when documents are saved, and apply to Outlook when emails are sent. Automatic classification does not apply to Microsoft Notepad.
Reference:
https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-classification

Question 327
Your company uses Azure DevOps.
You need to recommend a method to validate whether the code meets the company's quality standards and code review standards.
What should you recommend implementing in Azure DevOps?



Branch policies help teams protect their important branches of development. Policies enforce your team's code quality and change management standards.
Reference:
https://docs.microsoft.com/en-us/azure/devops/repos/git/branch-policies?view=azure-devops&viewFallbackFrom=vsts

Question 328
SIMULATION -
You need to ensure that User2-1234578 has all the key permissions for KeyVault1234578.
To complete this task, sign in to the Azure portal and modify the Azure resources.



You need to assign the user the Key Vault Secrets Officer role.
1. In the Azure portal, type Key Vaults in the search box, select Key Vaults from the search results then select KeyVault1234578. Alternatively, browse to Key
Vaults in the left navigation pane.
2. In the key vault properties, select Access control (IAM).
3. In the Add a role assignment section, click the Add button.
4. In the Role box, select the Key Vault Secrets Officer role from the drop-down list.
5. In the Select box, start typing User2-1234578 and select User2-1234578 from the search results.
6. Click the Save button to save the changes.

Question 329
You have an Azure web app named WebApp1.
You upload a certificate to WebApp1.
You need to make the certificate accessible to the app code of WebApp1.
What should you do?



Reference:
https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code

Question 330
HOTSPOT -
You have the Azure key vaults shown in the following table.
AZ-500_330Q_1.png related to the Microsoft AZ-500 Exam
KV1 stores a secret named Secret1 and a key for a managed storage account named Key1.
You back up Secret1 and Key1.
To which key vaults can you restore each backup? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-500_330Q_2.png related to the Microsoft AZ-500 Exam
Image AZ-500_330R.png related to the Microsoft AZ-500 Exam



The backups can only be restored to key vaults in the same subscription and same geography. You can restore to a different region in the same geography.