Win IT Exam with Last Dumps 2025

Microsoft AZ-500 Exam

Page 35/45
Viewing Questions 341 350 out of 443 Questions
77.78%

Question 341
You have a hybrid configuration of Azure Active Directory (Azure AD).
All users have computers that run Windows 10 and are hybrid Azure AD joined.
You have an Azure SQL database that is configured to support Azure AD authentication.
Database developers must connect to the SQL database by using Microsoft SQL Server Management Studio (SSMS) and authenticate by using their on-premises
Active Directory account.
You need to tell the developers which authentication method to use to connect to the SQL database from SSMS. The solution must minimize authentication prompts.
Which authentication method should you instruct the developers to use?



Azure AD can be the initial Azure AD managed domain. Azure AD can also be an on-premises Active Directory Domain Services that is federated with the Azure
AD.
Using an Azure AD identity to connect using SSMS or SSDT
The following procedures show you how to connect to a SQL database with an Azure AD identity using SQL Server Management Studio or SQL Server Database
Tools.
Active Directory integrated authentication
Use this method if you are logged in to Windows using your Azure Active Directory credentials from a federated domain.
1. Start Management Studio or Data Tools and in the Connect to Server (or Connect to Database Engine) dialog box, in the Authentication box, select Active
Directory - Integrated. No password is needed or can be entered because your existing credentials will be presented for the connection.
AZ-500_341E.jpg related to the Microsoft AZ-500 Exam
2. Select the Options button, and on the Connection Properties page, in the Connect to database box, type the name of the user database you want to connect to.
(The AD domain name or tenant ID" option is only supported for Universal with MFA connection options, otherwise it is greyed out.)
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?tabs=azure-powershell

Question 342
DRAG DROP -
You have an Azure subscription named Sub1 that contains an Azure Storage account named contosostorage1 and an Azure key vault named Contosokeyvault1.
You plan to create an Azure Automation runbook that will rotate the keys of contosostorage1 and store them in Contosokeyvault1.
You need to implement prerequisites to ensure that you can implement the runbook.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
AZ-500_342Q.jpg related to the Microsoft AZ-500 Exam
Image AZ-500_342R.jpg related to the Microsoft AZ-500 Exam



Step 1: Create an Azure Automation account
Runbooks live within the Azure Automation account and can execute PowerShell scripts.
Step 2: Import PowerShell modules to the Azure Automation account
Under 'Assets' from the Azure Automation account Resources section select 'to add in Modules to the runbook. To execute key vault cmdlets in the runbook, we need to add AzureRM.profile and AzureRM.key vault.
Step 3: Create a connection resource in the Azure Automation account
You can use the sample code below, taken from the AzureAutomationTutorialScript example runbook, to authenticate using the Run As account to manage
Resource Manager resources with your runbooks. The AzureRunAsConnection is a connection asset automatically created when we created 'run as accounts' above. This can be found under Assets -> Connections. After the authentication code, run the same code above to get all the keys from the vault.
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
"Logging in to Azure..."
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
Reference:
https://www.rahulpnath.com/blog/accessing-azure-key-vault-from-azure-runbook/

Question 343
HOTSPOT -
You have an Azure Storage account that contains a blob container named container1 and a client application named App1.
You need to enable App1 access to container1 by using Azure Active Directory (Azure AD) authentication.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-500_343Q.png related to the Microsoft AZ-500 Exam
Image AZ-500_343R.png related to the Microsoft AZ-500 Exam



Reference:
https://azure.microsoft.com/en-in/blog/announcing-the-preview-of-aad-authentication-for-storage/
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/storage/common/storage-auth-aad-app.md

Question 344
HOTSPOT -
You have an Azure subscription that contains an Azure key vault named ContosoKey1.
You create users and assign them roles as shown in the following table.
AZ-500_344Q_1.png related to the Microsoft AZ-500 Exam
You need to identify which users can perform the following actions:
- Delegate permissions for ContosoKey1.
- Configure network access to ContosoKey1.
Which users should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-500_344Q_2.png related to the Microsoft AZ-500 Exam
Image AZ-500_344R.png related to the Microsoft AZ-500 Exam



Reference:
https://docs.microsoft.com/en-gb/azure/key-vault/general/rbac-guide

Question 345
You have an Azure subscription that contains four Azure SQL managed instances.
You need to evaluate the vulnerability of the managed instances to SQL injection attacks.
What should you do first?





Question 346
DRAG DROP -
You have an Azure subscription named Sub1. Sub1 contains an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to encrypt VM1 disks by using Azure Disk Encryption.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
AZ-500_346Q.png related to the Microsoft AZ-500 Exam
Image AZ-500_346R.png related to the Microsoft AZ-500 Exam



Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/encrypt-disks

Question 347
You have an Azure subscription that contains a virtual machine named VM1.
You create an Azure key vault that has the following configurations:
- Name: Vault5
- Region: West US
- Resource group: RG1
You need to use Vault5 to enable Azure Disk Encryption on VM1. The solution must support backing up VM1 by using Azure Backup.
Which key vault settings should you configure?



Reference:
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault

Question 348
You have an Azure subscription named Sub1 that contains the resources shown in the following table.
AZ-500_348Q.png related to the Microsoft AZ-500 Exam
You need to ensure that you can provide VM1 with secure access to a database on SQL1 by using a contained database user.
What should you do?




Question 349
You have an Azure subscription named Sub1 that contains the Azure key vaults shown in the following table:
AZ-500_349Q.png related to the Microsoft AZ-500 Exam
In Sub1, you create a virtual machine that has the following configurations:
- Name: VM1
- Size: DS2v2
- Resource group: RG1
- Region: West Europe
- Operating system: Windows Server 2016
You plan to enable Azure Disk Encryption on VM1.
In which key vaults can you store the encryption key for VM1?



In order to make sure the encryption secrets don't cross regional boundaries, Azure Disk Encryption needs the Key Vault and the VMs to be co-located in the same region. Create and use a Key Vault that is in the same region as the VM to be encrypted.
Reference:
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-prerequisites

Question 350
HOTSPOT -
You have an Azure subscription that contains the resources shown in the following table.
AZ-500_350Q_1.png related to the Microsoft AZ-500 Exam
User1 is a member of Group1. Group1 and User2 are assigned the Key Vault Contributor role for Vault1.
On January 1, 2019, you create a secret in Vault1. The secret is configured as shown in the exhibit. The date format YYYY-MM-DD is used on the exhibit. (Click the Exhibit tab.)
AZ-500_350Q_2.png related to the Microsoft AZ-500 Exam
User2 is assigned an access policy to Vault1. The policy has the following configurations:
- Key Management Operations: Get, List, and Restore
- Cryptographic Operations: Decrypt and Unwrap Key
- Secret Management Operations: Get, List, and Restore
Group1 is assigned an access policy to Vault1. The policy has the following configurations:
- Key Management Operations: Get and Recover
- Secret Management Operations: List, Backup, and Recover
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-500_350Q_3.png related to the Microsoft AZ-500 Exam
Image AZ-500_350R.png related to the Microsoft AZ-500 Exam