Win IT Exam with Last Dumps 2025

Microsoft AZ-500 Exam

Page 37/45
Viewing Questions 361 370 out of 443 Questions
82.22%

Question 361
SIMULATION -
You need to enable Advanced Data Security for the SQLdb1 Azure SQL database. The solution must ensure that Azure Advanced Threat Protection (ATP) alerts are sent to [email protected].
To complete this task, sign in to the Azure portal and modify the Azure resources.



1. In the Azure portal, type SQL in the search box, select SQL databases from the search results then select SQLdb1. Alternatively, browse to SQL databases in the left navigation pane.
2. In the properties of SQLdb1, scroll down to the Security section and select Advanced data security.
3. Click on the Settings icon.
4. Tick the Enable Advanced Data Security at the database level checkbox.
5. Click Yes at the confirmation prompt.
6. In the Storage account select a storage account if one isn't selected by default.
7. Under Advanced Threat Protection Settings, enter [email protected] in the Send alerts to box.
8. Click the Save button to save the changes.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/advanced-data-security

Question 362
SIMULATION -
You need to configure a weekly backup of an Azure SQL database named Homepage. The backup must be retained for eight weeks.
To complete this task, sign in to the Azure portal.



You need to configure the backup policy for the Azure SQL database.
1. In the Azure portal, type Azure SQL Database in the search box, select Azure SQL Database from the search results then select Homepage. Alternatively, browse to Azure SQL Database in the left navigation pane.
2. Select the server hosting the Homepage database and click on Manage backups.
3. Click on Configure policies.
4. Ensure that the Weekly Backups option is ticked.
5. Configure the How long would you like weekly backups to be retained option to 8 weeks.
6. Click Apply to save the changes.

Question 363
SIMULATION -
You need to ensure that when administrators deploy resources by using an Azure Resource Manager template, the deployment can access secrets in an Azure key vault named KV12345678.
To complete this task, sign in to the Azure portal.



You need to configure an option in the Advanced Access Policy of the key vault.
1. In the Azure portal, type Azure Key Vault in the search box, select Azure Key Vault from the search results then select the key vault named KV12345678.
Alternatively, browse to Azure Key Vault in the left navigation pane.
2. In the properties of the key vault, click on Advanced Access Policies.
3. Tick the checkbox labelled Enable access to Azure Resource Manager for template deployment.
4. Click Save to save the changes.

Question 364
HOTSPOT -
You have an Azure subscription that contains the storage accounts shown in the following table.
AZ-500_364Q_1.png related to the Microsoft AZ-500 Exam
You enable Azure Defender for Storage.
Which storage services of storage5 are monitored by Azure Defender for Storage, and which storage accounts are protected by Azure Defender for Storage? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-500_364Q_2.png related to the Microsoft AZ-500 Exam
Image AZ-500_364R.png related to the Microsoft AZ-500 Exam



Reference:
https://docs.microsoft.com/en-us/azure/storage/common/azure-defender-storage-configure?tabs=azure-security-center

Question 365
You have an Azure subscription that contains as Azure key vault and an Azure Storage account. The key vault contains customer-managed keys. The storage account is configured to use the customer-managed keys stored in the key vault.
You plan to store data in Azure by using the following services:
- Azure Files
- Azure Blob storage
- Azure Table storage
- Azure Queue storage
Which two services support data encryption by using the keys stored in the key vault? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.



Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption


Question 366
SIMULATION -
You need to ensure that connections through an Azure Application Gateway named Homepage-AGW are inspected for malicious requests.
To complete this task, sign in to the Azure portal.
You do not need to wait for the task to complete.



You need to enable the Web Application Firewall on the Application Gateway.
1. In the Azure portal, type Application gateways in the search box, select Application gateways from the search results then select the gateway named
Homepage-AGW. Alternatively, browse to Application Gateways in the left navigation pane.
2. In the properties of the application gateway, click on Web application firewall.
3. For the Tier setting, select WAF V2.
4. In the Firewall status section, click the slider to switch to Enabled.
5. In the Firewall mode section, click the slider to switch to Prevention.
6. Click Save to save the changes.

Question 367
SIMULATION -
You need to create a web app named Intranet12345678 and enable users to authenticate to the web app by using Azure Active Directory (Azure AD).
To complete this task, sign in to the Azure portal.



1. In the Azure portal, type App services in the search box and select App services from the search results.
2. Click the Create app service button to create a new app service.
3. In the Resource Group section, click the Create new link to create a new resource group.
4. Give the resource group a name such as Intranet12345678RG and click OK.
5. In the Instance Details section, enter Intranet12345678 in the Name field.
6. In the Runtime stack field, select any runtime stack such as .NET Core 3.1.
7. Click the Review + create button.
8. Click the Create button to create the web app.
9. Click the Go to resource button to open the properties of the new web app.
10.In the Settings section, click on Authentication / Authorization.
11.Click the App Service Authentication slider to set it to On.
12.In the Action to take when request is not authentication box, select Log in with Azure Active Directory.
13.Click Save to save the changes.

Question 368
DRAG DROP -
You have an Azure subscription that contains a Microsoft SQL server named Server1 and an Azure key vault named vault1. Server1 hosts a database named
DB1. Vault1 contains an encryption key named key1.
You need to ensure that you can enable Transparent Data Encryption (TDE) on DB1 by using key1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
AZ-500_368Q.jpg related to the Microsoft AZ-500 Exam
Image AZ-500_368R.jpg related to the Microsoft AZ-500 Exam



Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-configure?tabs=azure-powershell

Question 369
HOTSPOT -
You have an Azure subscription that contains an Azure key vault named KeyVault1 and the virtual machines shown in the following table.
AZ-500_369Q_1.png related to the Microsoft AZ-500 Exam
You set the Key Vault access policy to Enable access to Azure Disk Encryption for volume encryption.
KeyVault1 is configured as shown in the following exhibit.
AZ-500_369Q_2.jpg related to the Microsoft AZ-500 Exam
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-500_369Q_3.png related to the Microsoft AZ-500 Exam
Image AZ-500_369R.png related to the Microsoft AZ-500 Exam




Question 370
You have an Azure subscription that contains an Azure SQL database named DB1 in the East US Azure region.
You create the storage accounts shown in the following table.
AZ-500_370Q.jpg related to the Microsoft AZ-500 Exam
You plan to enable auditing for DB1.
Which storage accounts can you use as the auditing destination for DB1?



To enable writing to a storage account, the one has to be configured first. Storage accounts are containers used to store Azure Storage objects, including blobs, files, tables, etc, for the auditing needs, general-purpose standard storage accounts will support storing audit data trail, to learn more about storage accounts.
Incorrect:
Not A, Not C: Use a storage account in the same region as the managed instance to avoid cross-region reads/writes.
Reference:
https://www.sqlshack.com/getting-started-with-azure-sql-database-auditing-using-blob-storage/
https://docs.microsoft.com/en-us/azure/azure-sql/managed-instance/auditing-configure