Microsoft AZ-500 Übungsprüfungen
Zuletzt aktualisiert am 24.04.2025- Prüfungscode: AZ-500
- Prüfungsname: Microsoft Azure Security Technologies
- Zertifizierungsanbieter: Microsoft
- Zuletzt aktualisiert am: 24.04.2025
HOTSPOT
You have an Azure subscription that contains a user named User1 and a storage account named storage1.
The storage1 account contains the resources shown in the following table.
In storage1, you create a shared access signature (SAS) named SAS1 as shown in the following exhibit.
To which resources can User! write on July 1, 2022 by using SAS1 and key 1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a storage account and an Azure web app named App1.
App1 connects to an Azure Cosmos DB database named Cosmos1 that uses a private endpoint named Endpoint1. Endpoint1 has the default settings.
You need to validate the name resolution to Cosmos1.
Which DNS zone should you use?
- A . Endpoint1. Privatelink,blob,core,windows,net
- B . Endpoint1. Privatelink,database,azure,com
- C . Endpoint1. Privatelink,azurewebsites,net
- D . Endpoint1. Privatelink,documents,azure,com
You have an Azure subscription that contains a resource group named RG1 and the identities shown in the following table.
You assign Group4 the Contributor role for RG1.
Which identities can you add to Group4 as members?
- A . User1 only
- B . User1 and Group3 only
- C . User1, Group1, and Group3 only
- D . User1, Group2, and Group3 only
- E . User1, Group1, Group2, and Group3
HOTSPOT
You have an Azure subscription named Subcription1 that contains the resources shown in the following table.
You have an Azure subscription named Subcription2 that contains the following resources:
– An Azure Sentinel workspace
– An Azure Event Grid instance
You need to ingest the CEF messages from the NVAs to Azure Sentinel. NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains an Azure SQL database named DB1 in the East US Azure region.
You create the storage accounts shown in the following table.
You plan to enable auditing for DB1.
Which storage accounts can you use as the auditing destination for DB1?
- A . storage1 only
- B . storage1 and storage4 only
- C . Storage2 and storage3 only
- D . storage1, storage2 and storage3 only
You have an Azure subscription that uses Microsoft Defender for Cloud.
You have an Amazon Web Services (AWS) account.
You need to add the AWS account to Defender for Cloud.
What should you do first?
- A . From the Azure portal, add the AWS enterprise application.
- B . From the AWS account, enable a security hub.
- C . From Defender for Cloud, configure the Security solutions settings.
- D . From Defender for Cloud, configure the Environment settings.
You have an Azure key vault named Vault1 that stores the resources shown in the following table.
Which resources support the creation of a rotation policy?
- A . Key 1 only
- B . Cert1 only
- C . Key1 and Secret1 only
- D . Key1 and Cert1 only
- E . Secret1 and Cert1 only
- F . Key1, Secret1, and Cert1
You have an Azure subscription that contains an Azure key vault.
The role assignments for the key vault are shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
HOTSPOT
What is the membership of Group1 and Group2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure subscription named Sub1. Sub1 contains a virtual network named VNet1 that contains one subnet named Subnet1.
Subnet1 contains an Azure virtual machine named VM1 that runs Ubuntu Server 20.04.
You create a service endpoint for Microsoft. Storage in Subnet1.
You need to ensure that when you deploy Docker containers to VM1, the containers can access Azure Storage resources by using the service endpoint.
What should you do on VM1 before you deploy the container?
- A . Create an application security group and a network security group (NSG).
- B . Install the container network interface (CNI) plug-in.
- C . Edit the docker-compose.ym1 file.