Nothing Special   »   [go: up one dir, main page]
Scribd Logo
Upload

Welcome to Scribd!

  • 113 views

    AZ-500 Exam - Free Actual Q&as, Page 2 - ExamTopics

    Uploaded by

    cotit93331
    This document contains 17 questions and answers about the AZ-500 Microsoft Azure Security Technologies certification exam. The questions cover topics like assigning roles in Azure Container Registry, configuring service endpoints and container networking on virtual machines, and using Azure Automation State Configuration to manage Windows features on virtual machines.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    AZ-500 Exam - Free Actual Q&as, Page 2 - ExamTopics

    Uploaded by

    cotit93331
    113 views6 pages
    This document contains 17 questions and answers about the AZ-500 Microsoft Azure Security Technologies certification exam. The questions cover topics like assigning roles in Azure Container Registry, configuring service endpoints and container networking on virtual machines, and using Azure Automation State Configuration to manage Windows features on virtual machines.

    Original Description:

    500

    Original Title

    AZ-500 Exam – Free Actual Q&as, Page 2 _ ExamTopics

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document contains 17 questions and answers about the AZ-500 Microsoft Azure Security Technologies certification exam. The questions cover topics like assigning roles in Azure Container Registry, configuring service endpoints and container networking on virtual machines, and using Azure Automation State Configuration to manage Windows features on virtual machines.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    113 views6 pages

    AZ-500 Exam - Free Actual Q&as, Page 2 - ExamTopics

    Uploaded by

    cotit93331
    This document contains 17 questions and answers about the AZ-500 Microsoft Azure Security Technologies certification exam. The questions cover topics like assigning roles in Azure Container Registry, configuring service endpoints and container networking on virtual machines, and using Azure Automation State Configuration to manage Windows features on virtual machines.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 6

    10/20/23, 4:49 PM AZ-500 Exam – Free Actual Q&As, Page 2 | ExamTopics

    - Expert Verified, Online, Free.

     Custom View Settings

    Question #11 Topic 1

    Your company has an Azure Container Registry.

    You have been tasked with assigning a user a role that allows for the uploading of images to the Azure Container Registry. The role assigned

    should not require more privileges than necessary.

    Which of the following is the role you should assign?

    A. Owner

    B. Contributor

    C. AcrPush Most Voted

    D. AcrPull

    Correct Answer: C

    Reference:

    https://docs.microsoft.com/bs-latn-ba/azure/container-registry/container-registry-roles

    Community vote distribution


    C (100%)

    Question #12 Topic 1

    Your company has an Azure Container Registry.

    You have been tasked with assigning a user a role that allows for the downloading of images from the Azure Container Registry. The role assigned

    should not require more privileges than necessary.

    Which of the following is the role you should assign?

    A. Reader

    B. Contributor

    C. AcrDelete

    D. AcrPull Most Voted

    Correct Answer: A

    Reference:

    https://docs.microsoft.com/bs-latn-ba/azure/container-registry/container-registry-roles

    Community vote distribution


    D (100%)

    https://www.examtopics.com/exams/microsoft/az-500/view/2/ 1/6
    10/20/23, 4:49 PM AZ-500 Exam – Free Actual Q&As, Page 2 | ExamTopics

    Question #13 Topic 1

    Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result.

    Establish if the solution satisfies the requirements.

    Your Company's Azure subscription includes a virtual network that has a single subnet configured.

    You have created a service endpoint for the subnet, which includes an Azure virtual machine that has Ubuntu Server 18.04 installed.

    You are preparing to deploy Docker containers to the virtual machine. You need to make sure that the containers can access Azure Storage

    resources and Azure

    SQL databases via the service endpoint.

    You need to perform a task on the virtual machine prior to deploying containers.

    Solution: You create an application security group.

    Does the solution meet the goal?

    A. Yes

    B. No Most Voted

    Correct Answer: B

    Community vote distribution


    B (100%)

    Question #14 Topic 1

    Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result.

    Establish if the solution satisfies the requirements.

    Your Company's Azure subscription includes a virtual network that has a single subnet configured.

    You have created a service endpoint for the subnet, which includes an Azure virtual machine that has Ubuntu Server 18.04 installed.

    You are preparing to deploy Docker containers to the virtual machine. You need to make sure that the containers can access Azure Storage

    resources and Azure

    SQL databases via the service endpoint.

    You need to perform a task on the virtual machine prior to deploying containers.

    Solution: You create an AKS Ingress controller.

    Does the solution meet the goal?

    A. Yes

    B. No Most Voted

    Correct Answer: B

    Community vote distribution


    B (100%)

    https://www.examtopics.com/exams/microsoft/az-500/view/2/ 2/6
    10/20/23, 4:49 PM AZ-500 Exam – Free Actual Q&As, Page 2 | ExamTopics

    Question #15 Topic 1

    Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result.

    Establish if the solution satisfies the requirements.

    Your Company's Azure subscription includes a virtual network that has a single subnet configured.

    You have created a service endpoint for the subnet, which includes an Azure virtual machine that has Ubuntu Server 18.04 installed.

    You are preparing to deploy Docker containers to the virtual machine. You need to make sure that the containers can access Azure Storage

    resources and Azure

    SQL databases via the service endpoint.

    You need to perform a task on the virtual machine prior to deploying containers.

    Solution: You install the container network interface (CNI) plug-in.

    Does the solution meet the goal?

    A. Yes Most Voted

    B. No

    Correct Answer: A

    The Azure Virtual Network container network interface (CNI) plug-in installs in an Azure Virtual Machine. The plug-in supports both Linux and

    Windows platform.

    The plug-in assigns IP addresses from a virtual network to containers brought up in the virtual machine, attaching them to the virtual network,

    and connecting them directly to other containers and virtual network resources. The plug-in doesn't rely on overlay networks, or routes, for

    connectivity, and provides the same performance as virtual machines.

    The following picture shows how the plug-in provides Azure Virtual Network capabilities to Pods:

    Reference:

    https://docs.microsoft.com/en-us/azure/virtual-network/container-networking-overview

    Community vote distribution


    A (100%)

    https://www.examtopics.com/exams/microsoft/az-500/view/2/ 3/6
    10/20/23, 4:49 PM AZ-500 Exam – Free Actual Q&As, Page 2 | ExamTopics

    Question #16 Topic 1

    You make use of Azure Resource Manager templates to deploy Azure virtual machines.

    You have been tasked with making sure that Windows features that are not in use, are automatically inactivated when instances of the virtual

    machines are provisioned.

    Which of the following actions should you take?

    A. You should make use of Azure DevOps.

    B. You should make use of Azure Automation State Configuration. Most Voted

    C. You should make use of network security groups (NSG).

    D. You should make use of Azure Blueprints.

    Correct Answer: B

    You can use Azure Automation State Configuration to manage Azure VMs (both Classic and Resource Manager), on-premises VMs, Linux

    machines, AWS VMs, and on-premises physical machines.

    Note: Azure Automation State Configuration provides a DSC pull server similar to the Windows Feature DSC-Service so that target nodes

    automatically receive configurations, conform to the desired state, and report back on their compliance. The built-in pull server in Azure

    Automation eliminates the need to set up and maintain your own pull server. Azure Automation can target virtual or physical Windows or Linux

    machines, in the cloud or on-premises.

    Reference:

    https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started

    Community vote distribution


    B (100%)

    Question #17 Topic 1

    Your company's Azure subscription includes Windows Server 2016 Azure virtual machines.

    You are informed that every virtual machine must have a custom antimalware virtual machine extension installed. You are writing the necessary

    code for a policy that will help you achieve this.

    Which of the following is an effect that must be included in your code?

    A. Disabled

    B. Modify

    C. AuditIfNotExists

    D. DeployIfNotExists Most Voted

    Correct Answer: D

    DeployIfNotExists executes a template deployment when the condition is met.

    Reference:

    https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects

    Community vote distribution


    D (100%)

    https://www.examtopics.com/exams/microsoft/az-500/view/2/ 4/6
    10/20/23, 4:49 PM AZ-500 Exam – Free Actual Q&As, Page 2 | ExamTopics

    Question #18 Topic 1

    Your company makes use of Azure Active Directory (Azure AD) in a hybrid configuration. All users are making use of hybrid Azure AD joined

    Windows 10 computers.

    You manage an Azure SQL database that allows for Azure AD authentication.

    You need to make sure that database developers are able to connect to the SQL database via Microsoft SQL Server Management Studio (SSMS).

    You also need to make sure the developers use their on-premises Active Directory account for authentication. Your strategy should allow for

    authentication prompts to be kept to a minimum.

    Which of the following is the authentication method the developers should use?

    A. Azure AD token.

    B. Azure Multi-Factor authentication.

    C. Active Directory integrated authentication. Most Voted

    Correct Answer: C

    Azure AD can be the initial Azure AD managed domain. Azure AD can also be an on-premises Active Directory Domain Services that is federated

    with the Azure

    AD.

    Using an Azure AD identity to connect using SSMS or SSDT

    The following procedures show you how to connect to a SQL database with an Azure AD identity using SQL Server Management Studio or SQL

    Server Database

    Tools.

    Active Directory integrated authentication

    Use this method if you are logged in to Windows using your Azure Active Directory credentials from a federated domain.

    1. Start Management Studio or Data Tools and in the Connect to Server (or Connect to Database Engine) dialog box, in the Authentication box,

    select Active

    Directory - Integrated. No password is needed or can be entered because your existing credentials will be presented for the connection.

    2. Select the Options button, and on the Connection Properties page, in the Connect to database box, type the name of the user database you

    want to connect to.

    (The AD domain name or tenant ID‫ג‬€ option is only supported for Universal with MFA connection options, otherwise it is greyed out.)

    Community vote distribution


    C (100%)

    https://www.examtopics.com/exams/microsoft/az-500/view/2/ 5/6
    10/20/23, 4:49 PM AZ-500 Exam – Free Actual Q&As, Page 2 | ExamTopics

    Question #19 Topic 1

    You have been tasked with enabling Advanced Threat Protection for an Azure SQL Database server.

    Advanced Threat Protection must be configured to identify all types of threat detection.

    Which of the following will happen if when a faulty SQL statement is generate in the database by an application?

    A. A Potential SQL injection alert is triggered. Most Voted

    B. A Vulnerability to SQL injection alert is triggered. Most Voted

    C. An Access from a potentially harmful application alert is triggered.

    D. A Brute force SQL credentials alert is triggered.

    Correct Answer: B

    Reference:

    https://docs.microsoft.com/en-us/azure/sql-database/sql-database-threat-detection-overview

    Community vote distribution


    B (66%) A (34%)

    Question #20 Topic 1

    Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result.

    Establish if the solution satisfies the requirements.

    You are in the process of creating an Azure Kubernetes Service (AKS) cluster. The Azure Kubernetes Service (AKS) cluster must be able to connect

    to an Azure

    Container Registry.

    You want to make sure that Azure Kubernetes Service (AKS) cluster authenticates to the Azure Container Registry by making use of the auto-

    generated service principal.

    Solution: You create an Azure Active Directory (Azure AD) role assignment.

    Does the solution meet the goal?

    A. Yes

    B. No Most Voted

    Correct Answer: A

    When you create an AKS cluster, Azure also creates a service principal to support cluster operability with other Azure resources. You can use

    this auto-generated service principal for authentication with an ACR registry. To do so, you need to create an Azure AD role assignment that

    grants the cluster's service principal access to the container registry.

    Reference:

    https://docs.microsoft.com/bs-latn-ba/azure/container-registry/container-registry-auth-aks

    Community vote distribution


    B (80%) A (20%)

     Previous Questions Next Questions 

    https://www.examtopics.com/exams/microsoft/az-500/view/2/ 6/6

    You might also like