Exams > Microsoft > AZ-500: Microsoft Azure Security Technologies
AZ-500: Microsoft Azure Security Technologies
Page 5 out of 39 pages Questions 41-50 out of 388 questions
Question#41

You have an Azure subscription that contains a storage account named storage1 and two web apps named app1 and app2.
Both apps will write data to storage1.
You need to ensure that each app can read only the data that it has written.
What should you do?

  • A. Provide each app with a system-assigned identity and configure storage1 to use Azure AD User account authentication.
  • B. Provide each app with a separate Storage account key and configure the app to send the key with each request.
  • C. Provide each app with a user-managed identity and configure storage1 to use Azure AD User account authentication.
  • D. Provide each app with a unique Base64-encoded AES-256 encryption key and configure the app to send the key with each request.
Discover Answer Hide Answer

Answer: C
A user-assigned identity is a standalone Azure resource that can be assigned to your app. An app can have multiple user-assigned identities.
Incorrect:
Not A: A system-assigned identity is tied to your application and is deleted if your app is deleted. An app can only have one system-assigned identity.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity

Question#42

You have an Azure subscription that contains an Azure Files share named share1 and a user named User1. Identity-based authentication is configured for share1.
User1 attempts to access share1 from a Windows 10 device by using SMB.
Which type of token will Azure Files use to authorize the request?

  • A. OAuth 2.0
  • B. JSON Web Token (JWT)
  • C. SAML
  • D. Kerberos
Discover Answer Hide Answer

Answer: D
Azure Filesג€‰supports identity-based authentication over Server Message Block (SMB) throughג€‰two types of Domain Services: on-premises Active Directory Domain
Services (AD DS) and Azure Active Directory Domain Services (Azure AD DS).
Supported scenarios and restrictions include:
Supports Kerberos authentication with AD with AES 256 encryption (recommended) and RC4-HMAC.
Note: Kerberos is an authentication protocol that is used to verify the identity of a user or host.
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-enable

Question#43

DRAG DROP
-

You have an Azure subscription.

You plan to create two custom roles named Role1 and Role2.

The custom roles will be used to perform the following tasks:

• Members of Role1 will manage application security groups.
• Members of Role2 will manage Azure Bastion.

You need to add permissions to the custom roles.

Which resource provider should you use for each role? To answer, drag the appropriate resource providers to the correct roles. Each resource provider may be used, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Discover Answer Hide Answer

Answer:

Question#44

You have an Azure subscription linked to an Azure Active Directory Premium Plan 1 tenant.

You plan to implement Azure Active Directory (Azure AD) Identity Protection.

You need to ensure that you can configure a user risk policy and a sign-in risk policy.

What should you do first?

  • A. Purchase Azure Active Directory Premium Plan 2 licenses for all users.
  • B. Register all users for Azure Multi-Factor Authentication (MFA).
  • C. Enable security defaults for Azure Active Directory.
  • D. Enable enhanced security features in Microsoft Defender for Cloud.
Discover Answer Hide Answer

Answer: A

Question#45

HOTSPOT
-

You have an Azure subscription that contains the resources shown in the following table.



You perform the following tasks:

• Create a managed identity named Managed1.
• Create a Microsoft 365 group named Group1.
• Register an enterprise application named App1.
• Enable a system-assigned managed identity for VM1.

You need to identify which service principals were created and which identities can be assigned the Reader role for RG1.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Discover Answer Hide Answer

Answer:

Question#46

HOTSPOT
-

You have an Azure Active directory tenant that syncs with an Active Directory Domain Services (AD DS) domain.

You plan to create an Azure file share that will contain folders and files.

Which identity store can you use to assign permissions to the Azure file share and folders within the share? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Discover Answer Hide Answer

Answer:

Question#47

You have an Azure subscription.

You plan to deploy a new Conditional Access policy named CAPolicy1.

You need to use the What if tool to evaluate how CAPolicy1 wall affect users. The solution must minimize the impact of CAPolicy1 on the users.

To what should you set the Enable policy setting for CAPolicy1?

  • A. Off
  • B. On
  • C. Report only
Discover Answer Hide Answer

Answer: C

Question#48

You have an Azure Active Directory (Azure AD) tenant that contains 500 users and an administrative unit named AU1.

From the Azure Active Directory admin center, you plan to add the users to AU1 by using Bulk add members.

You need to create and upload a file for the bulk add.

What should you include in the file?

  • A. only the display name of each user
  • B. only the user principal name (UPN) of each user
  • C. only the user principal name (UPN) and display name of each user
  • D. only the user principal name (UPN) and object identifier of each user
  • E. only the object identifier of each user
Discover Answer Hide Answer

Answer: C

Question#49

HOTSPOT
-

You have the role assignments shown in the following exhibit.



Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Discover Answer Hide Answer

Answer:

Question#50

You have an Azure subscription that contains a user named User1.

You need to ensure that User1 can create managed identities. The solution must use the principle of least privilege.

What should you do?

  • A. Create a management group and assign User1 the Hybrid Identity Administrator Azure Active Directory (Azure AD) role.
  • B. Create a management group and assign User1 the Managed Identity Operator role.
  • C. Create a resource group and assign User1 to the Managed Identity Contributor role.
  • D. Create an organizational unit (OU) and assign User1 the User administrator Azure Active Directory (Azure AD) role.
Discover Answer Hide Answer

Answer: C

chevron rightPrevious Nextchevron right