• Home
  • Articles
  • [Dec 22, 2023] Get New AZ-500 Certification – Valid Exam Dumps Questions [Q23-Q39]

[Dec 22, 2023] Get New AZ-500 Certification – Valid Exam Dumps Questions [Q23-Q39]

Share

[Dec 22, 2023] Get New AZ-500 Certification – Valid Exam Dumps Questions

100% Passing Guarantee - Brilliant AZ-500 Exam Questions PDF

NEW QUESTION # 23
You have an Azure Container Registry named Registry1.
You add role assignment for Registry1 as shown in the following table.

Which users can upload images to Registry1 and download images from Registry1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: User1 and User4 only
Owner, Contributor and AcrPush can push images.
Box 2: User1, User2, and User4
All, except AcrImagineSigner, can download/pull images.

References:
https://docs.microsoft.com/bs-latn-ba/azure/container-registry/container-registry-roles


NEW QUESTION # 24
You have the Azure key vaults shown in the following table.

KV1 stores a secret named Secret1 and a key for a managed storage account named Key1.
You back up Secret1 and Key1.
To which key vaults can you restore each backup? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 25
You have an Azure subscription named Sub1. Sub1 has an Azure Storage account named Storage1 that contains the resources shown in the following table.

You generate a shared access signature (SAS) to connect to the blob service and the file service.
Which tool can you use to access the contents in Container1 and Share! by using the SAS? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 26
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You create an Azure role by using the following JSON file.

You assign Role1 to User1 for RG1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#compute


NEW QUESTION # 27
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username: [email protected]
Azure Password: Ag1Bh9!#Bd
The following information is for technical support purposes only:
Lab Instance: 10598168




You need to ensure that only devices connected to a 131.107.0.0/16 subnet can access data in the rg1lod10598168 Azure Storage account.
To complete this task, sign in to the Azure portal.
See the explanation below.

Answer:

Explanation:
Explanation
Step 1:
1. In Azure portal go to the storage account you want to secure. Here: rg1lod10598168
2. Click on the settings menu called Firewalls and virtual networks.
3. To deny access by default, choose to allow access from Selected networks. To allow traffic from all networks, choose to allow access from All networks.
4. Click Save to apply your changes.
Step 2:
1. Go to the storage account you want to secure. Here: rg1lod10598168
2. Click on the settings menu called Firewalls and virtual networks.
3. Check that you've selected to allow access from Selected networks.
4. To grant access to a virtual network with a new network rule, under Virtual networks, click Add existing virtual network, select Virtual networks and Subnets options. Enter the 131.107.0.0/16 subnet and then click Add.
Note: When network rules are configured, only applications requesting data over the specified set of networks can access a storage account. You can limit access to your storage account to requests originating from specified IP addresses, IP ranges or from a list of subnets in an Azure Virtual Network (VNet).
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security


NEW QUESTION # 28
You have an Azure subscription that contains a user named Admin1 and a resource group named RG1.
In Azure Monitor, you create the alert rules shown in the following table.

Admin1 performs the following actions on RG1:
Adds a virtual network named VNET1
Adds a Delete lock named Lock1
Which rules will trigger an alert as a result of the actions of Admin1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation


NEW QUESTION # 29
You have an Azure subscription that contains a user named User1 and a storage account named storage1. The storage1 account contains the resources shown in the following table.

In storage1, you create a shared access signature (SAS) named SAS1 as shown in the following exhibit.

To which resources can User! write on July 1, 2022 by using SAS1 and key 1? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 30
You have an Azure subscription that contains the resources shown in the following table.

You create the Azure Storage accounts shown in the following table.

You need to configure auditing for SQL1.
Which storage accounts and Log Analytics workspaces can you use as the audit log destination? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation


NEW QUESTION # 31
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains a user named User1.
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains an Azure Storage account named storage1. Storage1 contains an Azure file share named share1.
Currently, the domain and the tenant are not integrated.
You need to ensure that User1 can access share1 by using his domain credentials.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-compliance-dashboard


NEW QUESTION # 32
You have an Azure subscription that contains the resources shown in the following table.

Transparent Data Encryption (TDE) is disabled on SQL1.
You assign polices to the resource groups as shown in the following table.

You plan to deploy Azure SQL databases by using an Azure Resource Manager (ARM) template. The databases will be configured as shown in the following table.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 33
You have an Azure subscription that contains the virtual machines shown in the following table.

From Azure Security Center, you turn on Auto Provisioning.
You deploy the virtual machines shown in the following table.

On which virtual machines is the Microsoft Monitoring agent installed?

  • A. VM1, VM2, VM3, and VM4
  • B. VM1 and VM3 only
  • C. VM3 and VM4 only
  • D. VM3 only

Answer: A

Explanation:
Explanation
When automatic provisioning is enabled, Security Center provisions the Microsoft Monitoring Agent on all supported Azure VMs and any new ones that are created.
Supported Operating systems include: Ubuntu 14.04 LTS (x86/x64), 16.04 LTS (x86/x64), and 18.04 LTS (x64) and Windows Server 2008 R2, 2012, 2012 R2, 2016, version 1709 and 1803.
References:
https://docs.microsoft.com/en-us/azure/security-center/security-center-faq


NEW QUESTION # 34
You have an Azure subscription that contains the resources shown in the following table.

An IP address of 10.1.0.4 is assigned to VM5. VM5 does not have a public IP address.
VM5 has just in time (JIT) VM access configured as shown in the following exhibit.

You enable JIT VM access for VM5.
NSG1 has the inbound rules shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation


NEW QUESTION # 35
You have an Azure Active Directory (Azure AD) tenant.
You have the deleted objects shown in the following table.

On May 4, 2020, you attempt to restore the deleted objects by using the Azure Active Directory admin center.
Which two objects can you restore? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Group1
  • B. User2
  • C. User1
  • D. Group2

Answer: B,D

Explanation:
Deleted users and deleted Office 365 groups are available for restore for 30 days.
You cannot restore a deleted security group.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-restore-deleted


NEW QUESTION # 36
You have a hybrid configuration of Azure Active Directory (Azure AD).
All users have computers that run Windows 10 and are hybrid Azure AD joined.
You have an Azure SQL database that is configured to support Azure AD authentication.
Database developers must connect to the SQL database by using Microsoft SQL Server Management Studio (SSMS) and authenticate by using their on-premises Active Directory account.
You need to tell the developers which authentication method to use to connect to the SQL database from SSMS. The solution must minimize authentication prompts.
Which authentication method should you instruct the developers to use?

  • A. Active Directory - Universal with MFA support
  • B. Active Directory - Password
  • C. Active Directory - Integrated
  • D. SQL Login

Answer: C

Explanation:
Explanation
Azure AD can be the initial Azure AD managed domain. Azure AD can also be an on-premises Active Directory Domain Services that is federated with the Azure AD.
Using an Azure AD identity to connect using SSMS or SSDT
The following procedures show you how to connect to a SQL database with an Azure AD identity using SQL Server Management Studio or SQL Server Database Tools.
Active Directory integrated authentication
Use this method if you are logged in to Windows using your Azure Active Directory credentials from a federated domain.
1. Start Management Studio or Data Tools and in the Connect to Server (or Connect to Database Engine) dialog box, in the Authentication box, select Active Directory - Integrated. No password is needed or can be entered because your existing credentials will be presented for the connection.

2. Select the Options button, and on the Connection Properties page, in the Connect to database box, type the name of the user database you want to connect to. (The AD domain name or tenant ID" option is only supported for Universal with MFA connection options, otherwise it is greyed out.) References:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/sql-database/sql-database-aad-authentication-c


NEW QUESTION # 37
You need to meet the identity and access requirements for Group1.
What should you do?

  • A. Add a membership rule to Group1.
  • B. Delete Group1. Create a new group named Group1 that has a membership type of Office 365. Add users and devices to the group.
  • C. Change the membership type of Group1 to Assigned. Create two groups that have dynamic memberships. Add the new groups to Group1.
  • D. Modify the membership rule of Group1.

Answer: C

Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership Scenario:
Litware identifies the following identity and access requirements: All San Francisco users and their devices must be members of Group1.
The tenant currently contain this group:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal


NEW QUESTION # 38
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
The User administrator role is assigned to a user named Admin1.
An external partner has a Microsoft account that uses the [email protected] sign in.
Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: "Unable to invite user [email protected] Generic authorization exception." You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.
What should you do?

  • A. From the Custom domain names blade, add a custom domain.
  • B. From the Users blade, modify the External collaboration settings.
  • C. From the Roles and administrators blade, assign the Security administrator role to Admin1.
  • D. From the Organizational relationships blade, add an identity provider.

Answer: B

Explanation:
Explanation
You need to allow guest invitations in the External collaboration settings.


NEW QUESTION # 39
......

Free AZ-500 braindumps download: https://lead2pass.real4prep.com/AZ-500-exam.html

Related Articles

more
Microsoft AZ-500 Certification Practice Exam