az-500 Free Practice Test

- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You create and enforce an Azure AD Identity Protection user risk policy that has the following settings:
Assignment: Include Group1, Exclude Group2
Conditions: Sign-in risk of Medium and above
Access: Allow access, Require password change
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Solution:
Box 1: Yes
User1 is member of Group1. Sign in from unfamiliar location is risk level Medium. Box 2: Yes
User2 is member of Group1. Sign in from anonymous IP address is risk level Medium. Box 3: No
Sign-ins from IP addresses with suspicious activity is low. Note:

Azure AD Identity protection can detect six types of suspicious sign-in activities:
Users with leaked credentials
Sign-ins from anonymous IP addresses
Impossible travel to atypical locations
Sign-ins from infected devices
Sign-ins from IP addresses with suspicious activity
Sign-ins from unfamiliar locations
These six types of events are categorized in to 3 levels of risks – High, Medium & Low: References:
http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 4)
You have an Azure subscription name Sub1 that contains an Azure Policy definition named Policy1. Policy1 has the following settings:
Definition location: Tenant Root Group
Category: Monitoring
You need to ensure that resources that are noncompliant with Policy1 are listed in the Azure Security Center dashboard.
What should you do first?

1. A. Change the Category of Policy1 to Security Center.
2. B. Add Policy1 to a custom initiative.
3. C. Change the Definition location of Policy1 to Sub1.
4. D. Assign Policy1 to Sub1.

Correct Answer: D
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview

- (Exam Topic 4)
You have an Azure subscription that contains an Azure key vault named Vault1. On January 1, 2019, Vault1 stores the following secrets.

Which can each secret be used by an application? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Solution:
Box 1: Never Password1 is disabled.
Box 2: Only between March 1, 2019 and May 1, Password2:

Reference:
https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/set-azurekeyvaultsecretattribute

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 1)
You need to ensure that users can access VM0. The solution must meet the platform protection requirements. What should you do?

1. A. Move VM0 to Subnet1.
2. B. On Firewall, configure a network traffic filtering rule.
3. C. Assign RT1 to AzureFirewallSubnet.
4. D. On Firewall, configure a DNAT rule.

Correct Answer: D
https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-dnat

- (Exam Topic 4)
You plan to deploy an app that will modify the properties of Azure Active Directory (Azure AD) users by using Microsoft Graph. You need to ensure that the app can access Azure AD. What should you configure first?

1. A. a custom role-based access control (RBAC) role
2. B. an external identity
3. C. an Azure AD Application Proxy
4. D. an app registration

Correct Answer: D
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are-added