az-500 Free Practice Test

- (Exam Topic 4)
You have an Azure subscription that contains an Azure SQL database named SQL1 and an Azure key vault named KeyVault1. KeyVault1 stores the keys shown in the following table.

You reed to configure Transparent Data Encryption (TDE). TDE will use a customer-managed key for SQL1?

1. A. Key1. Key2 Key3. and Key4
2. B. Key1 only
3. C. Key2 only
4. D. Key1 and key2 only
5. E. Key2 and Key3 only

Correct Answer: E

- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant that contains two users named User1 and User2 and a registered app named App1.
You create an app-specific role named Role1.
You need to assign Role1 to User1 and enable User2 to request access to App1.
Which two settings should you modify? To answer select the appropriate settings in the answer area NOTE: Each correct selection is worth one pant.

Solution:
Graphical user interface, application Description automatically generated

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 4)
You have an Azure subscription.
You plan to create a workflow automation in Azure Security Center that will automatically remediate a security vulnerability.
What should you create first?

1. A. a managed identity
2. B. an automation account
3. C. an Azure function app
4. D. an alert rule
5. E. an Azure logic app

Correct Answer: E
Reference:
https://docs.microsoft.com/en-us/azure/security-center/workflow-automation

- (Exam Topic 4)
Lab Task
Task 2
You need to ensure that the events in the NetworkSecurityGroupRuleCounter log of the
VNETOI-Subnet0-NSG network security group (NSG) are stored in the Iogs31330471 Azure Storage account for 30 days.
Solution:
Enable diagnostic resource logging for the NSG. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to select the Rule counter category under Logs and choose
the Iogs31330471 storage account as the destination.
Configure the retention policy for the storage account to keep the logs for 30 days. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to specify the days parameter as 30 for the Set-AzStorageServiceProperty cmdlet or the az storage logging update command.
View and analyze the logs in the storage account. You can use any tool that can read JSON files, such as Azure Storage Explorer or Visual Studio Code. You can also export the logs to any visualization tool, SIEM solution, or IDS of your choice

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 2)
You need to meet the technical requirements for VNetwork1. What should you do first?

1. A. Create a new subnet on VNetwork1.
2. B. Remove the NSGs from Subnet11 and Subnet13.
3. C. Associate an NSG to Subnet12.
4. D. Configure DDoS protection for VNetwork1.

Correct Answer: A
From scenario: Deploy Azure Firewall to VNetwork1 in Sub2.
Azure firewall needs a dedicated subnet named AzureFirewallSubnet. References:
https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal