az-500 Free Practice Test

- (Exam Topic 4)
You are configuring an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.
You need to use the auto-generated service principal to authenticate to the Azure Container Registry. What should you create?

1. A. an Azure Active Directory (Azure AD) group
2. B. an Azure Active Directory (Azure AD) role assignment
3. C. an Azure Active Directory (Azure AD) user
4. D. a secret in Azure Key Vault

Correct Answer: B
When you create an AKS cluster, Azure also creates a service principal to support cluster operability with other Azure resources. You can use this auto-generated service principal for authentication with an ACR registry. To do so, you need to create an Azure AD role assignment that grants the cluster's service principal access to the container registry.
References:
https://docs.microsoft.com/bs-latn-ba/azure/container-registry/container-registry-auth-aks

- (Exam Topic 4)
You plan to implement an Azure function named Function1 that will create new storage accounts for containerized application instances.
You need to grant Function1 the minimum required privileges to create the storage accounts. The solution must minimize administrative effort.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Solution:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/howto-assign-access

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 1)
You need to ensure that users can access VM0. The solution must meet the platform protection requirements.
What should you do?

1. A. Move VM0 to Subnet1.
2. B. On Firewall, configure a network traffic filtering rule.
3. C. Assign RT1 to AzureFirewallSubnet.
4. D. On Firewall, configure a DNAT rule.

Correct Answer: D
https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-dnat

- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant and a root management group. You create 10 Azure subscriptions and add the subscriptions to the rout management group.
You need to create an Azure Blueprints definition that will be stored in the root management group. What should you do first?

1. A. Add an Azure Policy definition to the root management group.
2. B. Modify the role-based access control (RBAC) role assignments for the root management group.
3. C. Create a user-assigned identity.
4. D. Create a service principal.

Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin

- (Exam Topic 3)
From Azure Security Center, you need to deploy SecPol1. What should you do first?

1. A. Enable Azure Defender.
2. B. Create an Azure Management group.
3. C. Create an initiative.
4. D. Configure continuous export.

Correct Answer: C
Reference:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/security-center/custom-security-policies.md https://zimmergren.net/create-custom-security-center-recommendation-with-azure-policy/