az-500 Free Practice Test

- (Exam Topic 4)
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You need to identify which initiatives and policies you can add to Subscription1 by using Azure Security Center.
What should you identify?

1. A. Policy1 and Policy2 only
2. B. Initiative1 only
3. C. Initiative1 and Initiative2 only
4. D. Initiative1, Initiative2, Policy1, and Policy2

Correct Answer: D
Reference:
https://docs.microsoft.com/en-us/azure/security-center/custom-security-policies

- (Exam Topic 4)
You have an Azure subscription named Sub1.
You create a virtual network that contains one subnet. On the subnet, you provision the virtual machines shown in the following table.

Currently, you have not provisioned any network security groups (NSGs). You need to implement network security to meet the following requirements:
Allow traffic to VM4 from VM3 only.
Allow traffic from the Internet to VM1 and VM2 only.
Minimize the number of NSGs and network security rules.
How many NSGs and network security rules should you create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Solution:
NSGs: 1
Network security rules: 3
Not 2: You cannot specify multiple service tags or application groups) in a security rule. References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 4)
From the Azure portal, you are configuring an Azure policy.
You plan to assign policies that use the DeployIfNotExist, AuditIfNotExist, Append, and Deny effects.
Which effect requires a managed identity for the assignment?

1. A. AuditIfNotExist
2. B. Append
3. C. DeployIfNotExist
4. D. Deny

Correct Answer: C
When Azure Policy runs the template in the deployIfNotExists policy definition, it does so using a managed identity.
References:
https://docs.microsoft.com/bs-latn-ba/azure/governance/policy/how-to/remediate-resources

- (Exam Topic 4)
On Monday, you configure an email notification in Azure Security Center to notify user user1@contoso.com. On Tuesday, Security Center generates the security alerts shown in the following table.

How many email notifications will user1@contoso.com receive on Tuesday? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Solution:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 4)
You have an Azure subscription that contains a storage account named storage1 and a virtual machine named VM1.
VM1 is connected to a virtual network named VNet1 that contains one subnet and uses Azure DNS.
You need to ensure that VM1 connects to storage1 by using a private IP address. The solution must minimize administrative effort.
What should you do?

1. A. For storage1, disable public network access.
2. B. Create an Azure Private DNS zone.
3. C. On VNet1. create a new subnet.
4. D. For storage1, create a new private endpoint.

Correct Answer: D