microsoft az-500 practice test

Question 1 Topic 9, Mixed Questions

DRAG DROP
You have an Azure subscription that contains a Microsoft SQL server named Server1 and an Azure key vault named vault1.
Server1 hosts a database named DB1. Vault1 contains an encryption key named key1.
You need to ensure that you can enable Transparent Data Encryption (TDE) on DB1 by using key1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the
answer area and arrange them in the correct order.
Select and Place:

Answer:

Explanation:
Reference: https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-
configure?tabs=azure-powershell

Question 2 Topic 9, Mixed Questions

SIMULATION
You need to create a web app named Intranet12345678 and enable users to authenticate to the web app by using Azure
Active Directory (Azure AD).
To complete this task, sign in to the Azure portal.

Answer:

See the explanation below.

Explanation:
1. In the Azure portal, type App services in the search box and select App services from the search results.
2. Click the Create app service button to create a new app service.
3. In the Resource Group section, click the Create new link to create a new resource group.
4. Give the resource group a name such as Intranet12345678RG and click OK.
5. In the Instance Details section, enter Intranet12345678 in the Name field.
6. In the Runtime stack field, select any runtime stack such as .NET Core 3.1.
7. Click the Review + create button.
8. Click the Create button to create the web app.
9. Click the Go to resource button to open the properties of the new web app.
10.In the Settings section, click on Authentication / Authorization.
11.Click the App Service Authentication slider to set it to On.
12.In the Action to take when request is not authentication box, select Log in with Azure Active Directory.
13.Click Save to save the changes.

Question 3 Topic 9, Mixed Questions

SIMULATION
You need to ensure that connections through an Azure Application Gateway named Homepage-AGW are inspected for
malicious requests.
To complete this task, sign in to the Azure portal.
You do not need to wait for the task to complete.

Answer:

See the explanation below.

Explanation:
You need to enable the Web Application Firewall on the Application Gateway.
1. In the Azure portal, type Application gateways in the search box, select Application gateways from the search results then
select the gateway named Homepage-AGW. Alternatively, browse to Application Gateways in the left navigation pane.
2. In the properties of the application gateway, click on Web application firewall.
3. For the Tier setting, select WAF V2.
4. In the Firewall status section, click the slider to switch to Enabled.
5. In the Firewall mode section, click the slider to switch to Prevention.
6. Click Save to save the changes.

Question 4 Topic 9, Mixed Questions

You have an Azure subscription that contains as Azure key vault and an Azure Storage account. The key vault contains
customer-managed keys. The storage account is configured to use the customermanaged keys stored in the key vault.
You plan to store data in Azure by using the following services:
Azure Files

Azure Blob storage

Azure Table storage

Azure Queue storage

Which two services support data encryption by using the keys stored in the key vault? Each correct answer presents a
complete solution.
NOTE: Each correct selection is worth one point.

• A. Table storage
• B. Azure Files
• C. Blob storage
• D. Queue storage

Answer:

B C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption

Question 5 Topic 9, Mixed Questions

HOTSPOT
You have an Azure subscription that contains the storage accounts shown in the following table.

You enable Azure Defender for Storage.
Which storage services of storage5 are monitored by Azure Defender for Storage, and which storage accounts are protected
by Azure Defender for Storage? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Explanation:
Reference: https://docs.microsoft.com/en-us/azure/storage/common/azure-defender-storage-configure?tabs=azuresecurity-
center

Question 6 Topic 9, Mixed Questions

SIMULATION
You need to ensure that when administrators deploy resources by using an Azure Resource Manager template, the
deployment can access secrets in an Azure key vault named KV12345678.
To complete this task, sign in to the Azure portal.

Answer:

See the explanation below.

Explanation:
You need to configure an option in the Advanced Access Policy of the key vault.
1. In the Azure portal, type Azure Key Vault in the search box, select Azure Key Vault from the search results then select the
key vault named KV12345678. Alternatively, browse to Azure Key Vault in the left navigation pane.
2. In the properties of the key vault, click on Advanced Access Policies.
3. Tick the checkbox labelled Enable access to Azure Resource Manager for template deployment.
4. Click Save to save the changes.

Question 7 Topic 9, Mixed Questions

SIMULATION
You need to configure a weekly backup of an Azure SQL database named Homepage. The backup must be retained for
eight weeks.
To complete this task, sign in to the Azure portal.

Answer:

See the explanation below.

Explanation:
You need to configure the backup policy for the Azure SQL database.
1. In the Azure portal, type Azure SQL Database in the search box, select Azure SQL Database from the search results then
select Homepage. Alternatively, browse to Azure SQL Database in the left navigation pane.
2. Select the server hosting the Homepage database and click on Manage backups.
3. Click on Configure policies.
4. Ensure that the Weekly Backups option is ticked.
5. Configure the How long would you like weekly backups to be retained option to 8 weeks.
6. Click Apply to save the changes.

Question 8 Topic 9, Mixed Questions

SIMULATION
You need to enable Advanced Data Security for the SQLdb1 Azure SQL database. The solution must ensure that Azure
Advanced Threat Protection (ATP) alerts are sent to [email protected]
To complete this task, sign in to the Azure portal and modify the Azure resources.

Answer:

See the explanation below.

Explanation:
1. In the Azure portal, type SQL in the search box, select SQL databases from the search results then select SQLdb1.
Alternatively, browse to SQL databases in the left navigation pane.
2. In the properties of SQLdb1, scroll down to the Security section and select Advanced data security.
3. Click on the Settings icon.
4. Tick the Enable Advanced Data Security at the database level checkbox.
5. Click Yes at the confirmation prompt.
6. In the Storage account select a storage account if one isnt selected by default.
7. Under Advanced Threat Protection Settings, enter [email protected] in the Send alerts to box.
8. Click the Save button to save the changes.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/advanced-data-security

Question 9 Topic 9, Mixed Questions

DRAG DROP
You have an Azure Storage account named storage1 and an Azure virtual machine named VM1. VM1 has a premium SSD
managed disk.
You need to enable Azure Disk Encryption for VM1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the
answer area and arrange then in the correct order.
Select and Place:

Answer:

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault

Question 10 Topic 9, Mixed Questions

HOTSPOT
You have an Azure subscription that contains the storage accounts shown in the following table.

You need to configure authorization access.
Which authorization types can you use for each storage account? To answer, select the appropriate options in the answer
area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Explanation:
Reference: https://docs.microsoft.com/en-us/azure/storage/common/authorize-data-access
0CB84EF020870C137158A568970423A4