• Home
  • Blogs
  • Easily To Pass New AZ-500 Verified & Correct Answers [Mar 29, 2024 [Q173-Q191]

Easily To Pass New AZ-500 Verified & Correct Answers [Mar 29, 2024 [Q173-Q191]

Share

Easily To Pass New AZ-500 Verified & Correct Answers [Mar 29, 2024

Free AZ-500 Exam Files Downloaded Instantly

NEW QUESTION # 173
You have an Azure subscription that contains a resource group named RG1. RG1 contains a virtual machine named VM1 that uses Azure Active Directory (Azure AD) authentication.
You have two custom Azure roles named Role1 and Role2 that are scoped to RG1.
The permissions for Role1 are shown in the following JSON code.

The permissions for Role2 are shown in the following JSON code.

You assign the roles to the users shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 174
You have an Azure Container Registry named Registry1.
You add role assignment for Registry1 as shown in the following table.

Which users can upload images to Registry1 and download images from Registry1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/bs-latn-ba/azure/container-registry/container-registry-roles


NEW QUESTION # 175
You are configuring and securing a network environment.
You deploy an Azure virtual machine named VM1 that is configured to analyze network traffic.
You need to ensure that all network traffic is routed through VM1.
What should you configure?

  • A. a system route
  • B. a user-defined route
  • C. a network security group (NSG)

Answer: B

Explanation:
Explanation/Reference:
https://www.fast2test.com/AZ-500-practice-test.html 51
Valid Fast2test AZ-500 Exam PDF Dumps - New AZ-500 Real Exam Questions
Explanation:
Although the use of system routes facilitates traffic automatically for your deployment, there are cases in which you want to control the routing of packets through a virtual appliance. You can do so by creating user defined routes that specify the next hop for packets flowing to a specific subnet to go to your virtual appliance instead, and enabling IP forwarding for the VM running as the virtual appliance.
Note: User Defined Routes
For most environments you will only need the system routes already defined by Azure. However, you may need to create a route table and add one or more routes in specific cases, such as:
* Force tunneling to the Internet via your on-premises network.
* Use of virtual appliances in your Azure environment.
* In the scenarios above, you will have to create a route table and add user defined routes to it.
Reference:
https://github.com/uglide/azure-content/blob/master/articles/virtual-network/virtual-networks-udr-overview.md


NEW QUESTION # 176
You have an Azure subscription that contains the resources shown in the following table.

An IP address of 10.1.0.4 is assigned to VM5. VM5 does not have a public IP address.
VM5 has just in time (JIT) VM access configured as shown in the following exhibit.

You enable JIT VM access for VM5.
NSG1 has the inbound rules shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 177
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

In Azure AD Privileged Identity Management (PIM), the Role settings for the Contributor role are configured as shown in the exhibit. (Click the Exhibit tab.)

You assign users the Contributor role on May 1, 2019 as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-assig


NEW QUESTION # 178
You have an Azure subscription that contains an Azure key vault named KeyVault1 and the virtual machines shown in the following table.

You set the Key Vault access policy to Enable access to Azure Disk Encryption for volume encryption.
KeyVault1 is configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation


NEW QUESTION # 179
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain.
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD)
tenant named contoso.com.
You plan to deploy Azure AD Connect and to integrate Active Directory and the Azure AD tenant.
You need to recommend an integration solution that meets the following requirements:
Ensures that password policies and user logon restrictions apply to user accounts that are synced to

the tenant
Minimizes the number of servers required for the solution.

Which authentication method should you include in the recommendation?

  • A. password hash synchronization with seamless single sign-on (SSO)
  • B. pass-through authentication with seamless single sign-on (SSO)
  • C. federated identity with Active Directory Federation Services (AD FS)

Answer: A

Explanation:
Explanation/Reference:
Explanation:
Password hash synchronization requires the least effort regarding deployment, maintenance, and
infrastructure. This level of effort typically applies to organizations that only need their users to sign in to
Office 365, SaaS apps, and other Azure AD-based resources. When turned on, password hash
synchronization is part of the Azure AD Connect sync process and runs every two minutes.
Incorrect Answers:
A: A federated authentication system relies on an external trusted system to authenticate users. Some
companies want to reuse their existing federated system investment with their Azure AD hybrid identity
solution. The maintenance and management of the federated system falls outside the control of Azure AD.
It's up to the organization by using the federated system to make sure it's deployed securely and can
handle the authentication load.
C: For pass-through authentication, you need one or more (we recommend three) lightweight agents
installed on existing servers. These agents must have access to your on-premises Active Directory
Domain Services, including your on-premises AD domain controllers. They need outbound access to the
Internet and access to your domain controllers. For this reason, it's not supported to deploy the agents in a
perimeter network.
Pass-through Authentication requires unconstrained network access to domain controllers. All network
traffic is encrypted and limited to authentication requests.
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta


NEW QUESTION # 180
You have an Azure subscription that contains the resources shown in the following table.

You need to ensure that ServerAdmins can perform the following tasks:
Create virtual machine to the existing virtual network in RG2 only.
The solution must use the principle of least privilege.
Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. the Virtual Machine Contributor role for RG1.
  • B. the Contributor role for the subscription
  • C. the Network Contributor role for RG2
  • D. the Network Contributor role for RG1.
  • E. a custom RBAC role for RG2
  • F. A custom RBAC role for the subscription

Answer: A,C


NEW QUESTION # 181
You have the Azure virtual machines shown in the following table.

Each virtual machine has a single network interface.
You add the network interface of VM1 to an application security group named ASG1.
You need to identify the network interfaces of which virtual machines you can add to ASG1.
What should you identify?

  • A. Vm2 and Vm3 only
  • B. VM2, VM3, VM4, and VM5
  • C. VM2, VM3, and VM5 only
  • D. VM2 only

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/application-security-groups


NEW QUESTION # 182
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

In Azure AD Privileged Identity Management (PIM), the Role settings for the Contributor role are configured as shown in the exhibit. (Click the Exhibit tab.)

You assign users the Contributor role on May 1, 2019 as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-assig


NEW QUESTION # 183
You need to ensure that User2 can implement PIM.
What should you do first?

  • A. Configure the identity secure score for contoso.com.
  • B. Enable multi-factor authentication (MFA) for User2.
  • C. Configure authentication methods for contoso.com.
  • D. Assign User2 the Global administrator role.

Answer: D

Explanation:
Section: [none]
Explanation:
To start using PIM in your directory, you must first enable PIM.
1. Sign in to the Azure portal as a Global Administrator of your directory.
You must be a Global Administrator with an organizational account (for example, @yourdomain.com), not a Microsoft account (for example, @outlook.com), to enable PIM for a directory.
Scenario: Technical requirements include: Enable Azure AD Privileged Identity Management (PIM) for contoso.com References:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-getting-started Question Set 3


NEW QUESTION # 184
You have an Azure subscription that contains the following resources:
* An Azure key vault
* An Azure SQL database named Database1
* Two Azure App Service web apps named AppSrv1 and AppSrv2 that are configured to use system-assigned managed identities and access Database1 You need to implement an encryption solution for Database1 that meets the following requirements:
* The data in a column named Discount in Database1 must be encrypted so that only AppSrv1 can decrypt the data.
* AppSrv1 and AppSrv2 must be authorized by using managed identities to obtain cryptographic keys.
How should you configure the encryption settings fa Database1 To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point

Answer:

Explanation:

Explanation:
Text Description automatically generated with medium confidence

Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/always-encrypted-azure-key-vault-configure?tabs=azu


NEW QUESTION # 185
You have an Azure subscription that contains a virtual machine named VM1.
You create an Azure key vault that has the following configurations:
* Name: Vault5
* Region: West US
* Resource group: RG1
You need to use Vault5 to enable Azure Disk Encryption on VM1. The solution must support backing up VM1 by using Azure Backup.
Which key vault settings should you configure?

  • A. Keys
  • B. Secrets
  • C. Access policies
  • D. Locks

Answer: C

Explanation:
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault


NEW QUESTION # 186
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a hybrid configuration of Azure Active Directory (Azure AD).
You have an Azure HDInsight cluster on a virtual network.
You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.
You need to configure the environment to support the planned authentication.
Solution: You deploy Azure Active Directory Domain Services (Azure AD DS) to the Azure subscription.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/hdinsight/connect-on-premises-network


NEW QUESTION # 187
You have an Azure Active directory tenant that syncs with an Active Directory Domain Services (AD DS) domain.
You plan to create an Azure file share that will contain folders and files.
Which identity store can you use to assign permissions to the Azure file share and folders within the share? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:
See the answer below at Explanation.
Explanation
Answer is as image below.


NEW QUESTION # 188
You have an Azure subscription named Subscription1 that contains a resource group named RG1 and a user named User1. User1 is assigned the Owner role for RG1.
You create an Azure Blueprints definition named Blueprint1 that includes a resource group named RG2 as shown in the following exhibit.

You assign Blueprint1 to Subscription1 by using the following settings:
Lock assignment: Read Only
Managed Identity: System assigned
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking


NEW QUESTION # 189
You create resources in an Azure subscription as shown in the following table.

VNET1 contains two subnets named Subnet1 and Subnet2. Subnet1 has a network ID of 10.0.0.0/24. Subnet2 has a network ID of 10.1.1.0/24.
Contoso1901 is configured as shown in the exhibit. (Click the Exhibit tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 190
You need to ensure that the events in the NetworkSecurityGroupRuleCounter log of the VNET01-Subnet0-NSG network security group (NSG) are stored in the logs11597200 Azure Storage account for 30 days.
To complete this task, sign in to the Azure portal.

Answer:

Explanation:
You need to configure the diagnostic logging for the NetworkSecurityGroupRuleCounter log.
In the Azure portal, type Network Security Groups in the search box, select Network Security Groups from the search results then select VNET01-Subnet0-NSG. Alternatively, browse to Network Security Groups in the left navigation pane.
In the properties of the Network Security Group, click on Diagnostic Settings.
Click on the Add diagnostic setting link.
Provide a name in the Diagnostic settings name field. It doesn't matter what name you provide for the exam.
In the Log section, select NetworkSecurityGroupRuleCounter.
In the Destination details section, select Archive to a storage account.
In the Storage account field, select the logs11597200 storage account.
In the Retention (days) field, enter 30.
Click the Save button to save the changes.


NEW QUESTION # 191
......

100% Pass Guaranteed Free AZ-500 Exam Dumps: https://www.actual4cert.com/AZ-500-real-questions.html

Verified & Latest AZ-500 Dump Q&As with Correct Answers: https://drive.google.com/open?id=1x_oy39hPCN43qPxoU5knKsR8zhIvBG51

Related Blogs

more
Microsoft AZ-500 Certification Practice Exam

Copyright © 2026 ACTUAL4CERT.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.