[Apr 05, 2026] Get Unlimited Access to AZ-500 Certification Exam Cert Guide [Q63-Q82]

Share

[Apr 05, 2026] Get Unlimited Access to AZ-500 Certification Exam Cert Guide

Reliable Study Materials for AZ-500 Exam Success For Sure

NEW QUESTION # 63
You need to meet the identity and access requirements for Group1.
What should you do?

  • A. Delete Group1. Create a new group named Group1 that has a membership type of Office 365. Add users and devices to the group.
  • B. Change the membership type of Group1 to Assigned. Create two groups that have dynamic memberships. Add the new groups to Group1.
  • C. Add a membership rule to Group1.
  • D. Modify the membership rule of Group1.

Answer: B

Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership Scenario:
Litware identifies the following identity and access requirements: All San Francisco users and their devices must be members of Group1.
The tenant currently contain this group:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal


NEW QUESTION # 64
Your company has an Azure subscription named Subscription1. Subscription1 is associated with the Azure Active Directory tenant that includes the users shown in the following table.

The company is sold to a new owner.
The company needs to transfer ownership of Subscription1.
Which user can transfer the ownership and which tool should the user use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/billing-subscription-transfer


NEW QUESTION # 65
Your on-premises network contains the servers shown in the following table.

You have an Azure subscription That contains multiple virtual machines that run either Windows Server 2019 Of SLES.

Answer:

Explanation:


NEW QUESTION # 66
You have an Azure subscription that contains a blob container named cont1. Cont1 has the access policies shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

Answer:

Explanation:


NEW QUESTION # 67
You have an Azure subscription that contains the virtual machines shown in the following table.

You create the Azure policies shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

References:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking


NEW QUESTION # 68
Lab Task
use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password. place your cursor in the Enter password box and click on the password below.
Azure Username: Userl [email protected]
Azure Password: GpOAe4@lDg
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 28681041
Task 5
You need to ensure that only devices connected to a 131-107.0.0/16 subnet can access data in the rg1lod28681041 Azure Storage account.

Answer:

Explanation:
To ensure that only devices connected to a 131-107.0.0/16 subnet can access data in the rg1lod28681041 Azure Storage account, you can follow these steps:
In the Azure portal, search for and select the storage account named rg1lod28681041.
In the left pane, select Firewalls and virtual networks.
In the Firewalls and virtual networks pane, select Selected networks.
In the Selected networks pane, select Add existing virtual network.
In the Add existing virtual network pane, select the virtual network that contains the 131-107.0.0/16 subnet.
Select Add.
https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security


NEW QUESTION # 69
You have an Azure Active Directory (Azure AD) tenant named contoso1812.onmicrosoft.com that contains the users shown in the following table.

You create an Azure Information Protection label named Label1. The Protection settings for Label1 are configured as shown in the exhibit. (Click the Exhibit tab.)

Label1 is applied to a file named File1.
For each of the following statements, select Yes if the statement is true, Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation


NEW QUESTION # 70
You need to ensure that the Azure AD application registration and consent configurations meet the identity and access requirements.
What should you use in the Azure portal? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Topic 2, Contoso
Technical Requirements
Contoso identifies the following technical requirements:
Deploy Azure Firewall to VNetWork1 in Sub2.
Register an application named App2 in contoso.com.
Whenever possible, use the principle of least privilege.
Enable Azure AD Privileged Identity Management (PIM) for contoso.com
Existing Environment
Azure AD
Contoso.com contains the users shown in the following table.

Contoso.com contains the security groups shown in the following table.

Sub1
Sub1 contains six resource groups named RG1, RG2, RG3, RG4, RG5, and RG6.
User2 creates the virtual networks shown in the following table.

Sub1 contains the locks shown in the following table.

Sub1 contains the Azure policies shown in the following table.

Sub2

Sub2 contains the virtual machines shown in the following table.

All virtual machines have the public IP addresses and the Web Server (IIS) role installed. The firewalls for each virtual machine allow ping requests and web requests.
Sub2 contains the network security groups (NSGs) shown in the following table.

NSG1 has the inbound security rules shown in the following table.

NSG2 has the inbound security rules shown in the following table.

NSG3 has the inbound security rules shown in the following table.

NSG4 has the inbound security rules shown in the following table.

NSG1, NSG2, NSG3, and NSG4 have the outbound security rules shown in the following table.

Contoso identifies the following technical requirements:
Deploy Azure Firewall to VNetwork1 in Sub2.
Register an application named App2 in contoso.com.
Whenever possible, use the principle of least privilege.
Enable Azure AD Privileged Identity Management (PIM) for contoso.com.


NEW QUESTION # 71
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

From Azure AD Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as shown in the following exhibit.

From PIM, you assign the Security Administrator role to the following groups:
Group1: Active assignment type, permanently assigned
Group2: Eligible assignment type, permanently eligible
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
https://docs.microsoft.com/bs-cyrl-ba/azure/active-directory/privileged-identity-management/pim-resource-roles-configure-role-settings


NEW QUESTION # 72
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

In Azure AD Privileged Identity Management (PIM), the Role settings for the Contributor role are configured as shown in the exhibit. (Click the Exhibit tab.)

You assign users the Contributor role on May 1, 2019 as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-assign-roles


NEW QUESTION # 73
You have an Azure subscription that contains the virtual networks shown in the following table.

NSG1 and NSG2 both have default rules only.
The subscription contains the virtual machines shown in the following table.

The subscription contains the web apps shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 74
You have a file named File1.yaml that contains the following contents.

You create an Azure container instance named container1 by using File1.yaml.
You need to identify where you can access the values of Variable1 and Variable2.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/container-instances/container-instances-environment-variables


NEW QUESTION # 75
You create a new Azure subscription that is associated to a new Azure Active Directory (Azure AD) tenant.
You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the Microsoft Azure Management cloud app.
The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.)

The Grant settings for Portal Policy are configured as shown in the Grant exhibit. (Click the Grant tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition


NEW QUESTION # 76
You have an Azure subscription named Sub1. Sub1 has an Azure Storage account named Storage1 that contains the resources shown in the following table.

You generate a shared access signature (SAS) to connect to the blob service and the file service.
Which tool can you use to access the contents in Container1 and Share! by using the SAS? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 77
You plan to use Azure Log Analytics to collect logs from 200 servers that run Windows Server 2016.
You need to automate the deployment of the Microsoft Monitoring Agent to all the servers by using an Azure Resource Manager template.
How should you complete the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://blogs.technet.microsoft.com/manageabilityguys/2015/11/19/enabling-the-microsoft-monitoring-agent-in-windows-json-templates/


NEW QUESTION # 78
You have an Azure Storage account that contains a blob container named container1 and a client application named App1.
You need to enable App1 access to container1 by using Azure Active Directory (Azure AD) authentication.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://azure.microsoft.com/en-in/blog/announcing-the-preview-of-aad-authentication-for-storage/
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/storage/common/storage-auth-aad-rbac-portal.md


NEW QUESTION # 79
You have an Azure Active Directory (Azure AD) tenant that contains two administrative units named AU1 and AU2.
Users are assigned to the administrative units as shown in the following table.

Answer:

Explanation:

Explanation:


NEW QUESTION # 80
You have an Azure subscription.
You need to create and deploy an Azure policy that meets the following requirements:
When a new virtual machine is deployed, automatically install a custom security extension.
Trigger an autogenerated remediation task for non-compliant virtual machines to install the extension.
What should you include in the policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources


NEW QUESTION # 81
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You create and enforce an Azure AD Identity Protection user risk policy that has the following settings:
Assignment: Include Group1, Exclude Group2
Conditions: Sign-in risk of Medium and above
Access: Allow access, Require password change
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/


NEW QUESTION # 82
......


Microsoft Azure is a widely popular cloud computing platform that is relied upon by businesses around the world. As more and more companies move their operations to the cloud, the need for skilled Azure professionals has never been greater. One such certification that is highly valued in the industry is the Microsoft AZ-500 (Microsoft Azure Security Technologies) certification exam.

 

New Microsoft AZ-500 Dumps & Questions: https://realexamcollection.examslabs.com/Microsoft/Microsoft-Azure-Security-Engineer-Associate/best-AZ-500-exam-dumps.html