Free az-500 Exam Braindumps

- (Exam Topic 4)
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: User1-10598168@ExamUsers.com
Azure Password: Ag1Bh9!#Bd
The following information is for technical support purposes only: Lab Instance: 10598168




You need to ensure that the rg1lod10598168n1 Azure Storage account is encrypted by using a key stored in the KeyVault10598168 Azure key vault.
To complete this task, sign in to the Azure portal.
Solution:
Step 1: To enable customer-managed keys in the Azure portal, follow these steps:
* 1. Navigate to your storage account rg1lod10598168n1
* 2. On the Settings blade for the storage account, click Encryption. Select the Use your own key option, as shown in the following figure.

Step 2: Specify a key from a key vault
To specify a key from a key vault, first make sure that you have a key vault that contains a key. To specify a key from a key vault, follow these steps:
* 4. Choose the Select from Key Vault option.
* 5. Choose the key vault KeyVault10598168 containing the key you want to use.
* 6. Choose the key from the key vault.

Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-encryption-keys-portal

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 4)
You have 15 Azure virtual machines in a resource group named RG1. All virtual machines run identical applications.
You need to prevent unauthorized applications and malware from running on the virtual machines. What should you do?

1. A. Apply an Azure policy to RG1.
2. B. From Azure Security Center, configure adaptive application controls.
3. C. Configure Azure Active Directory (Azure AD) Identity Protection.
4. D. Apply a resource lock to RG1.

Correct Answer: B
Adaptive application control is an intelligent, automated end-to-end application whitelisting solution from Azure Security Center. It helps you control which applications can run on your Azure and non-Azure VMs (Windows and Linux), which, among other benefits, helps harden your VMs against malware. Security Center uses machine learning to analyze the applications running on your VMs and helps you apply the specific whitelisting rules using this intelligence.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-application

- (Exam Topic 4)
You have three on-premises servers named Server1, Server2, and Server3 that run Windows Server1 and Server2 and located on the Internal network. Server3 is located on the premises network. All servers have
access to Azure.
From Azure Sentinel, you install a Windows firewall data connector.
You need to collect Microsoft Defender Firewall data from the servers for Azure Sentinel. What should you do?

1. A. Create an event subscription from Server1, Server2 and Server3
2. B. Install the On-premises data gateway on each server.
3. C. Install the Microsoft Agent on each server.
4. D. Install the Microsoft Agent on Server1 and Server2 install the on-premises data gateway on Server3.

Correct Answer: C

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/connect-windows-firewall

- (Exam Topic 4)
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain.
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to deploy Azure AD Connect and to integrate Active Directory and the Azure AD tenant. You need to recommend an integration solution that meets the following requirements:
Ensures that password policies and user logon restrictions apply to user accounts that are synced to the Tenant Minimizes the number of servers required for the solution.
Which authentication method should you include in the recommendation?

1. A. federated identity with Active Directory Federation Services (AD FS)
2. B. password hash synchronization with seamless single sign-on (SSO)
3. C. pass-through authentication with seamless single sign-on (SSO)

Correct Answer: C
* 1. Ensures that password policies and user logon restrictions apply to user accounts that are synced to the tenant
>> Pass-Through Authentication enforce on-premises user account states, password policies, and sign-in hours.
* 2. Minimizes the number of servers required for the solution.
>> Pass-through needs a lightweight agent to be installed one (or more) on-premises servers.
>> PW Hash also require installing Azure AD Connect on your existing DC.

- (Exam Topic 4)
Your company recently created an Azure subscription.
You have been tasked with making sure that a specified user is able to implement Azure AD Privileged Identity Management (PIM).
Which of the following is the role you should assign to the user?

1. A. The Global administrator role.
2. B. The Security administrator role.
3. C. The Password administrator role.
4. D. The Compliance administrator role.

Correct Answer: A
To start using PIM in your directory, you must first enable PIM.
* 1. Sign in to the Azure portal as a Global Administrator of your directory.
You must be a Global Administrator with an organizational account (for example, @yourdomain.com), not a Microsoft account (for example, @outlook.com), to enable PIM for a directory.
Scenario: Technical requirements include: Enable Azure AD Privileged Identity Management (PIM) for contoso.com
Reference:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-getting-started