Microsoft AZ-500 Übungsprüfungen
Zuletzt aktualisiert am 12.12.2025- Prüfungscode: AZ-500
- Prüfungsname: Microsoft Azure Security Technologies
- Zertifizierungsanbieter: Microsoft
- Zuletzt aktualisiert am: 12.12.2025
You have an Azure subscription that contains an Azure SQL database named sql1.
You plan to audit sql1.
You need to configure the audit log destination. The solution must meet the following requirements:
Support querying events by using the Kusto query language.
Minimize administrative effort.
What should you configure?
- A . an event hub
- B . a storage account
- C . a Log Analytics workspace
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Subscription. The subscription contains 50 virtual machines that run Windows Server 2012 R2 or Windows Server 2016.
You need to deploy Microsoft Antimalware to the virtual machines.
Solution: You add an extension to each virtual machine.
Does this meet the goal?
- A . Yes
- B . No
Your on-premises network contains a Hyper-V virtual machine named VM1. You need to use Azure Arc to onboard VM1 to Microsoft Defender for Cloud.
What should you install first?
- A . the Azure Monitor agent
- B . the Azure Connected Machine agent
- C . the Log Analytics agent
- D . the guest configuration agent
You have an Azure web app named WebApp1.
You upload a certificate to WebApp1.
You need to make the certificate accessible to the app code of WebApp1.
What should you do?
- A . Add a user-assigned managed identity to WebApp1.
- B . Add an app setting to the WebApp1 configuration.
- C . Enable system-assigned managed identity for the WebApp1.
- D . Configure the TLS/SSL binding for WebApp1.
To configure role-based access control, what should you primarily use in Azure?
- A . Azure Policies
- B . Access Control (IAM)
- C . Azure Blueprints
- D . Azure Management Groups
You are testing an Azure Kubernetes Service (AKS) cluster.
The cluster is configured as shown in the exhibit. (Click the Exhibit tab.)
You plan to deploy the cluster to production. You disable HTTP application routing.
You need to implement application routing that will provide reverse proxy and TLS termination for AKS services by using a single IP address.
What should you do?
- A . Create an AKS Ingress controller.
- B . Install the container network interface (CNI) plug-in.
- C . Create an Azure Standard Load Balancer.
- D . Create an Azure Basic Load Balancer.
You have an Azure subscription that contains a storage account and an Azure web app named App1.
App1 connects to an Azure Cosmos DB database named Cosmos1 that uses a private endpoint named Endpoint1. Endpoint1 has the default settings.
You need to validate the name resolution to Cosmos1.
Which DNS zone should you use?
- A . Endpoint1. Privatelink,blob,core,windows,net
- B . Endpoint1. Privatelink,database,azure,com
- C . Endpoint1. Privatelink,azurewebsites,net
- D . Endpoint1. Privatelink,documents,azure,com
You have an Azure subscription that contains a web app named App1.
Users must be able to select between a Google identity or a Microsoft identity when authenticating to App1.
You need to add Google as an identity provider in Azure AD.
Which two pieces of information should you configure? Each correct answer presents part of the solution.
Each correct selection is worth one point
- A . a tenant name
- B . a tenant ID
- C . the endpoint URL Of an application
- D . a client ID
- E . a client secret
You have an Azure subscription that contains an Azure Key Vault Standard key vault named Vault1.
Vault1 hosts a 2048-bit RSA key named key1.
You need to ensure that key1 is rotated every 90 days.
What should you do first?
- A . Create a key rotation policy.
- B . Modify the Access policies settings of Vault1.
- C . Upgrade Vault1 to Key Vault Premium.
- D . Recreate key1 as an EC key.
You have an Azure subscription that contains an Azure Key Vault Standard key vault named Vault1.
Vault1 hosts a 2048-bit RSA key named key1.
You need to ensure that key1 is rotated every 90 days.
What should you do first?
- A . Create a key rotation policy.
- B . Modify the Access policies settings of Vault1.
- C . Upgrade Vault1 to Key Vault Premium.
- D . Recreate key1 as an EC key.