Microsoft AZ-500 Übungsprüfungen
Zuletzt aktualisiert am 03.02.2026- Prüfungscode: AZ-500
- Prüfungsname: Microsoft Azure Security Technologies
- Zertifizierungsanbieter: Microsoft
- Zuletzt aktualisiert am: 03.02.2026
HOTSPOT
You have the hierarchy of Azure resources shown in the following exhibit.
You create the Azure Blueprints definitions shown in the following table.
To which objects can you assign Blueprint1 and Blueprint2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure subscription named Sub1. Sub1 contains a virtual network named VNet1 that contains one subnet named Subnet1.
You create a service endpoint for Subnet1.
Subnet1 contains an Azure virtual machine named VM1 that runs Ubuntu Server 18.04.
You need to deploy Docker containers to VM1. The containers must be able to access Azure Storage resources and Azure SQL databases by using the service endpoint.
- A . Create an application security group and a network security group (NSG).
- B . Edit the docker-compose.yml file.
- C . Install the container network interface (CNI) plug-in.
Lab Task
Task 1
You need to ensure that connections from the Internet to VNET1subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.
HOTSPOT
You have an Azure Subscription that is connected to an on-premises datacenter and contains the resources shown in the following table.
You need to configure virtual network service endpoints for VNet1 and VNet2.
The solution must meet the following requirements:
• The virtual machines that connect to the subnet of VNet1 must access storage1, storage2, and Azure AD by using the Microsoft backbone network.
• The virtual machines that connect to the subnet of VNet2 must access storage1 and KeyVault1 by using the Microsoft backbone network.
• The virtual machines must use the Microsoft backbone network to communicate between VNet1 and VNet2.
How many service endpoints should you configure for each virtual network? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the resources shown in the following table.
You need to configure storage1 to regenerate keys automatically every 90 days.
Which cmdlet should you run?
- A . set -A=StorageAccount
- B . Add-A:StorogcAccountmanagementPolicyAction
- C . Set-A;StorageAccountimanagementPolicy
- D . Add-AsKeyVaultmanageStorageAccount
You have an Azure subscription that contains an Azure Blob storage account bolb1.
You need to configure attribute-based access control (ABAC) for blob1.
Which attributes can you use in access conditions?
- A . blob index tags only
- B . blob index tags and container names only
- C . file extensions and container names only
- D . blob index tags, file extensions, and container names
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.
SQL1 has the following configurations:
• Auditing: Enabled
• Audit log destination: storage1, Workspace1 DB1 has the following configurations:
• Auditing: Enabled
• Audit log destination: storage2
DB2 has auditing disabled.
Where are the audit logs for DB1 and DB2 stored? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.
SQL1 has the following configurations:
• Auditing: Enabled
• Audit log destination: storage1, Workspace1 DB1 has the following configurations:
• Auditing: Enabled
• Audit log destination: storage2
DB2 has auditing disabled.
Where are the audit logs for DB1 and DB2 stored? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant.
The tenant contains the users shown in the following table.
The tenant contains the groups shown in the following table.
You configure a multi-factor authentication (MFA) registration policy that and the following settings:
• Assignments:
• Include: Group1
• Exclude Group2
• Controls: Require Azure MFA registration
• Enforce Policy: On
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.
You perform the following tasks:
– Create a managed identity named Managed1.
– Create a Microsoft 365 group named Group1.
You need to identify which service principals were created and which identities can be assigned the Reader role for RG1.
What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
