有効なAZ-500テスト解答Microsoft AZ-500試験PDF問題を試そう
Microsoft AZ-500認定リアル2023年最新の模擬試験合格させます
質問 36
You have an Azure subscription that contains the alerts shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-overview
質問 37
You have an Azure subscription that contains the alerts shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-overview
質問 38
You are configuring network connectivity for two Azure virtual networks named VNET1 and VNET2.
You need to implement VPN gateways for the virtual networks to meet the following requirements:
* VNET1 must have six site-to-site connections that use BGP.
* VNET2 must have 12 site-to-site connections that use BGP.
* Costs must be minimized.
Which VPN gateway SKI) should you use for each virtual network? To answer, drag the appropriate SKUs to the correct networks. Each SKU may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point
正解:
解説:
Explanation
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#gwsku
質問 39
You suspect that users are attempting to sign in to resources to which they have no access.
You need to create an Azure Log Analytics query to identify failed user sign-in attempts from the last three days. The results must only show users who had more than five failed sign-in attempts.
How should you configure the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/examples
質問 40
You need to configure SQLDB1 to meet the data and application requirements.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
解説:
Explanation
From the Azure portal, create an Azure AD administrator for LitwareSQLServer1 Connect to SQLDB1 by using SSMS In SQLDB1, create contained database users
https://www.youtube.com/watch?v=pEPyPsGEevw
質問 41
You are configuring network connectivity for two Azure virtual networks named VNET1 and VNET2.
You need to implement VPN gateways for the virtual networks to meet the following requirements:
* VNET1 must have six site-to-site connections that use BGP.
* VNET2 must have 12 site-to-site connections that use BGP.
* Costs must be minimized.
Which VPN gateway SKI) should you use for each virtual network? To answer, drag the appropriate SKUs to the correct networks. Each SKU may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#gwsku
質問 42
You need to create Role1 to meet the platform protection requirements.
How should you complete the role definition of Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 43
You have an Azure subscription that contains the following resources:
* An Azure key vault
* An Azure SQL database named Database1
* Two Azure App Service web apps named AppSrv1 and AppSrv2 that are configured to use system-assigned managed identities and access Database1 You need to implement an encryption solution for Database1 that meets the following requirements:
* The data in a column named Discount in Database1 must be encrypted so that only AppSrv1 can decrypt the data.
* AppSrv1 and AppSrv2 must be authorized by using managed identities to obtain cryptographic keys.
How should you configure the encryption settings fa Database1 To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/always-encrypted-azure-key-vault-configure?tabs=azure-powershell
質問 44
You have an Azure subscription that contains an Azure key vault named KeyVault1 and the virtual machines shown in the following table.
You set the Key Vault access policy to Enable access to Azure Disk Encryption for volume encryption.
KeyVault1 is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 45
You have an Azure subscription named Subcription1 that contains the resources shown in the following table.
You have an Azure subscription named Subcription2 that contains the following resources:
* An Azure Sentinel workspace
* An Azure Event Grid instance
You need to ingest the CEF messages from the NVAs to Azure Sentinel.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 46
DRAG DROP
You have an Azure subscription named Sub1 that contains an Azure Log Analytics workspace named LAW1.
You have 500 Azure virtual machines that run Windows Server 2016 and are enrolled in LAW1.
You plan to add the System Update Assessment solution to LAW1.
You need to ensure that System Update Assessment-related logs are uploaded to LAW1 from 100 of the virtual machines only.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
正解:
解説:
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/solution-targeting Secure data and applications Testlet 1 This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Litware, Inc. is a digital media company that has 500 employees in the Chicago area and 20 employees in the San Francisco area.
Existing Environment
Litware has an Azure subscription named Sub1 that has a subscription ID of 43894a43-17c2-4a39-8cfc-
3540c2653ef4.
Sub1 is associated to an Azure Active Directory (Azure AD) tenant named litwareinc.com. The tenant contains the user objects and the device objects of all the Litware employees and their devices. Each user is assigned an Azure AD Premium P2 license. Azure AD Privileged Identity Management (PIM) is activated.
The tenant contains the groups shown in the following table.
The Azure subscription contains the objects shown in the following table.
Azure Security Center is set to the Standard tier.
Requirements
Planned Changes
Litware plans to deploy the Azure resources shown in the following table.
Identity and Access Requirements
Litware identifies the following identity and access requirements:
* All San Francisco users and their devices must be members of Group1.
* The members of Group2 must be assigned the Contributor role to RG2 by using a permanent eligible assignment.
* Users must be prevented from registering applications in Azure AD and from consenting to applications that access company information on the users' behalf.
Platform Protection Requirements
* Litware identifies the following platform protection requirements:
* Microsoft Antimalware must be installed on the virtual machines in RG1.
* The members of Group2 must be assigned the Azure Kubernetes Service Cluster Admin Role.
* Azure AD users must be able to authenticate to AKS1 by using their Azure AD credentials.
* Following the implementation of the planned changes, the IT team must be able to connect to VM0 by using JIT VM access.
* A new custom RBAC role named Role1 must be used to delegate the administration of the managed disks in RG1. Role1 must be available only for RG1.
Security Operations Requirements
Litware must be able to customize the operating system security configurations in Azure Security Center.
Data and Application Requirements
Litware identifies the following data and applications requirements:
* The users in Group2 must be able to authenticate to SQLDB1 by using their Azure AD credentials.
* WebApp1 must enforce mutual authentication.
General Requirements
Litware identifies the following general requirements:
* Whenever possible, administrative effort must be minimized.
* Whenever possible, use of automation must be maximized.
質問 47
You have an Azure subscription that contains the resources shown in the following table.
User1 is a member of Group1. Group1 and User2 are assigned the Key Vault Contributor role for Vault1.
On January 1, 2019, you create a secret in Vault1. The secret is configured as shown in the exhibit. (Click the Exhibit tab.)
User2 is assigned an access policy to Vault1. The policy has the following configurations:
* Key Management Operations: Get, List, and Restore
* Cryptographic Operations: Decrypt and Unwrap Key
* Secret Management Operations: Get, List, and Restore
Group1 is assigned an access to Vault1. The policy has the following configurations:
* Key Management Operations: Get and Recover
* Secret Management Operations: List, Backup, and Recover
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
正解:
解説:
Explanation
質問 48
You suspect that users are attempting to sign in to resources to which they have no access.
You need to create an Azure Log Analytics query to identify failed user sign-in attempts from the last three days. The results must only show users who had more than five failed sign-in attempts.
How should you configure the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/examples
質問 49
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
The tenant contains the named locations shown in the following table.
You create the conditional access policies for a cloud app named App1 as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 50
You have an Azure key vault named KeyVault1 that contains the items shown in the following table.
In KeyVault, the following events occur in sequence:
* Item1 is deleted
* Administrator enables soft delete
* Item2 and Policy1 are deleted.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview
質問 51
You have an Azure subscription that contains the resources shown in the following table.
User1 is a member of Group1. Group1 and User2 are assigned the Key Vault Contributor role for Vault1.
On January 1, 2019, you create a secret in Vault1. The secret is configured as shown in the exhibit. (Click the Exhibit tab.)
User2 is assigned an access policy to Vault1. The policy has the following configurations:
Key Management Operations: Get, List, and Restore
Cryptographic Operations: Decrypt and Unwrap Key
Secret Management Operations: Get, List, and Restore
Group1 is assigned an access to Vault1. The policy has the following configurations:
Key Management Operations: Get and Recover
Secret Management Operations: List, Backup, and Recover
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
正解:
解説:
質問 52
You have an Azure subscription that contains the alerts shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-overview
質問 53
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant.
From the Azure portal, you register an enterprise application.
Which additional resource will be created in Azure AD?
- A. a managed identity
https://www.fast2test.com/AZ-500-practice-test.html 27
Valid Fast2test AZ-500 Exam PDF Dumps - New AZ-500 Real Exam Questions - B. a service principal
- C. a user account
- D. an X.509 certificate
正解: B
解説:
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are-added
https://www.fast2test.com/AZ-500-practice-test.html 28
Valid Fast2test AZ-500 Exam PDF Dumps - New AZ-500 Real Exam Questions
Implement platform protection
Testlet 1
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Litware, Inc. is a digital media company that has 500 employees in the Chicago area and 20 employees in the San Francisco area.
Existing Environment
Litware has an Azure subscription named Sub1 that has a subscription ID of 43894a43-17c2-4a39-8cfc-
3540c2653ef4.
Sub1 is associated to an Azure Active Directory (Azure AD) tenant named litwareinc.com. The tenant contains the user objects and the device objects of all the Litware employees and their devices. Each user is assigned an Azure AD Premium P2 license. Azure AD Privileged Identity Management (PIM) is activated.
The tenant contains the groups shown in the following table.
The Azure subscription contains the objects shown in the following table.
https://www.fast2test.com/AZ-500-practice-test.html 29
Valid Fast2test AZ-500 Exam PDF Dumps - New AZ-500 Real Exam Questions
Identity and Access Requirements
Azure Security Center is set to the Standard tier.
Requirements
Planned Changes
Litware plans to deploy the Azure resources shown in the following table.
Litware identifies the following identity and access requirements:
* All San Francisco users and their devices must be members of Group1.
* The members of Group2 must be assigned the Contributor role to RG2 by using a permanent eligible assignment.
* Users must be prevented from registering applications in Azure AD and from consenting to applications that access company information on the users' behalf.
Platform Protection Requirements
https://www.fast2test.com/AZ-500-practice-test.html 30
Valid Fast2test AZ-500 Exam PDF Dumps - New AZ-500 Real Exam Questions
Litware identifies the following platform protection requirements:
* Microsoft Antimalware must be installed on the virtual machines in RG1.
* The members of Group2 must be assigned the Azure Kubernetes Service Cluster Admin Role.
* Azure AD users must be able to authenticate to AKS1 by using their Azure AD credentials.
* Following the implementation of the planned changes, the IT team must be able to connect to VM0 by using JIT VM access.
* A new custom RBAC role named Role1 must be used to delegate the administration of the managed disks in RG1. Role1 must be available only for RG1.
Security Operations Requirements
Litware must be able to customize the operating system security configurations in Azure Security Center.
Data and Application Requirements
Litware identifies the following data and applications requirements:
* The users in Group2 must be able to authenticate to SQLDB1 by using their Azure AD credentials.
* WebApp1 must enforce mutual authentication.
General Requirements
Litware identifies the following general requirements:
* Whenever possible, administrative effort must be minimized.
* Whenever possible, use of automation must be maximized.
質問 54
You have an Azure subscription named Sub1 that contains an Azure Log Analytics workspace named LAW1.
You have 500 Azure virtual machines that run Windows Server 2016 and are enrolled in LAW1.
You plan to add the System Update Assessment solution to LAW1.
You need to ensure that System Update Assessment-related logs are uploaded to LAW1 from 100 of the virtual machines only.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
解説:
Explanation
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/solution-targeting
質問 55
You have an Azure subscription that contains the following resources:
* A virtual network named VNET1 that contains two subnets named Subnet1 and Subnet2.
* A virtual machine named VM1 that has only a private IP address and connects to Subnet1.
You need to ensure that Remote Desktop connections can be established to VM1 from the internet.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange then in the correct order.
正解:
解説:
Explanation
質問 56
You have an Azure SQL Database server named SQL1.
You plan to turn on Advanced Threat Protection for SQL1 to detect all threat detection types.
Which action will Advanced Threat Protection detect as a threat?
- A. A user updates more than 50 percent of the records in a table.
- B. A user attempts to sign as select * from table1.
- C. A user deletes more than 100 records from the same table.
- D. A user is added to the db_owner database role.
正解: B
解説:
Explanation
Advanced Threat Protection can detect potential SQL injections: This alert is triggered when an active exploit happens against an identified application vulnerability to SQL injection. This means the attacker is trying to inject malicious SQL statements using the vulnerable application code or stored procedures.
References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-threat-detection-overview
質問 57
You implement the planned changes for ASG1 and ASG2.
In which NSGs can you use ASG1. and the network interfaces of which virtual machines can you assign to ASG2?
正解:
解説:
質問 58
You have an Azure subscription named Sub1. Sub1 contains a virtual network named VNet1 that contains
one subnet named Subnet1.
You create a service endpoint for Subnet1.
Subnet1 contains an Azure virtual machine named VM1 that runs Ubuntu Server 18.04.
You need to deploy Docker containers to VM1. The containers must be able to access Azure Storage
resources and Azure SQL databases by using the service endpoint.
- A. Create an application security group and a network security group (NSG).
- B. Edit the docker-compose.yml file.
- C. Install the container network interface (CNI) plug-in.
正解: C
解説:
Explanation/Reference:
Explanation:
The Azure Virtual Network container network interface (CNI) plug-in installs in an Azure Virtual Machine.
The plug-in supports both Linux and Windows platform.
The plug-in assigns IP addresses from a virtual network to containers brought up in the virtual machine,
attaching them to the virtual network, and connecting them directly to other containers and virtual network
resources. The plug-in doesn't rely on overlay networks, or routes, for connectivity, and provides the same
performance as virtual machines.
The following picture shows how the plug-in provides Azure Virtual Network capabilities to Pods:
References:
https://docs.microsoft.com/en-us/azure/virtual-network/container-networking-overview
質問 59
Your company has two offices in Seattle and New York. Each office connects to the Internet by using a NAT device. The offices use the IP addresses shown in the following table.
The company has an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.
The MFA service settings are configured as shown in the exhibit. (Click the Exhibit tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
Box 2: No
Use of Microsoft Authenticator is not required.
Note: Microsoft Authenticator is a multifactor app for mobile devices that generates time-based codes used during the Two-Step Verification process.
Box 3: No
The New York IP address subnet is included in the "skip multi-factor authentication for request.
References:
https://www.cayosoft.com/difference-enabling-enforcing-mfa/
質問 60
You plan to use Azure Disk Encryption for several virtual machine disks.
You need to ensure that Azure Disk Encryption can retrieve secrets from the KeyVault11641655 Azure key vault.
To complete this task, sign in to the Azure portal and modify the Azure resources.
正解:
解説:
See the explanation below.
Explanation
1. In the Azure portal, type Key Vaults from the search results then select KeyVault11641655. Alternatively, browse to in the left navigation pane.
2. In the Key Vault properties, scroll down to the Access Policies.
3. Select the Azure Disk Encryption for volume encryption
4. Click Save to save the changes.
質問 61
......
Microsoft AZ-500 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
AZ-500試験問題と有効なAZ-500問題集PDF:https://www.jpntest.com/shiken/AZ-500-mondaishu
AZ-500ブレーン問題集学習ガイドにはヒントとコツで試験合格を目指そう:https://drive.google.com/open?id=1MaRnnyq2aazAYZ8k89bzDdFJsTp19evS