AZ-500 無料問題集「Microsoft Azure Security Technologies」
You have an Azure subscription that contains an Azure SQL database named sql1.
You plan to audit sql1.
You need to configure the audit log destination. The solution must meet the following requirements:
* Support querying events by using the Kusto query language.
* Minimize administrative effort.
What should you configure?
You plan to audit sql1.
You need to configure the audit log destination. The solution must meet the following requirements:
* Support querying events by using the Kusto query language.
* Minimize administrative effort.
What should you configure?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
From Azure Security Center, you enable Azure Container Registry vulnerability scanning of the images in Registry1.
You perform the following actions:
* Push a Windows image named Image1 to Registry1.
* Push a Linux image named Image2 to Registry1.
* Push a Windows image named Image3 to Registry1.
* Modify Image1 and push the new image as Image4 to Registry1.
* Modify Image2 and push the new image as Image5 to Registry1.
Which two images will be scanned for vulnerabilities? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
You perform the following actions:
* Push a Windows image named Image1 to Registry1.
* Push a Linux image named Image2 to Registry1.
* Push a Windows image named Image3 to Registry1.
* Modify Image1 and push the new image as Image4 to Registry1.
* Modify Image2 and push the new image as Image5 to Registry1.
Which two images will be scanned for vulnerabilities? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
正解:B、C
解答を投票する
You have an Azure Active Directory (Azure AD) tenant that contains two administrative units named AU1 and AU2.
Users are assigned to the administrative units as shown in the following table.
Users are assigned to the administrative units as shown in the following table.
正解:
Explanation:
You have a Azure subscription that contains an Azure Container Registry named Registry1. The subscription uses the Standard use tier of Azure Security Center.
You upload several container images to Register1.
You discover that vulnerability security scans were not performed
You need to ensured that the images are scanned for vulnerabilities when they are uploaded to Registry1.
What should you do?
You upload several container images to Register1.
You discover that vulnerability security scans were not performed
You need to ensured that the images are scanned for vulnerabilities when they are uploaded to Registry1.
What should you do?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains the subnets shown in the following table.
The subscription contains the virtual machines shown in the following table.
VM3 contains a service that listens for connections on port 8080.
For VM1, you configure just-in-time (JIT) VM access as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE; Each correct selection is worth one point.
The subscription contains the virtual machines shown in the following table.
VM3 contains a service that listens for connections on port 8080.
For VM1, you configure just-in-time (JIT) VM access as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE; Each correct selection is worth one point.
正解:
Explanation:
You have an Azure subscription that contains the resources shown in the following table.
You need to ensure that ServerAdmins can perform the following tasks:
* Create virtual machines in RG1 only.
* Connect the virtual machines to the existing virtual networks in RG2 only.
The solution must use the principle of least privilege.
Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to ensure that ServerAdmins can perform the following tasks:
* Create virtual machines in RG1 only.
* Connect the virtual machines to the existing virtual networks in RG2 only.
The solution must use the principle of least privilege.
Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
正解:B、E
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have an Azure Sentinel workspace that has the following data connectors:
* Azure Active Directory Identity Protection
* Common Event Format (CEF)
* Azure Firewall
You need to ensure that data is being ingested from each connector.
From the Logs query window, which table should you query for each connector? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
* Azure Active Directory Identity Protection
* Common Event Format (CEF)
* Azure Firewall
You need to ensure that data is being ingested from each connector.
From the Logs query window, which table should you query for each connector? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Graphical user interface, application, table Description automatically generated
Lab Task
use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password. place your cursor in the Enter password box and click on the password below.
Azure Username: Userl [email protected]
Azure Password: GpOAe4@lDg
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 28681041
Task 5
You need to ensure that only devices connected to a 131-107.0.0/16 subnet can access data in the rg1lod28681041 Azure Storage account.
use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password. place your cursor in the Enter password box and click on the password below.
Azure Username: Userl [email protected]
Azure Password: GpOAe4@lDg
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 28681041
Task 5
You need to ensure that only devices connected to a 131-107.0.0/16 subnet can access data in the rg1lod28681041 Azure Storage account.
正解:
Check below steps in explanation for Task.
Explanation:
To ensure that only devices connected to a 131-107.0.0/16 subnet can access data in the rg1lod28681041 Azure Storage account, you can follow these steps:
* In the Azure portal, search for and select the storage account named rg1lod28681041.
* In the left pane, select Firewalls and virtual networks.
* In the Firewalls and virtual networks pane, select Selected networks.
* In the Selected networks pane, select Add existing virtual network.
* In the Add existing virtual network pane, select the virtual network that contains the 131-107.0.0/16 subnet.
* Select Add.
https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security
Explanation:
To ensure that only devices connected to a 131-107.0.0/16 subnet can access data in the rg1lod28681041 Azure Storage account, you can follow these steps:
* In the Azure portal, search for and select the storage account named rg1lod28681041.
* In the left pane, select Firewalls and virtual networks.
* In the Firewalls and virtual networks pane, select Selected networks.
* In the Selected networks pane, select Add existing virtual network.
* In the Add existing virtual network pane, select the virtual network that contains the 131-107.0.0/16 subnet.
* Select Add.
https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security
You need to create an Azure key vault. The solution must ensure that any object deleted from the key vault be retained for 90 days.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: -EnablePurgeProtection
If specified, protection against immediate deletion is enabled for this vault; requires soft delete to be enabled as well.
Box 2: -EnableSoftDelete
Specifies that the soft-delete functionality is enabled for this key vault. When soft-delete is enabled, for a grace period, you can recover this key vault and its contents after it is deleted.
References:
https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/new-azurermkeyvault