AZ-500 無料問題集「Microsoft Azure Security Technologies」
You have a Microsoft Entra tenant that contains the users shown in the following table.
AII the users have devices that contain certificates issued by a certification authority (CA) named ContosoCA.
You create a Conditional Access policy that has the following settings:
* Name: CAPoltcy1
* Assignments
o Users and groups: Group1
o Target resources
* Include: All cloud apps
o Access controls
* Grant access: Require multi-factor authentication
o Enable policy: On
You enable and target certificate-based authentication as shown in the Enable and Target exhibit. (Click the Enable and Target tab.)
You configure certificate-based authentication as shown in the Configure exhibit. (Click the Configure tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
AII the users have devices that contain certificates issued by a certification authority (CA) named ContosoCA.
You create a Conditional Access policy that has the following settings:
* Name: CAPoltcy1
* Assignments
o Users and groups: Group1
o Target resources
* Include: All cloud apps
o Access controls
* Grant access: Require multi-factor authentication
o Enable policy: On
You enable and target certificate-based authentication as shown in the Enable and Target exhibit. (Click the Enable and Target tab.)
You configure certificate-based authentication as shown in the Configure exhibit. (Click the Configure tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have an Azure subscription that contains the resources shown in the following table.
You create the Azure Storage accounts shown in the following table.
You need to configure auditing for SQL1.
Which storage accounts and Log Analytics workspaces can you use as the audit log destination? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You create the Azure Storage accounts shown in the following table.
You need to configure auditing for SQL1.
Which storage accounts and Log Analytics workspaces can you use as the audit log destination? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have an Azure key vault named KeyVault1 that contains the items shown in the following table.
In KeyVault1 the following events occur in sequence:
* item is deleted.
* ltem2 and Policy1 are deleted.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
ui
In KeyVault1 the following events occur in sequence:
* item is deleted.
* ltem2 and Policy1 are deleted.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
ui
正解:
Explanation:
You have a network security group (NSG) bound to an Azure subnet.
You run Get-AzureRmNetworkSecurityRuleConfig and receive the output shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
You run Get-AzureRmNetworkSecurityRuleConfig and receive the output shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: able to connect to East US 2
The StorageEA2Allow has DestinationAddressPrefix {Storage/EastUS2}
Box 2: dropped
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group
You have an Azure AD tenant that contains the groups shown in the following table.
You assign licenses to the groups as shown in the following table.
On May1, you delete Group1. Group2, and Group3.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You assign licenses to the groups as shown in the following table.
On May1, you delete Group1. Group2, and Group3.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.
After syncing all on-premises identities to Azure AD, you are informed that users with a givenName attribute starting with LAB should not be allowed to sync to Azure AD.
Which of the following actions should you take?
After syncing all on-premises identities to Azure AD, you are informed that users with a givenName attribute starting with LAB should not be allowed to sync to Azure AD.
Which of the following actions should you take?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
From Azure Security Center, you enable Azure Container Registry vulnerability scanning of the images in Registry1.
You perform the following actions:
* Push a Windows image named Image1 to Registry1.
* Push a Linux image named Image2 to Registry1.
* Push a Windows image named Image3 to Registry1.
* Modify Image1 and push the new image as Image4 to Registry1.
* Modify Image2 and push the new image as Image5 to Registry1.
Which two images will be scanned for vulnerabilities? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
You perform the following actions:
* Push a Windows image named Image1 to Registry1.
* Push a Linux image named Image2 to Registry1.
* Push a Windows image named Image3 to Registry1.
* Modify Image1 and push the new image as Image4 to Registry1.
* Modify Image2 and push the new image as Image5 to Registry1.
Which two images will be scanned for vulnerabilities? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
正解:B、C
解答を投票する
You have an Azure subscription named Subscription1 that contains a resource group named RG1 and a user named User1. User1 is assigned the Owner role for RG1.
You create an Azure Blueprints definition named Blueprint1 that includes a resource group named RG2 as shown in the following exhibit.
You assign Blueprint1 to Subscription1 by using the following settings:
* Lock assignment: Read Only
* Managed Identity: System assigned
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You create an Azure Blueprints definition named Blueprint1 that includes a resource group named RG2 as shown in the following exhibit.
You assign Blueprint1 to Subscription1 by using the following settings:
* Lock assignment: Read Only
* Managed Identity: System assigned
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Graphical user interface, text, application Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking
You create an Azure subscription.
You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure AD roles.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure AD roles.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation:
Step 1: Consent to PIM
Step: 2 Verify your identity by using multi-factor authentication (MFA) Click Verify my identity to verify your identity with Azure MFA. You'll be asked to pick an account.
Step 3: Sign up PIM for Azure AD roles
Once you have enabled PIM for your directory, you'll need to sign up PIM to manage Azure AD roles.
References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started
You have an Azure subscription that contains the resources shown in the following table.
User1 is a member of Group1. Group1 and User2 are assigned the Key Vault Contributor role for Vault1.
On January 1, 2019, you create a secret in Vault1. The secret is configured as shown in the exhibit. (Click the Exhibit tab.)
User2 is assigned an access policy to Vault1. The policy has the following configurations:
* Key Management Operations: Get, List, and Restore
* Cryptographic Operations: Decrypt and Unwrap Key
* Secret Management Operations: Get, List, and Restore
Group1 is assigned an access to Vault1. The policy has the following configurations:
* Key Management Operations: Get and Recover
* Secret Management Operations: List, Backup, and Recover
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
User1 is a member of Group1. Group1 and User2 are assigned the Key Vault Contributor role for Vault1.
On January 1, 2019, you create a secret in Vault1. The secret is configured as shown in the exhibit. (Click the Exhibit tab.)
User2 is assigned an access policy to Vault1. The policy has the following configurations:
* Key Management Operations: Get, List, and Restore
* Cryptographic Operations: Decrypt and Unwrap Key
* Secret Management Operations: Get, List, and Restore
Group1 is assigned an access to Vault1. The policy has the following configurations:
* Key Management Operations: Get and Recover
* Secret Management Operations: List, Backup, and Recover
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
正解:
Explanation:
You have an Azure subscription that uses Microsoft Defender for Cloud.
You have an Amazon Web Service (AWS) account named AWS1 that is connected to defender for Cloud.
You need to ensure that AWS foundational Security Best Practices. The solution must minimize administrate effort.
What should do you in Defender for Cloud?
You have an Amazon Web Service (AWS) account named AWS1 that is connected to defender for Cloud.
You need to ensure that AWS foundational Security Best Practices. The solution must minimize administrate effort.
What should do you in Defender for Cloud?
正解:A
解答を投票する
You have an Azure subscription that contains the following resources:
* An Azure key vault
* An Azure SQL database named Database1
* Two Azure App Service web apps named AppSrv1 and AppSrv2 that are configured to use system-assigned managed identities and access Database1 You need to implement an encryption solution for Database1 that meets the following requirements:
* The data in a column named Discount in Database1 must be encrypted so that only AppSrv1 can decrypt the data.
* AppSrv1 and AppSrv2 must be authorized by using managed identities to obtain cryptographic keys.
How should you configure the encryption settings fa Database1 To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point
* An Azure key vault
* An Azure SQL database named Database1
* Two Azure App Service web apps named AppSrv1 and AppSrv2 that are configured to use system-assigned managed identities and access Database1 You need to implement an encryption solution for Database1 that meets the following requirements:
* The data in a column named Discount in Database1 must be encrypted so that only AppSrv1 can decrypt the data.
* AppSrv1 and AppSrv2 must be authorized by using managed identities to obtain cryptographic keys.
How should you configure the encryption settings fa Database1 To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point
正解:
Explanation:
Text Description automatically generated with medium confidence
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/always-encrypted-azure-key-vault-configure?
tabs=azure-powershell
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
You are assigned the Global administrator role for the tenant. You are responsible for managing Azure Security Center settings.
You need to create a custom sensitivity label.
What should you do first?
You are assigned the Global administrator role for the tenant. You are responsible for managing Azure Security Center settings.
You need to create a custom sensitivity label.
What should you do first?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have an Azure Active Directory (Azure AD) tenant that contains the resources shown in the following table.
User2 is the owner of Group2.
The user and group settings for App1 are configured as shown in the following exhibit.
You enable self-service application access for App1 as shown in the following exhibit.
User3 is configured to approve access to Appl.
You need to identify the owners of Group2 and the users of Appl.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
User2 is the owner of Group2.
The user and group settings for App1 are configured as shown in the following exhibit.
You enable self-service application access for App1 as shown in the following exhibit.
User3 is configured to approve access to Appl.
You need to identify the owners of Group2 and the users of Appl.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-access