Professional Documents
Culture Documents
Your company has an Azure subscription that includes two virtual machines, named VirMac1 and VirMac2, which both have a status of Stopped
(Deallocated).
The virtual machines belong to different resource groups, named ResGroup1 and ResGroup2.
You have also created two Azure policies that are both configured with the virtualMachines resource type. The policy configured for ResGroup1
has a policy definition of Not allowed resource types, while the policy configured for ResGroup2 has a policy definition of Allowed resource types.
You then create a Read-only resource lock on VirMac1, as well as a Read-only resource lock on ResGroup2.
Which of the following is TRUE with regards to the scenario? (Choose all that apply.)
D. You will NOT be able to create a virtual machine in ResGroup2. Most Voted
Correct Answer: BC
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking
You have been tasked with delegate administrative access to your company's Azure key vault.
You have to make sure that a specific user can set advanced access policies for the key vault. You also have to make sure that access is assigned
Which of the following options should you use to achieve your goal?
D. Azure DevOps
Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault
https://www.examtopics.com/exams/microsoft/az-500/view/3/ 1/5
10/20/23, 4:49 PM AZ-500 Exam – Free Actual Q&As, Page 3 | ExamTopics
You have been tasked with delegate administrative access to your company's Azure key vault.
You have to make sure that a specific user is able to add and delete certificates in the key vault. You also have to make sure that access is
Which of the following options should you use to achieve your goal?
B. Azure policy
D. Azure DevOps
Correct Answer: A
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault
You have an Azure virtual machine that runs Windows Server R2.
You plan to deploy and configure an Azure Key vault, and enable Azure Disk Encryption for the virtual machine.
Which of the following is TRUE with regards to Azure Disk Encryption for a Windows VM?
Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-windows
https://www.examtopics.com/exams/microsoft/az-500/view/3/ 2/5
10/20/23, 4:49 PM AZ-500 Exam – Free Actual Q&As, Page 3 | ExamTopics
You plan to deploy and configure an Azure Key vault, and enable Azure Disk Encryption for the virtual machine.
Which of the following is TRUE with regards to Azure Disk Encryption for a Linux VM?
Correct Answer: A
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-linux
You have configured an Azure Kubernetes Service (AKS) cluster in your testing environment.
You are currently preparing to deploy the cluster to the production environment.
After disabling HTTP application routing, you want to replace it with an application routing solution that allows for reverse proxy and TLS
Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.
Correct Answer: A
An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and TLS termination for Kubernetes
services.
Reference:
https://docs.microsoft.com/en-us/azure/aks/ingress-tls
https://www.examtopics.com/exams/microsoft/az-500/view/3/ 3/5
10/20/23, 4:49 PM AZ-500 Exam – Free Actual Q&As, Page 3 | ExamTopics
You want to gather logs from a large number of Windows Server 2016 computers using Azure Log Analytics.
You are configuring an Azure Resource Manager template to deploy the Microsoft Monitoring Agent to all the servers automatically.
Which of the following should be included in the template? (Choose all that apply.)
B. AzureADApplicationID
D. StorageAccountKey
Correct Answer: AC
Reference:
https://blogs.technet.microsoft.com/manageabilityguys/2015/11/19/enabling-the-microsoft-monitoring-agent-in-windows-json-templates/
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result.
Your company has Azure subscription linked to their Azure Active Directory (Azure AD) tenant.
As a Global administrator for the tenant, part of your responsibilities involves managing Azure Security Center settings.
Solution: You start by altering the pricing tier of the Security Center.
A. Yes
B. No Most Voted
Correct Answer: B
https://www.examtopics.com/exams/microsoft/az-500/view/3/ 4/5
10/20/23, 4:49 PM AZ-500 Exam – Free Actual Q&As, Page 3 | ExamTopics
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result.
Your company has Azure subscription linked to their Azure Active Directory (Azure AD) tenant.
As a Global administrator for the tenant, part of your responsibilities involves managing Azure Security Center settings.
Solution: You start by integrating Security Center and Microsoft Cloud App Security.
A. Yes
B. No
Correct Answer: B
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result.
Your company has Azure subscription linked to their Azure Active Directory (Azure AD) tenant.
As a Global administrator for the tenant, part of your responsibilities involves managing Azure Security Center settings.
B. No
Correct Answer: A
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/customize-a-built-in-sensitive-information-type
https://www.examtopics.com/exams/microsoft/az-500/view/3/ 5/5