AZ-500 Azure Security Engineer

This practice exam is designed to assess your readiness for the AZ-500 Azure Security Engineer Associate exam. This quiz is NOT intended to simulate the actual exam. It is intended to test your knowledge of the concepts covered on the exam.

1 / 79

A resource forest in Azure AD Domain Services will sync accounts from on-premises as well as Azure.

2 / 79

Azure HDInsight supports Azure AD authentication for service access.

3 / 79

Azure Security Center (ASC) uses Azure Policy to configure default monitoring and remediation behaviors.

4 / 79

You can use Azure AD authentication to secure Key Vault at the management plane.

5 / 79

You can limit operations on a key in Azure Key Vault by configuring the settings under Permitted operations.

6 / 79

When automating key rotation, Azure Automation runbooks require the use of the AzureRM module with key rotation for Azure Storage.

7 / 79

The Free tier of Azure Security Center (ASC) allows you to change the default policy to disable checks that you wish to ignore.

8 / 79

VMs included in an Application Security Group cannot be located in different Azure regions.

9 / 79

Advanced Threat Protection in Security Center can be enabled for an App Service plan only if the plan is associated with dedicated machines.

10 / 79

Azure Disk Encryption uses Bitlocker to encrypt OS and data volumes.

11 / 79

SAS tokens can be configured to restrict access by IP address.

12 / 79

SAS tokens provide root access to an Azure Storage account until the key is revoked or rolled.

13 / 79

You can configure Transparent Data Encryption for individual database columns containing your sensitive data.

14 / 79

You cannot configure Always Encrypted for individual database columns containing your sensitive data.

15 / 79

Azure Data Lake supports Azure AD identities in data ACLs.

16 / 79

Logic Apps created for use in the Security Playbooks feature of Azure Sentinel may use any of the triggers available to the Logic Apps Premium SKU.

17 / 79

Security Center recommendations are listed in descending order of the severity of the security vulnerabilities they address.

18 / 79

Azure Container Registry (ACR) supports Kubernetes and Docker running on third-party cloud platforms.

19 / 79

Physical isolation in AKS provides the highest pod density for running workloads.

20 / 79

To provide full access to the resources in an Azure resource group, you should grant only the Contributor role for the subscription.

21 / 79

SSH is disabled on AKS nodes by default.

22 / 79

Security Groups and Microsoft 365 groups can both be used to secure Azure resources.

23 / 79

You can rotate keys in Azure Key Vault without affecting behavior of your application.

24 / 79

You can bind client certificates to which App Service Plan tiers?

25 / 79

Azure Storage accounts are encrypted by default.

26 / 79

You need to implement security in SQL server to ensure database admins never see sensitive customer financial information, such as credit card data, in databases they manage. Which SQL data security option should you choose?

27 / 79

Microsoft recommends Shared Keys should be rolled automatically using which of the following?

28 / 79

You need to grant access for an application to Azure Storage. You need to set access to read and ensure that access is automatically revoked 90 days from today. Which option should you choose?

29 / 79

Azure Defender for SQL can scan your databases weekly to identify vulnerabilities.

30 / 79

With Azure SQL, you can configure Azure AD Domain Services authentication.

31 / 79

When you don't know how long you need to retain data in a blob, you can configure a legal hold.

32 / 79

Which of the following solutions features automated security investigations?

33 / 79

What are the options for configuring a custom RBAC role in Azure AD? (choose the best answer)

34 / 79

Just-in-Time VM access allows the requester to specify duration of access up to the configured maximum.

35 / 79

The VM vulnerability scanning feature in Security Center can also scan for vulnerabilities in open source databases on Azure VMs.

36 / 79

Azure Monitor was previously named Security Management Suite.

37 / 79

Playbooks in Azure Sentinel use a special _____ to instantiate an automated response using an Azure Logic App.

38 / 79

You need to provide the user access to download the digital content from your Storage Account. You need to ensure that the download is only available for 24 hours. What should you choose?

39 / 79

You need to periodically rotate access keys on your Azure Storage accounts. What is Microsoft’s recommended approach for automating this task?

40 / 79

You configure access to secrets in Azure Key Vault with:

41 / 79

You can send activity and audit logs to Event Grid.

42 / 79

You can grant access to a key vault for:

43 / 79

You can enforce data residency and sovereignty using which of the following?

44 / 79

With Azure Information Protection Premium Plan 1, classifications can be recommended automatically during authoring.

45 / 79

When rolling keys in Cosmos DB, the secondary key ensures

46 / 79

You can configure Azure AD authentication for which of the following?

47 / 79

Just-in-Time VM access is only available for Windows VMs.

48 / 79

You notice that when you attempt to investigate an incident created from your custom rule in Azure Sentinel that the investigation graph is empty. What is the most likely cause?

49 / 79

Network Security Groups (NSG) can be associated with which of the following Azure network elements?

50 / 79

Diagnostic logs for Azure resources can be forwarded to Log Analytics, Azure Storage, or Event Grid.

51 / 79

Azure Monitor can be used to alert on events of interest to Security Operations (SecOps).

52 / 79

You can configure the following scanning options for your container images for Azure Kubernetes Service?

53 / 79

The service principal required by Azure Kubernetes Service can be created by the following methods?

54 / 79

To achieve high availability for VMs within an Azure region, which of the following options are available?

55 / 79

Azure Firewall requires you to specify the number of network virtual appliances according to your expected scale.

56 / 79

Azure VMs can communicate across VNETs by default.

57 / 79

You will configure a separate Front Door instance to route requests by URL path to different backend pools.

58 / 79

You can configure Azure policies to target the following levels:

59 / 79

Which of the following can be used to connect your on-premises datacenter to an Azure site?

60 / 79

The Standard tier of Azure Security Center (ASC) is required to capture data on resource security hygiene.

61 / 79

The following resources support Azure resource firewall: (choose the best answer)

62 / 79

The following are the available types of Azure resource locks: (choose the best answer)

63 / 79

The Azure Virtual Network Container Network Interface (CNI) enables advanced networking for the following container solutions. (choose the best answer)

64 / 79

Network Security Groups include a rule to allow RDP access on which port by default?

65 / 79

Azure Update Management can patch both Windows and Linux VMs.

66 / 79

Transferring a subscription to a new Azure AD tenant will cause Azure VMs to stop running.

67 / 79

You can configure access reviews in Privileged Identity Management to be self-completed by the eligible members of the privileged roles.

68 / 79

Conditional access policies can be configured to target:

69 / 79

Azure AD Connect is used to configure which of the following identity models?

70 / 79

Admin consent grants consent on behalf of:

71 / 79

Microsoft Azure AD Identity Protection evaluates risk associated with:

72 / 79

You can create new users in Azure AD with the Create-AzureADUser cmdlet.

73 / 79

You can activate an eligible privileged identity profile

74 / 79

With Azure AD MFA, you can automatically block authentication for users who report fraud via email to a support address.

75 / 79

Which of the following identities eliminate the need for credentials in code?

76 / 79

Passthrough authentication (PTA) is associated with which of the following identity models?

77 / 79

In the OAuth Code Grant flow, the user confirms consent by:

78 / 79

Azure APIs can be protected by configuration of permission scopes to limit access to a 3rd party web app, even when users consent

79 / 79

Azure AD Privileged Identity Management (PIM) supports which of the following features when users request to activate a privileged identity profile?