AZ-500 Azure Security Engineer

This practice exam is designed to assess your readiness for the AZ-500 Azure Security Engineer Associate exam. This quiz is NOT intended to simulate the actual exam. It is intended to test your knowledge of the concepts covered on the exam.

1 / 79

A resource forest in Azure AD Domain Services will sync accounts from on-premises as well as Azure.

2 / 79

Azure HDInsight supports Azure AD authentication for service access.

3 / 79

Azure Security Center (ASC) uses Azure Policy to configure default monitoring and remediation behaviors.

4 / 79

You can use Azure AD authentication to secure Key Vault at the management plane.

5 / 79

You can limit operations on a key in Azure Key Vault by configuring the settings under Permitted operations.

6 / 79

When automating key rotation, Azure Automation runbooks require the use of the AzureRM module with key rotation for Azure Storage.

7 / 79

The Free tier of Azure Security Center (ASC) allows you to change the default policy to disable checks that you wish to ignore.

8 / 79

VMs included in an Application Security Group cannot be located in different Azure regions.

9 / 79

Advanced Threat Protection in Security Center can be enabled for an App Service plan only if the plan is associated with dedicated machines.

10 / 79

Azure Disk Encryption uses Bitlocker to encrypt OS and data volumes.

11 / 79

SAS tokens can be configured to restrict access by IP address.

12 / 79

SAS tokens provide root access to an Azure Storage account until the key is revoked or rolled.

13 / 79

You can configure Transparent Data Encryption for individual database columns containing your sensitive data.

14 / 79

You cannot configure Always Encrypted for individual database columns containing your sensitive data.

15 / 79

Azure Data Lake supports Azure AD identities in data ACLs.

16 / 79

Logic Apps created for use in the Security Playbooks feature of Azure Sentinel may use any of the triggers available to the Logic Apps Premium SKU.

17 / 79

Security Center recommendations are listed in descending order of the severity of the security vulnerabilities they address.

18 / 79

Azure Container Registry (ACR) supports Kubernetes and Docker running on third-party cloud platforms.

19 / 79

Physical isolation in AKS provides the highest pod density for running workloads.

20 / 79

To provide full access to the resources in an Azure resource group, you should grant only the Contributor role for the subscription.

21 / 79

SSH is disabled on AKS nodes by default.

22 / 79

Security Groups and Microsoft 365 groups can both be used to secure Azure resources.

23 / 79

You can rotate keys in Azure Key Vault without affecting behavior of your application.

24 / 79

You can bind client certificates to which App Service Plan tiers?

25 / 79

Azure Storage accounts are encrypted by default.

26 / 79

You need to implement security in SQL server to ensure database admins never see sensitive customer financial information, such as credit card data, in databases they manage. Which SQL data security option should you choose?

27 / 79

Microsoft recommends Shared Keys should be rolled automatically using which of the following?

28 / 79

You need to grant access for an application to Azure Storage. You need to set access to read and insidethemicrosoftcloud.com ensure that access is automatically revoked 90 days from today. Which option should you choose?

29 / 79

Azure Defender for SQL can scan your databases weekly to identify vulnerabilities.

30 / 79

With Azure SQL, you can configure Azure AD Domain Services authentication.

31 / 79

When you don't know how long you need to retain data in a blob, you can configure a legal hold.

32 / 79

Which of the following solutions features automated security investigations?

33 / 79

What are the options for configuring a custom RBAC role in Azure AD? (choose the best answer)

34 / 79

Just-in-Time VM access allows the requester to specify duration of access up to the configured maximum.

35 / 79

The VM vulnerability scanning feature in Security Center can also scan for vulnerabilities in open source databases on Azure VMs.

36 / 79

Azure Monitor was previously named Security Management Suite.

37 / 79

Playbooks in Azure Sentinel use a special _____ to instantiate an automated response using an Azure Logic App.

38 / 79

You need to provide the user access to download the digital content from your Storage Account. You need to ensure that the download is only available for 24 hours. What should you choose?

39 / 79

You need to periodically rotate access keys on your Azure Storage accounts. What is Microsoft’s recommended approach for automating this task?

40 / 79

You configure access to secrets in Azure Key Vault with:

41 / 79

You can send activity and audit logs to Event Grid.

42 / 79

You can grant access to a key vault for:

43 / 79

You can enforce data residency and sovereignty using which of the following?

44 / 79

With Azure Information Protection Premium Plan 1, classifications can be recommended automatically during authoring.

45 / 79

When rolling keys in Cosmos DB, the secondary key ensures

46 / 79

You can configure Azure AD authentication for which of the following?

47 / 79

Just-in-Time VM access is only available for Windows VMs.

48 / 79

You notice that when you attempt to investigate an incident created from your custom rule in Azure Sentinel that the investigation graph is empty. What is the most likely cause?

49 / 79

Network Security Groups (NSG) can be associated with which of the following Azure network elements?

50 / 79

Diagnostic logs for Azure resources can be forwarded to Log Analytics, Azure Storage, or Event Grid.