2023年最新の検証済みAZ-500問題集と解答であなたを合格確定させるMicrosoft Azure Security Engineer Associate試験解答! [Q176-Q198]

Share

2023年最新の検証済みAZ-500問題集と解答であなたを合格確定させるMicrosoft Azure Security Engineer Associate試験解答!

AZ-500試験問題集で100%合格率AZ-500試験!


Microsoft Azureセキュリティ技術(Microsoft AZ-500)試験は、Microsoft Azure環境をセキュアにする知識とスキルを証明するための認定試験です。この試験は、アイデンティティとアクセス管理、プラットフォーム保護、データとアプリケーション保護、セキュリティオペレーションなど、幅広いセキュリティトピックをカバーしています。この試験に合格することで、候補者はAzure環境でセキュリティコントロールを実装・管理する能力があること、およびクラウドベースのリソースをセキュアにするための業界のベストプラクティスについての知識があることが証明されます。


MicrosoftのAZ-500認定試験に備えて、候補者はMicrosoftが提供するさまざまなリソースを利用することができます。これには、オンライントレーニングコース、練習問題、および学習ガイドが含まれます。候補者は、テスト環境でAzureを使用するか、実際の経験を通じてAzureセキュリティについての実践的な経験を積むこともできます。


Microsoft AZ-500 (Microsoft Azure Security Technologies) 認定試験は、Microsoft Azureでのセキュリティコントロールの実装、セキュリティポスチャの維持、脅威の特定と軽減の専門知識を持つプロフェッショナルを対象としています。この認定試験は、Microsoft Azureリソースを安全に保護し、規制要件を遵守するために必要なスキルと知識を認証します。試験では、候補者のAzureセキュリティ技術に関する理解を測定し、アイデンティティとアクセス管理、ネットワークセキュリティ、プラットフォーム保護、データとアプリケーション保護、セキュリティ管理などのAzureセキュリティ技術に関する知識を評価します。

 

質問 # 176
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

Azure AD Privileged Identity Management (PIM) is enabled for the tenant.
In PIM, the Password Administrator role has the following settings:
Maximum activation duration (hours): 2
Send email notifying admins of activation: Disable
Require incident/request ticket number during activation: Disable
Require Azure Multi-Factor Authentication for activation: Enable
Require approval to activate this role: Enable
Selected approver: Group1
You assign users the Password Administrator role as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation

Reference:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-resource-role


質問 # 177
You have an Azure Storage account that contains a blob container named container1 and a client application named App1.
You need to enable App1 access to container1 by using Azure Active Directory (Azure AD) authentication.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://azure.microsoft.com/en-in/blog/announcing-the-preview-of-aad-authentication-for-storage/
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/storage/common/storage-auth-aad-rbac-portal.md


質問 # 178
You plan to use Azure Log Analytics to collect logs from 200 servers that run Windows Server 2016.
You need to automate the deployment of the Microsoft Monitoring Agent to all the servers by using an Azure Resource Manager template.
How should you complete the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation

References:
https://blogs.technet.microsoft.com/manageabilityguys/2015/11/19/enabling-the-microsoft-monitoring-agent-in-w


質問 # 179
You have an Azure subscription that contains the virtual machines shown in the following table.

You create the Azure policies shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解:

解説:

References:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking


質問 # 180
You need to meet the identity and access requirements for Group1.
What should you do?

  • A. Change the membership type of Group1 to Assigned. Create two groups that have dynamic memberships. Add the new groups to Group1.
  • B. Modify the membership rule of Group1.
  • C. Delete Group1. Create a new group named Group1 that has a membership type of Office 365. Add users and devices to the group.
  • D. Add a membership rule to Group1.

正解:A

解説:
Explanation
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership Scenario:
Litware identifies the following identity and access requirements: All San Francisco users and their devices must be members of Group1.
The tenant currently contain this group:

References:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-port


質問 # 181
You have an Azure subscription that contains the alerts shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation

References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-overview


質問 # 182
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

Azure AD Privileged Identity Management (PIM) is enabled for the tenant.
In PIM, the Password Administrator role has the following settings:
Maximum activation duration (hours): 2
Send email notifying admins of activation: Disable
Require incident/request ticket number during activation: Disable
Require Azure Multi-Factor Authentication for activation: Enable
Require approval to activate this role: Enable
Selected approver: Group1
You assign users the Password Administrator role as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 183
You have an Azure Storage account that contains a blob container named container1 and a client application named App1.
You need to enable App1 access to container1 by using Azure Active Directory (Azure AD) authentication.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://azure.microsoft.com/en-in/blog/announcing-the-preview-of-aad-authentication-for-storage/
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/storage/common/storage-auth-aad-rbac-portal.md


質問 # 184
You have an Azure subscription that contains an Azure SQL database named SQLDB1. SQLDB1 contains the columns shown in the following table.

For the Email and Birthday columns, you implement dynamic data masking by using the default masking function.
Which value will the users see in each column? To answer, drag the appropriate values to the correct columns. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 185
You have an Azure Subscription that is linked to an Azure Active Directory (Azure AD). The tenant contains the users shown in the following table.

You have an Azure key vault named Vault1 that has Purge protection set to Disabled. Vault1 contains the access policies shown in the following table.

You create role assignments for Vault1 as shown in the following table.

For each of the following statements, Yes if the statement is true, Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 186
You have an Azure key vault named KeyVault1 that contains the items shown in the following table.

In KeyVault, the following events occur in sequence:
Item1 is deleted
Administrator enables soft delete
Item2 and Policy1 are deleted.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview


質問 # 187
You have an Azure subscription named Sub1. Sub1 contains a virtual network named VNet1 that contains one subnet named Subnet1.
You create a service endpoint for Subnet1.
Subnet1 contains an Azure virtual machine named VM1 that runs Ubuntu Server 18.04.
You need to deploy Docker containers to VM1. The containers must be able to access Azure Storage resources and Azure SQL databases by using the service endpoint.

  • A. Create an application security group and a network security group (NSG).
  • B. Edit the docker-compose.yml file.
  • C. Install the container network interface (CNI) plug-in.

正解:C

解説:
Explanation
The Azure Virtual Network container network interface (CNI) plug-in installs in an Azure Virtual Machine.
The plug-in supports both Linux and Windows platform.
The plug-in assigns IP addresses from a virtual network to containers brought up in the virtual machine, attaching them to the virtual network, and connecting them directly to other containers and virtual network resources. The plug-in doesn't rely on overlay networks, or routes, for connectivity, and provides the same performance as virtual machines.
The following picture shows how the plug-in provides Azure Virtual Network capabilities to Pods:

References:
https://docs.microsoft.com/en-us/azure/virtual-network/container-networking-overview


質問 # 188
You ate evaluating the security of the network communication between the virtual machines in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation


質問 # 189
You are troubleshooting a security issue for an Azure Storage account.
You enable the diagnostic logs for the storage account.
What should you use to retrieve the diagnostics logs?

  • A. AzCopy
  • B. Azure Cosmos DB explorer
  • C. the Security & Compliance admin center
  • D. Azure Security Center

正解:A


質問 # 190
You implement the planned changes for ASG1 and ASG2.
In which NSGs can you use ASG1. and the network interfaces of which virtual machines can you assign to ASG2?

正解:

解説:


質問 # 191
You have a network security group (NSG) bound to an Azure subnet.
You run Get-AzureRmNetworkSecurityRuleConfig and receive the output shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group


質問 # 192
You need to ensure that users can access VM0. The solution must meet the platform protection requirements.
What should you do?

  • A. Move VM0 to Subnet1.
  • B. On Firewall, configure a network traffic filtering rule.
  • C. Assign RT1 to AzureFirewallSubnet.
  • D. On Firewall, configure a DNAT rule.

正解:A

解説:
Explanation
Azure Firewall has the following known issue:
Conflict with Azure Security Center (ASC) Just-in-Time (JIT) feature.
If a virtual machine is accessed using JIT, and is in a subnet with a user-defined route that points to Azure Firewall as a default gateway, ASC JIT doesn't work. This is a result of asymmetric routing - a packet comes in via the virtual machine public IP (JIT opened the access), but the return path is via the firewall, which drops the packet because there is no established session on the firewall.
Solution: To work around this issue, place the JIT virtual machines on a separate subnet that doesn't have a user-defined route to the firewall.
Scenario:

Following the implementation of the planned changes, the IT team must be able to connect to VM0 by using JIT VM access.

References:
https://docs.microsoft.com/en-us/azure/firewall/overview


質問 # 193
You have the hierarchy of Azure resources shown in the following exhibit.

RG1, RG2, and RG3 are resource groups.
RG2 contains a virtual machine named VM1.
You assign role-based access control (RBAC) roles to the users shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 194
You have an Azure subscription that contains the resources shown in the following table.

You perform the following tasks:
Create a managed identity named Managed1.
Create a Microsoft 365 group named Group1.
You need to identify which service principals were created and which identities can be assigned the Reader role for RG1. What should you identify? To answer, select the appropriate options in the answer area. NOTE:
Each correct selection is worth one point.

正解:

解説:

Explanation


質問 # 195
You have an Azure key vault.
You need to delegate administrative access to the key vault to meet the following requirements:
* Provide a user named User1 with the ability to set advanced access policies for the key vault.
* Provide a user named User2 with the ability to add and delete certificates in the key vault.
* Use the principle of least privilege.
What should you use to assign access to each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation:
User1: RBAC
RBAC is used as the Key Vault access control mechanism for the management plane. It would allow a user with the proper identity to:
* set Key Vault access policies
* create, read, update, and delete key vaults
* set Key Vault tags
Note: Role-based access control (RBAC) is a system that provides fine-grained access management of Azure resources. Using RBAC, you can segregate duties within your team and grant only the amount of access to users that they need to perform their jobs.
User2: A key vault access policy
A key vault access policy is the access control mechanism to get access to the key vault data plane. Key Vault access policies grant permissions separately to keys, secrets, and certificates.
References:
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault


質問 # 196
You create an alert rule that has the following settings:
Resource: RG1
Condition: All Administrative operations
Actions: Action groups configured for this alert rule: ActionGroup1
Alert rule name: Alert1
You create an action rule that has the following settings:
Scope: VM1
Filter criteria: Resource Type = "Virtual Machines"
Define on this scope: Suppression
Suppression config: From now (always)
Name: ActionRule1
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Note: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-action-rules


質問 # 197
You have an Azure subscription that contains a resource group named RG1 and a security group serverless RG1 contains 10 virtual machine, a virtual network VNET1, and a network security group (NSG) named NSG1. ServerAdmins can access the virtual machines by using RDP.
You need to ensure that NSG1 only RDP connections to the virtual for a maximum of 60 minutes when a member of ServerAdmins requests access.
What should you configure?

  • A. an Azure Bastion host on VNET1.
  • B. an Azure Active Directory (Azure AD) Privileged identity Management (PIM) role assignment.
  • C. a just in time (JIT) VM access policy in Azure Security Center
  • D. an azure policy assigned to RG1.

正解:C

解説:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained


質問 # 198
......

あなたを余裕でAZ-500試験合格させます!100%高合格率保証:https://jp.fast2test.com/AZ-500-premium-file.html

試験問題集リアルMicrosoft Azure Security Engineer Associate問題集で351解答を使おう:https://drive.google.com/open?id=1tJouRx0Kfec_U5OtjRylo9aeF6b77OaD


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어