2024年最新の100%無料AZ-500日常練習試験には391問があります [Q153-Q172]

Share

2024年最新の100%無料AZ-500日常練習試験には391問があります

AZ-500試験資料Microsoft学習ガイド


Microsoft AZ-500試験に合格することは、Microsoft Azureクラウドサービスを保護する専門知識を示す優れた方法です。この認定は、クラウドセキュリティ分野でのキャリアアップや、組織での価値の向上に役立ちます。クラウドセキュリティの専門家の需要が高まる中、Microsoft AZ-500認定を取得することで、クラウドセキュリティ分野での多くの仕事の機会が開かれる可能性があります。

 

質問 # 153
You have an Azure Subscription that is linked to an Azure Active Directory (Azure AD). The tenant contains the users shown in the following table.

You have an Azure key vault named Vault1 that has Purge protection set to Disabled. Vault1 contains the access policies shown in the following table.

You create role assignments for Vault1 as shown in the following table.

For each of the following statements, Yes if the statement is true, Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation


質問 # 154
You have an Azure subscription named Sub 1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

Each user is assigned an Azure AD Premium P2 license.
You plan lo onboard and configure Azure AD identity Protection.
Which users can onboard Azure AD Identity Protection, remediate users, and configure policies? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point

正解:

解説:


質問 # 155
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

You create a resource group named RG1.
Which users can modify the permissions for RG1 and which users can create virtual networks in RG1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 156
You have an Azure resource group that contains 100 virtual machines.
You have an initiative named Initiative1 that contains multiple policy definitions. Initiative1 is assigned to the resource group.
You need to identify which resources do NOT match the policy definitions.
What should you do?

  • A. From the Policy blade of the Azure Active Directory admin center, select Assignments.
  • B. From Azure Security Center, view the Secure Score.
  • C. From Azure Security Center, view the Regulatory compliance assessment.
  • D. From the Policy blade of the Azure Active Directory admin center, select Compliance.

正解:D

解説:
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/how-to/get-compliance-data#portal


質問 # 157
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
An administrator named Admin1 has access to the following identities:
* An OpenID-enabled user account
* A Hotmail account
* An account in contoso.com
* An account in an Azure AD tenant named fabrikam.com
You plan to use Azure Account Center to transfer the ownership of Sub1 to Admin1.
To which accounts can you transfer the ownership of Sub1?

  • A. contoso.com, fabrikam.com, and Hotmail only
  • B. contoso.com and fabrikam.com only
  • C. contoso.com only
  • D. contoso.com, fabrikam.com, Hotmail, and OpenID-enabled user account

正解:B

解説:
Section: [none]
Explanation:
When you transfer billing ownership of your subscription to an account in another Azure AD tenant, you can move the subscription to the new account's tenant. If you do so, all users, groups, or service principals who had role based access (RBAC) to manage subscriptions and its resources lose their access. Only the user in the new account who accepts your transfer request will have access to manage the resources.
Reference:
https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer
https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer#transferring-subscription-to-an- account-in-another-azure-ad-tenant


質問 # 158
You have an Azure subscription that contains the resources shown in the following table.

Transparent Data Encryption (TDE) is disabled on SQL1.
You assign polices to the resource groups as shown in the following table.

You plan to deploy Azure SQL databases by using an Azure Resource Manager (ARM) template. The databases will be configured as shown in the following table.
NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 159
You have an Azure subscription that contains the following resources:
* A network virtual appliance (NVA) that runs non-Microsoft firewall software and routes all outbound traffic from the virtual machines to the internet
* An Azure function that contains a script to manage the firewall rules of the NVA
* Azure Security Center standard tier enabled for all virtual machines
* An Azure Sentinel workspace
* 30 virtual machines
You need to ensure that when a high-priority alert is generated in Security Center for a virtual machine, an incident is created in Azure Sentinel and then a script is initiated to configure a firewall rule for the NVA.
How should you configure Azure Sentinel to meet the requirements? To answer, drag the appropriate components to the correct requirements. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

正解:

解説:
Explanation

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/create-incidents-from-alerts
https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-security-center


質問 # 160
SIMULATION
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username: [email protected]
Azure Password: Ag1Bh9!#Bd
The following information is for technical support purposes only:
Lab Instance: 10598168




You need to email an alert to a user named [email protected] if the average CPU usage of a virtual machine named VM1 is greater than 70 percent for a period of 15 minutes.
To complete this task, sign in to the Azure portal.

  • A. Create an alert rule on a metric with the Azure portal
    1. In the portal, locate the resource, here VM1, you are interested in monitoring and select it.
    2. Select Alerts (Classic) under the MONITORING section. The text and icon may vary slightly for different resources.
    3. Select the Add metric alert (classic) button and fill in the fields as per below, and click OK.
    Metric: CPU Percentage
    Condition: Greater than
    Period: Over last 15 minutes
    Notify via: email
    Additional administrator email(s): [email protected]
  • B. Create an alert rule on a metric with the Azure portal
    1. In the portal, locate the resource, here VM1, you are interested in monitoring and select it.
    2. Select Alerts (Classic) under the MONITORING section. The text and icon may vary slightly for different resources.
    3. Select the Add metric alert (classic) button and fill in the fields as per below, and click OK.
    Metric: CPU Percentage
    Condition: Greater than
    Period: Over last 15 minutes
    Notify via: email
    Additional administrator email(s): [email protected]

正解:B

解説:
Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-insights-alerts-portal


質問 # 161
You have a hybrid configuration of Azure Active Directory (Azure AD).
All users have computers that run Windows 10 and are hybrid Azure AD joined.
You have an Azure SQL database that is configured to support Azure AD authentication.
Database developers must connect to the SQL database by using Microsoft SQL Server Management Studio (SSMS) and authenticate by using their on-premises Active Directory account.
You need to tell the developers which authentication method to use to connect to the SQL database from SSMS. The solution must minimize authentication prompts.
Which authentication method should you instruct the developers to use?

  • A. Active Directory - Integrated
  • B. SQL Login
  • C. Active Directory - Universal with MFA support
  • D. Active Directory - Password

正解:A

解説:
Explanation
Azure AD can be the initial Azure AD managed domain. Azure AD can also be an on-premises Active Directory Domain Services that is federated with the Azure AD.
Using an Azure AD identity to connect using SSMS or SSDT
The following procedures show you how to connect to a SQL database with an Azure AD identity using SQL Server Management Studio or SQL Server Database Tools.
Active Directory integrated authentication
Use this method if you are logged in to Windows using your Azure Active Directory credentials from a federated domain.
1. Start Management Studio or Data Tools and in the Connect to Server (or Connect to Database Engine) dialog box, in the Authentication box, select Active Directory - Integrated. No password is needed or can be entered because your existing credentials will be presented for the connection.

2. Select the Options button, and on the Connection Properties page, in the Connect to database box, type the name of the user database you want to connect to. (The AD domain name or tenant ID" option is only supported for Universal with MFA connection options, otherwise it is greyed out.) References:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/sql-database/sql-database-aad-authentication-c


質問 # 162
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
The User administrator role is assigned to a user named Admin1.
An external partner has a Microsoft account that uses the [email protected] sign in.
Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: "Unable to invite user [email protected] Generic authorization exception." You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.
What should you do?

  • A. From the Organizational relationships blade, add an identity provider.
  • B. From the Custom domain names blade, add a custom domain.
  • C. From the Users blade, modify the External collaboration settings.
  • D. From the Roles and administrators blade, assign the Security administrator role to Admin1.

正解:C

解説:
You need to allow guest invitations in the External collaboration settings.


質問 # 163
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username: [email protected]
Azure Password: Ag1Bh9!#Bd
The following information is for technical support purposes only:
Lab Instance: 10598168




You need to collect all the audit failure data from the security log of a virtual machine named VM1 to an Azure Storage account.
To complete this task, sign in to the Azure portal.
This task might take several minutes to complete You can perform other tasks while the task completes.
See the explanation below.

正解:

解説:
Explanation
Step 1: Create a workspace
Azure Monitor can collect data directly from your Azure virtual machines into a Log Analytics workspace for detailed analysis and correlation.
1. In the Azure portal, select All services. In the list of resources, type Log Analytics. As you begin typing, the list filters based on your input. Select Log Analytics workspaces.

2. Select Create, and then select choices for the following items:

3. After providing the required information on the Log Analytics workspace pane, select OK.
While the information is verified and the workspace is created, you can track its progress under Notifications from the menu.
Step 2: Enable the Log Analytics VM Extension
Installing the Log Analytics VM extension for Windows and Linux allows Azure Monitor to collect data from your Azure VMs.
1. In the Azure portal, select All services found in the upper left-hand corner. In the list of resources, type Log Analytics. As you begin typing, the list filters based on your input. Select Log Analytics workspaces.
2. In your list of Log Analytics workspaces, select DefaultWorkspace (the name you created in step 1).
3. On the left-hand menu, under Workspace Data Sources, select Virtual machines.
4. In the list of Virtual machines, select a virtual machine you want to install the agent on. Notice that the Log Analytics connection status for the VM indicates that it is Not connected.
5. In the details for your virtual machine, select Connect. The agent is automatically installed and configured for your Log Analytics workspace. This process takes a few minutes, during which time the Status shows Connecting.
After you install and connect the agent, the Log Analytics connection status will be updated with This workspace.
Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-azurevm


質問 # 164
You have an Azure subscription named Sub1.
You create a virtual network that contains one subnet. On the subnet, you provision the virtual machines shown in the following table.

Currently, you have not provisioned any network security groups (NSGs).
You need to implement network security to meet the following requirements:
Allow traffic to VM4 from VM3 only.
Allow traffic from the Internet to VM1 and VM2 only.
Minimize the number of NSGs and network security rules.
How many NSGs and network security rules should you create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview


質問 # 165
You have an Azure subscription named Sub1. Sub1 has an Azure Storage account named Storage1 that contains the resources shown in the following table.

You generate a shared access signature (SAS) to connect to the blob service and the file service.
Which tool can you use to access the contents in Container1 and Share! by using the SAS? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 166
You have Azure Resource Manager templates that you use to deploy Azure virtual machines.
You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.
What should you use?

  • A. device compliance policies in Microsoft Intune
  • B. application security groups
  • C. Azure Advisor
  • D. Azure Automation State Configuration

正解:D

解説:
You can use Azure Automation State Configuration to manage Azure VMs (both Classic and Resource Manager),on-premises VMs, Linux machines, AWS VMs, and on-premises physical machines. Note: Azure Automation State Configuration provides a DSC pull server similar to the Windows Feature DSC Service so that target nodes automatically receive configurations, conform to the desired state, and report back on their compliance. The built-in pull server in Azure Automation eliminates the need to set up and maintain your own pull server. Azure Automation can target virtual or physical Windows or Linux machines, in the cloud or on- premises.


質問 # 167
You have a file named File1.yaml that contains the following contents.

You create an Azure container instance named container1 by using File1.yaml.
You need to identify where you can access the values of Variable1 and Variable2.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/container-instances/container-instances-environment-variables


質問 # 168
Which virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources


質問 # 169
You create resources in an Azure subscription as shown in the following table.

VNET1 contains two subnets named Subnet1 and Subnet2. Subnet1 has a network ID of 10.0.0.0/24. Subnet2 has a network ID of 10.1.1.0/24.
Contoso1901 is configured as shown in the exhibit. (Click the

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation

Box 1: Yes
Access from Subnet1 is allowed.
Box 2: No
No access from Subnet2 is allowed.
Box 3: Yes
Access from IP address 193.77.10.2 is allowed.


質問 # 170
You have an Azure subscription that contains the resources shown in the following table.

Transparent Data Encryption (TDE) is disabled on SQL1.
You assign policies to the resource groups as shown in the following table.

You plan to deploy Azure SQL databases by using an Azure Resource Manager (ARM) template. The databases will be configured as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects


質問 # 171
You suspect that users are attempting to sign in to resources to which they have no access.
You need to create an Azure Log Analytics query to identify failed user sign-in attempts from the last three days. The results must only show users who had more than five failed sign-in attempts.
How should you configure the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation

The following example identifies user accounts that failed to log in more than five times in the last day, and when they last attempted to log in.
let timeframe = 1d;
SecurityEvent
| where TimeGenerated > ago(1d)
| where AccountType == 'User' and EventID == 4625 // 4625 - failed log in
| summarize failed_login_attempts=count(), latest_failed_login=arg_max(TimeGenerated, Account) by Account
| where failed_login_attempts > 5
| project-away Account1
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/examples


質問 # 172
......


Microsoft AZ-500試験は、Azureクラウドサービスを扱うプロフェッショナルが、クラウド環境をセキュアにする知識やスキルを証明する重要な認定試験です。この試験に合格することで、専門知識を証明し、競争の激しい就職市場で差別化することができます。


Microsoft AZ-500試験は、Microsoft Azureの保護における候補者の知識とスキルを検証する包括的な認定です。試験に合格した候補者は、Azure Securityの専門知識を実証し、Azure Security Professionalとして認識できます。

 

有効な問題最新版を試そうAZ-500テスト解釈AZ-500有効な試験ガイド:https://jp.fast2test.com/AZ-500-premium-file.html

AZ-500実際の問題解答PDFは100%カバー率でリアル試験問題:https://drive.google.com/open?id=1-3gbYeh3AFClk-XgKxJ0hvTAePI1wIQ1


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어