There is a need to provide a contingent staff employee temporary read-only access to the contents of an Azure storage account container named “Media”. It is important to grant access while adhering to the security principle of least-privilege. What should be configured?

Generate a shared access signature (SAS) token for the container.

Set the public access level to container.

Share the container entity tag (Etag) with the contingent staff member.

When configuring an Azure File share for the business group, which of the following is true?

Azure Files can authenticate to Azure Active Directory Domain Services.

Azure Files cannot authenticate to on-premises Active Directory Domain Services.

Azure Files can use RBAC for share-level or directory/file permissions.

A SQL database administrator has recently read about SQL injection attacks. They ask what can be done to minimize the risk of this type of attack. Implementing which of the following features will help protect the database?

Data Discovery and Classification

An App Service web application uses a SQL database. Users need to authenticate to the database with their Azure AD credentials. Which of the following configuration tasks would enable this?

Create users in the each database

Create a SQL Database Administrator

Create an Azure AD Database Administrator

What type of firewall rules can be configured for an Azure SQL database?

Datacenter-level firewall rules

An organization is working with an outside agency that needs to access a virtual machine. There is a real concern about brute-force login attacks targeted at virtual machine management ports. Which of the following can be used to open the management ports for a defined time range? Select one.

ust-in-Time virtual machine access

Which of the items below would exceed the capabilities of an Azure Sentinel playbook?

A Sentinel playbook be created to handle several subscriptions at once.

A Sentinel playbook can help automate and orchestrate an incident response.

A Sentinel playbook be run manually or set to run automatically when specific alerts are triggered.

AZ-500 Assessment - 2

Authored by Managobinda Sethi

Professional Development

Used 2+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

23 questions

Show all answers

MULTIPLE CHOICE QUESTION

1 min • 1 pt

What type of disk encryption is used for Linux disks?

BitLocker

DM-Crypt

FileVault

Answer explanation

Explanation
DM-Crypt . Azure Disk Encryption is a capability that lets you encrypt your Windows and Linux IaaS VM
disks. Azure Disk Encryption uses the industry standard BitLocker feature of Windows and the `DM-Crypt`
feature of Linux to provide OS and data disk encryption to help protect and safeguard your data.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A company, with both Azure and on-premises virtual machines, needs to ensure your virtual machines are
kept up to date with security patches. Update Management is the Azure tool they will use, hopefully at
limited cost. Will Update management monitor their virtual machines for updates?

.

The Microsoft Monitoring Agent must be installed for both Windows and Linux virtual machines

on-premises.

Both the Update Management feature and the log data storage are free for the customer.

Update Management only pertains to cloud deployed virtual machines

Answer explanation

Explanation
Update Management only pertains to cloud deployed virtual machines. Update Management pertains to
virtual machines in on-premises environments, and in other cloud environments.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following recommendations from Security Center is a medium-severity recommendation for
virtual machines and servers?

Disk encryption should be applied on virtual machines.

Install endpoint protection solution on virtual machines.

System updates should be installed on your machines.

Answer explanation

Explanation
Install endpoint protection solution on virtual machines is a medium-severity recommendation.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following items should be stored in Azure Key Vault?

Secret

Links to external certificate

Identity management

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A select group of users must be able to create and delete keys in the key vault. When authenticating to
the data plane using Azure AD, what security tool should be used the authorize access at a role level to
these users?

Key vault access policies

Role-based Access Control

Azure AD authentication

Answer explanation

Explanation
Role-based Access Control. To create and delete key vaults the data plane you should grant access with
RBAC. For example, Key Vault Contributor. Using Access Policies would not give you role level control, and
does not follow least privilege rules.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of these statements best describes Azure Key Vault's authentication and authorization process?

Applications authenticate to a vault with the username and password of the lead developer and have

full access to all secrets in the vault.

Applications and users authenticate to a vault with their Azure Active Directory identities and are

authorized to perform actions on all secrets in the vault.

Applications and users authenticate to a vault with a Microsoft account and are authorized to access

specific secrets.

Answer explanation

Explanation
Authentication to Key Vault uses Azure Active Directory identities. Access policies are used to provide
authorization for actions that apply to every secret in the vault.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

What type of Managed Service Identities can be created?

Application-assigned and VM-assigned

Database-assigned and unsigned

System-assigned and User-assigned

Answer explanation

Explanation
System-assigned, user assigned. There are two types of managed identities: A system-assigned managed
identity is enabled directly on an Azure service instance. When the identity is enabled, Azure creates an
identity for the instance in the Azure AD tenant that's trusted by the subscription of the instance. Creating
an app with a user-assigned identity requires that an organization create the identity and then add its
resource identifier to the app config.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

20 questions

How much idea I have?

Quiz

•

1st Grade - Professio...

20 questions

Deaf Awareness/BSL

Quiz

•

5th Grade - Professio...

19 questions

TIG CA Revision Quiz

Quiz

•

Professional Development

20 questions

genel kültür testi EDA AYKURT

Quiz

•

Professional Development

18 questions

Combinational Logic

Quiz

•

Professional Development

20 questions

AWS Databases

Quiz

•

Professional Development

21 questions

Machinist Grinder 4th Sem - NSQF - Module 1 : Grinding operation

Quiz

•

Professional Development

20 questions

Class 3 - Review

Quiz

•

Professional Development

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

22 questions

School Wide Vocab Group 1 Master

Quiz

•

6th - 8th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

12 questions

What makes Nebraska's government unique?

Quiz

•

4th - 5th Grade

Discover more resources for Professional Development

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

20 questions

NCAA Logo Quiz

Quiz

•

Professional Development

20 questions

Easter trivia

Quiz

•

12th Grade - Professi...

AZ-500 Assessment - 2

What type of disk encryption is used for Linux disks?

A company, with both Azure and on-premises virtual machines, needs to ensure your virtual machines are
kept up to date with security patches. Update Management is the Azure tool they will use, hopefully at
limited cost. Will Update management monitor their virtual machines for updates?

.

Explanation
Update Management only pertains to cloud deployed virtual machines. Update Management pertains to
virtual machines in on-premises environments, and in other cloud environments.

Which of the following recommendations from Security Center is a medium-severity recommendation for
virtual machines and servers?

Explanation
Install endpoint protection solution on virtual machines is a medium-severity recommendation.

Which of the following items should be stored in Azure Key Vault?

A select group of users must be able to create and delete keys in the key vault. When authenticating to
the data plane using Azure AD, what security tool should be used the authorize access at a role level to
these users?

Explanation
Role-based Access Control. To create and delete key vaults the data plane you should grant access with
RBAC. For example, Key Vault Contributor. Using Access Policies would not give you role level control, and
does not follow least privilege rules.

Which of these statements best describes Azure Key Vault's authentication and authorization process?

Explanation
Authentication to Key Vault uses Azure Active Directory identities. Access policies are used to provide
authorization for actions that apply to every secret in the vault.

What type of Managed Service Identities can be created?

An App Service application stores page graphics in an Azure storage account. The app needs to authenti-
cate programmatically to the storage account, what should be configured?

Explanation
Create a managed identity. A managed identity is an Azure AD security principal that represents the
resource (app). Managed identities can be user or system managed.

There is a need to provide a contingent staff employee temporary read-only access to the contents of an
Azure storage account container named “Media”. It is important to grant access while adhering to the
security principle of least-privilege. What should be configured?

Explanation
Generate a SAS token for the container. The SAS can provide read-only access.

When configuring an Azure File share for the business group, which of the following is true?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development

AZ-500 Assessment - 2

What type of disk encryption is used for Linux disks?

A company, with both Azure and on-premises virtual machines, needs to ensure your virtual machines arekept up to date with security patches. Update Management is the Azure tool they will use, hopefully atlimited cost. Will Update management monitor their virtual machines for updates?.

ExplanationUpdate Management only pertains to cloud deployed virtual machines. Update Management pertains tovirtual machines in on-premises environments, and in other cloud environments.

Which of the following recommendations from Security Center is a medium-severity recommendation forvirtual machines and servers?

ExplanationInstall endpoint protection solution on virtual machines is a medium-severity recommendation.

Which of the following items should be stored in Azure Key Vault?

A select group of users must be able to create and delete keys in the key vault. When authenticating tothe data plane using Azure AD, what security tool should be used the authorize access at a role level tothese users?

ExplanationRole-based Access Control. To create and delete key vaults the data plane you should grant access withRBAC. For example, Key Vault Contributor. Using Access Policies would not give you role level control, anddoes not follow least privilege rules.

Which of these statements best describes Azure Key Vault's authentication and authorization process?

ExplanationAuthentication to Key Vault uses Azure Active Directory identities. Access policies are used to provideauthorization for actions that apply to every secret in the vault.

What type of Managed Service Identities can be created?

An App Service application stores page graphics in an Azure storage account. The app needs to authenti-cate programmatically to the storage account, what should be configured?

ExplanationCreate a managed identity. A managed identity is an Azure AD security principal that represents theresource (app). Managed identities can be user or system managed.

There is a need to provide a contingent staff employee temporary read-only access to the contents of anAzure storage account container named “Media”. It is important to grant access while adhering to thesecurity principle of least-privilege. What should be configured?

ExplanationGenerate a SAS token for the container. The SAS can provide read-only access.

When configuring an Azure File share for the business group, which of the following is true?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development

What type of disk encryption is used for Linux disks?

A company, with both Azure and on-premises virtual machines, needs to ensure your virtual machines are
kept up to date with security patches. Update Management is the Azure tool they will use, hopefully at
limited cost. Will Update management monitor their virtual machines for updates?

.

Explanation
Update Management only pertains to cloud deployed virtual machines. Update Management pertains to
virtual machines in on-premises environments, and in other cloud environments.

Which of the following recommendations from Security Center is a medium-severity recommendation for
virtual machines and servers?

Explanation
Install endpoint protection solution on virtual machines is a medium-severity recommendation.

A select group of users must be able to create and delete keys in the key vault. When authenticating to
the data plane using Azure AD, what security tool should be used the authorize access at a role level to
these users?

Explanation
Role-based Access Control. To create and delete key vaults the data plane you should grant access with
RBAC. For example, Key Vault Contributor. Using Access Policies would not give you role level control, and
does not follow least privilege rules.

Which of these statements best describes Azure Key Vault's authentication and authorization process?

Explanation
Authentication to Key Vault uses Azure Active Directory identities. Access policies are used to provide
authorization for actions that apply to every secret in the vault.

What type of Managed Service Identities can be created?

An App Service application stores page graphics in an Azure storage account. The app needs to authenti-
cate programmatically to the storage account, what should be configured?

Explanation
Create a managed identity. A managed identity is an Azure AD security principal that represents the
resource (app). Managed identities can be user or system managed.

There is a need to provide a contingent staff employee temporary read-only access to the contents of an
Azure storage account container named “Media”. It is important to grant access while adhering to the
security principle of least-privilege. What should be configured?

Explanation
Generate a SAS token for the container. The SAS can provide read-only access.