Microsoft Azure Security Practice Test Questions
Microsoft has launched its first every security certification in 2019 in the month of March! This training test course is intended to help you in your excursion to acquire the Azure Security Engineer Associate Certification. The objectives of this practice test with the exam objectives of the AZ-500 exam.
This testing course has 6 timed tests. This means 280 questions to evaluate how prepared and ready you are for the actual test. Not at all like other practice tests, here you are offered access to these questions for good. With no time constraint in your hand. You can take the tests the same number of times as you wish to. Isn’t this cool?
Each of these 6 timed test consists of 40+ questions, through which you'll be coordinated and reviewed on your results. This is a decent method to evaluate how prepared you are for the actual test.!
The exams are designed simply like real tests. In this blog, we are restricted in the kind of questions we can list down, so this test will be MCQ’s based just like the real exam. In any case, we're sure that you will be fairly examined on your insight into Azure Architecture subsequent to appearing for this exam.
The MS AZ-500 certification exam tests and approves a candidate’s ability at executing security controls, and maintaining security, and access, protections, and identity in Microsoft Azure. In the event that you take the AZ-500 Microsoft Azure Security Technologies exam, you will acquire the Microsoft Certified: Azure Security Engineer Associate certification.
Applicants for this exam are Microsoft Azure security engineers who actualize security controls, maintain the security act, manage access and identity, and ensures data security, applications, and networks. These candidates distinguish and remediate weaknesses by utilizing an assortment of security tools, executes threat protection, and reacts to security incident escalations accordingly. As a Microsoft Azure security engineer, applicants frequently fill in as a major aspect of a bigger group committed to cloud-based services and security and may likewise make sure about hybrid environments as part of an end-to-end infrastructure.
Applicants for this exam ought to have solid abilities in automation and scripting, a profound comprehension of networking, virtualization, and cloud N-level architecture, and a solid recognition with cloud capacities, Microsoft Azure products, and services as well as other Microsoft products and services.
The MS AZ-500 certification exam is the primary security certification from Microsoft. Getting that Azure Security Engineer certification is a definitive verification of your ability in Azure. An ideal tool to survey your availability, and locate those a couple of spots that you can concentrate in the prior days stepping through the exam.
The practice test targets the following areas:
* Implement platform protection (15-20%)
* Secure data and applications (20-25%)
* Manage security operations (25-30%)
* Manage identity and access (30-35%)
This practice test includes questions that have a similar weighting as the actual exam.
Start your 30-day FREE TRIAL with InfoSecAcademy.io and start your certification journey in Microsoft Azure today!
Who This Course Is Intended For?
- Senior technical individuals with an introduction to Azure
- Those keen on breezing through the Azure AZ-500 exam
- Security teams who need to become familiar with executing cloud security solutions
Microsoft Azure Security Practice Test Questions
In this blog, we have listed a few practice questions for your MS Azure Security Training certification. We hope this helps you with your preparation.
1- Suppose that you have to meet the identity and access requirements for Group1.What will you do?
- Add a membership rule to Group1.
- Modify the membership rule of Group1.
- Change the membership type of Group1 to Assigned. Create two groups that have dynamic memberships. Add the new groups to Group1.
- Delete Group1. Create a new group named Group1 that has a membership type of Office 365. Add users and devices to the group.
2- Suppose that you have to guarantee that User2 can execute PIM. What will be your first step?
- Assign User2 the Global administrator role.
- Configure the identity secure score for contoso.com.
- Configure authentication methods for contoso.com.
- Enable multi-factor authentication (MFA) for User2.
3- Suppose that your network has an on-premises Active Directory domain with the name corp.contoso.com. You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.You sync all on-premises identities to Azure AD.
You have to forestall clients who have a givenName attribute that starts with TEST from being synced to Azure AD. The solution must minimize administrative effort. What would it be a good idea for you to use?
- Web Service Configuration Tool
- Synchronization Rules Editor
- Active Directory Users and Computers
- The Azure AD Connect wizard
5- Suppose that you have an Azure subscription. You make an Azure web application named Contoso1812 that utilizes a S1 App administration plan. You make a DNS record for contoso.com that focuses on the Contoso1812’s IP address. You have to guarantee that clients can get to Contoso1812 by utilizing the URL of contoso.com. Which two activities would it be a good idea for you to perform? Each right answer presents part of the solution. Each right answer is worth one point.
- Scale out the App Service plan of Contoso1812.
- Scale up the App Service plan of Contoso1812.
- Turn on the system-assigned managed identity for Contoso1812.
- Add a deployment slot to Contoso1812.
- Add a hostname to Contoso1812.
6- Suppose that your company has an Azure subscription named Sub1 that is related to an Azure Active Directory (Azure AD) occupant named contoso.com. The organization builds up a mobile application named App1. App1 utilizes the OAuth 2 implicit grant type to obtain Azure AD access tokens. You have to enlist App1 in Azure AD. What data would it be a good idea for you to obtain from the engineer to enlist the application?
- an application ID
- a key
- a reply URL
- a redirect URI
7- Suppose that you use Azure Security Center for the centralized policy management of three Azure subscriptions. You use several policy definitions to manage the security of the subscriptions. You need to deploy the policy definitions as a group to all three subscriptions. Solution: You create a policy definition and assignments that are scoped to resource groups. Does this meet the goal?
- Correct
- Incorrect
Read more: Introduction to Azure Security for developers
8- Suppose that you have a hybrid configuration of Azure Active Directory (Azure AD). You have an Azure HDInsight cluster on a virtual network. You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials. You need to configure the environment to support the planned authentication. Solution: You deploy the On-premises data gateway to the on-premises network. Does this meet the goal?
- Correct
- Incorrect
9- Suppose that you have an Azure subscription named Sub1. You have an Azure Storage account named Sa1 in a resource group named RG1. Users and applications access the blob service and the file service in Sa1 by using several shared access signatures (SASs) and stored access policies. You discover that unauthorized users accessed both the file service and the blob service. You need to revoke all access to Sa1. Solution: You create a lock on Sa1. Does this meet the goal?
- Incorrect
- Correct
10- Suppose that you have an Azure subscription named Sub1 that contains an Azure Log Analytics workspace named LAW1.You have 100 on-premises servers that run Windows Server 2012 R2 and Windows Server 2016. The servers connect to LAW1. LAW1 is configured to collect security-related performance counters from the connected servers. You need to configure alerts based on the data collected by LAW1. The solution must meet the following requirements:
- Alert rules must support dimensions.
- Alert notifications must be generated only once when the alert is generated and once when the alert is resolved.
- The time it takes to generate an alert must be minimized.
11- Which signal type should you use when you create the alert rules?
- Activity Log
- Metric
- Log (Saved Query)
- Log
12- Suppose that you are configuring an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry. You need to use the auto-generated service principal to authenticate to the Azure Container Registry. What should you create?
- An Azure Active Directory (Azure AD) user
- A secret in Azure Key Vault
- An Azure Active Directory (Azure AD) role assignment
- An Azure Active Directory (Azure AD) group
13- Suppose that your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. The company develops an application named App1. App1 is registered in Azure AD. You need to ensure that App1 can access secrets in Azure Key Vault on behalf of the application users. What should you configure?
- An application permission without admin consent
- A delegated permission without admin consent
- A delegated permission that requires admin consent
- An application permission that requires admin consent
14- Suppose that you have a hybrid configuration of Azure Active Directory (Azure AD). You have an Azure HDInsight cluster on a virtual network. You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials. You need to configure the environment to support the planned authentication. Solution: You create a site-to-site VPN between the virtual network and the on-premises network. Does this meet the goal?
- Correct
- Incorrect
15- Suppose that you use Azure Security Center for the centralized policy management of three Azure subscriptions. You use several policy definitions to manage the security of the subscriptions. You need to deploy the policy definitions as a group to all three subscriptions. Solution: You create a resource graph and an assignment that is scoped to a management group. Does this meet the goal?
- Incorrect
- Correct
16- Suppose that you have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. You are assigned the Global administrator role for the tenant. You are responsible for managing Azure Security Center settings. You need to create a custom sensitivity label. What should you do first?
- Create a custom sensitive information type.
- Change Azure Security Center to use Standard-tier-pricing.
- Elevate access for global administrators in Azure AD.
- Enable integration with Microsoft Cloud App Security.
17- A company deploys resources into a single Azure subscription. The company's production resources are created in a resource group named production-rg and development resources in a resource group named development-rg. The development team is assigned the Contributor role to the development-rg resource group. They regularly make configuration changes to its resources as part of their testing using the Azure portal, PowerShell, and Azure CLI. You need to ensure that the existing resources in development-rg are not deleted by any users while still allowing the development team to continue working.
- Remove the development team from the Contributor role and assign them the Reader role on the development-rg resource group.
- Create a ReadOnly lock on the development-rg resource group.
- Create a custom role that contains the "Microsoft.Compute/virtualMachines/delete" operation in the NotActions property. Assign the role to the development-rg resource group and the development team.
- Create a CanNotDelete lock on the development-rg resource group.
18- You are the Azure administrator for your company. Your company uses a third-party email scanning system that scans email before it enters or leaves Microsoft Office 365. The solution supports single sign-on (SSO) and has advanced mail scanning, reporting, and quarantine features. The third-party email scanning system has a recipient verification feature that connects to the tenant directory via a non-interactive Azure enterprise app. The application verifies the sending email address before allowing the email to be sent. You need to verify what permissions are configured on the Azure enterprise app. Which two actions should you perform? Each correct answer presents part of the solution.
- Verify that the correct User and Admin consent permissions are configured.
- Verify that only the correct Admin consent permissions are configured.
- Review the Enterprise Application in Azure Active Directory.
- Review the Enterprise Application in Security Center.
We hope you find this article informative. To ensure 100% success in the real test, enroll yourself in Microsoft azure security training now.
Talk to our experts for more detailed discussion and make an informed decision for your next career move.