Scribd
Upload
100 views12 pages

AZ-500 Exam Q&As: Azure AD Scenarios

Uploaded by

Prasenjit Paul
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
100 views12 pages

AZ-500 Exam Q&As: Azure AD Scenarios

Uploaded by

Prasenjit Paul
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

AZ-500 Exam - Free Actual Q&As, Page 12 | ExamTopics 21/10/2024, 4:07 PM

- Expert Veri,ed, Online, Free.

 Custom View Settings

Question #68 Topic 2

HOTSPOT -
You have an Azure subscription that contains the resources shown in the following table.

Name Type Resourcegroup Location


RG1 Resourcegroup Notapplicable WestUS
Managed1 Managedidentity RG1 WestUS
The subscription is linked to an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

You create the groups shown in the following table.

The membership rules for Group1 and Group2 are con,gured as shown in the following exhibit.

[Link] Page 1 of 12
AZ-500 Exam - Free Actual Q&As, Page 12 | ExamTopics 21/10/2024, 4:07 PM

Dynamicmembershiprules

lalSaveXDiscard|Gotfeedback?

ConfigureRules ValidateRules(Preview)

Youcanusetherulebuilderorrulesyntaxtextboxtocreateoreditadynamic
membershiprule.•Learnmore

And/Or Property Operator Value

accountEnabled Equals true

Or •usageLocation~Equals US

+Addexpression+GetcustomextensionpropertiesO
Rulesyntax •Edit
([Link]-egtrue)or([Link]-eq"US")

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
AnswerArea

Statements Yes No

User1isamemberofGroup1andGroup2.
User2isamemberofGroup2only.
Managed1isamemberofGroup1andGroup2.
Correct Answer:

Reference:

[Link] Page 2 of 12
AZ-500 Exam - Free Actual Q&As, Page 12 | ExamTopics 21/10/2024, 4:07 PM

[Link]
Question #69 Topic 2

You have a Microsoft 365 tenant that uses an Azure Active Directory (Azure AD) tenant. The Azure AD tenant syncs to an on-premises Active
Directory domain by using an instance of Azure AD Connect.
You create a new Azure subscription.
You discover that the synced on-premises user accounts cannot be assigned roles in the new subscription.
You need to ensure that you can assign Azure and Microsoft 365 roles to the synced Azure AD user accounts.
What should you do ,st?

A. Con,gure the Azure AD tenant used by the new subscription to use pass-through authentication.

B. Con,gure the Azure AD tenant used by the new subscription to use federated authentication.

C. Change the Azure AD tenant used by the new subscription. Most Voted

D. Con,gure a second instance of Azure AD Connect.

Correct Answer: C

Community vote distribution


C (100%)

Question #70 Topic 2

You have an Azure subscription that contains an app named App1. App1 has the app registration shown in the following table.

API Permission Туре Admin Status


consent
required
[Link] Delegated No None
[Link] [Link] Delegated No None
You need to ensure that App1 can read all user calendars and create appointments. The solution must use the principle of least privilege.
What should you do?

A. Add a new Delegated API permission for [Link] [Link].

B. Add a new Application API permission for [Link] [Link]. Most Voted

C. Select Grant admin consent.

D. Add new Delegated API permission for [Link] [Link].

Correct Answer: B

Community vote distribution


B (69%) A (31%)

[Link] Page 3 of 12
AZ-500 Exam - Free Actual Q&As, Page 12 | ExamTopics 21/10/2024, 4:07 PM

Question #71 Topic 2

HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

You create and enforce an Azure AD Identity Protection sign-in risk policy that has the following settings:
✑ Assignments: Include Group1, exclude Group2
✑ Conditions: Sign-in risk level: Low and above
✑ Access: Allow access, Require multi-factor authentication
You need to identify what occurs when the users sign in to Azure AD.
What should you identify for each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AnswerArea

WhenUser1signsinfromananonymousIPaddress,
theuserwill:
Beblocked
BepromptedforMFA
Signinbyusingausernameandpasswordonly

WhenUser2signsinfromanunfamiliarlocation,
theuserwill:
Beblocked
BepromptedforMFA
Signinbyusingausernameandpasswordonly

Correct Answer:

Reference:
[Link] [Link]
us/azure/active-directory/identity-protection/concept-identity-protection-policies [Link]
directory/identity-protection/concept-identity-protection-risks

Question #72 Topic 2

HOTSPOT -

[Link] Page 4 of 12
AZ-500 Exam - Free Actual Q&As, Page 12 | ExamTopics 21/10/2024, 4:07 PM

You have an Azure subscription that contains an Azure SQL database named SQL1.
You plan to deploy a web app named App1.
You need to provide App1 with read and write access to SQL1. The solution must meet the following requirements:
✑ Provide App1 with access to SQL1 without storing a password.
✑ Use the principle of least privilege.
✑ Minimize administrative effort.
Which type of account should App1 use to access SQL1, and which database roles should you assign to App1? To answer, select the appropriate
options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answerarea

Accounttype:

AzureActiveDirectoryUser

Managedidentity
ServicePrincipal

Roles:
db_datawriteronly
do_datareaderanddo_datawriter
db_owneronly

Correct Answer:

Reference:

[Link] Page 5 of 12
AZ-500 Exam - Free Actual Q&As, Page 12 | ExamTopics 21/10/2024, 4:07 PM

[Link]

Question #73 Topic 2

HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant that contains two users named User1 and User2 and a registered app named App1.
You create an app-speci,c role named Role1.
You need to assign Role1 to User1 and enable User2 to request access to App1.
Which two settings should you modify? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

AnswerArea

App1|Overview
EnterpriseApplication

#Overview

lIDeploymentPlan

Manage

IllProperties
84Owners|

8,Rolesandadministrators(Preview)

84Usersandgroups

→Singlesign-on|

& Provisioning

#Applicationproxy
•Self-serviceI

Security

-ConditionalAccessI

iPermissions

•Tokenencryption

[Link] Page 6 of 12
AZ-500 Exam - Free Actual Q&As, Page 12 | ExamTopics 21/10/2024, 4:07 PM

Correct Answer:

Box 1: Roles and administrators -


Here you will ,nd Role1 and be able to assign User1 to the role.

Box 2: Self Service -


Under Self Service, there is an option to ‫ג‬€Allow users to request access to this application‫ג‬€.

[Link] Page 7 of 12
AZ-500 Exam - Free Actual Q&As, Page 12 | ExamTopics 21/10/2024, 4:07 PM

Question #74 Topic 2

You have an Azure subscription that contains the resources shown in the following table.

You plan to deploy the virtual machines shown in the following table.

You need to assign managed identities to the virtual machines. The solution must meet the following requirements:
✑ Assign each virtual machine the required roles.
✑ Use the principle of least privilege.
What is the minimum number of managed identities required?

A. 1

B. 2 Most Voted

C. 3

D. 4

Correct Answer: B

Community vote distribution


B (86%) 14%

[Link] Page 8 of 12
AZ-500 Exam - Free Actual Q&As, Page 12 | ExamTopics 21/10/2024, 4:07 PM

Question #75 Topic 2

SIMULATION -
You need to ensure that a user named user2-12345678 can manage the properties of the virtual machines in the RG1lod12345678 resource group.
The solution must use the principle of least privilege.
To complete this task, sign in to the Azure portal.

Correct Answer: See the explanation below.


1. Sign in to the Azure portal.
2. Browse to Resource Groups.
3. Select the RG1lod12345678 resource group.
4. Select Access control (IAM).
5. Select Add > role assignment.
6. Select Virtual Machine Contributor (you can ,lter the list of available roles by typing 'virtual' in the search box) then click Next.
7. Select the +Select members option and select user2-12345678 then click the Select button.
8. Click the Review + assign button twice.
Reference:
[Link]

Question #76 Topic 2

SIMULATION -
You need to create a new Azure Active Directory (Azure AD) directory named [Link]. The new directory must contain a new
user named user1@[Link].
To complete this task, sign in to the Azure portal.

Correct Answer: See the explanation below.


The ,rst step is to create the Azure Active Directory tenant.
1. Sign in to the Azure portal.
2. From the Azure portal menu, select Azure Active Directory.
3. On the overview page, select Manage tenants.
4. Select +Create.
5. On the Basics tab, select Azure Active Directory.
6. Select Next: Con,guration to move on to the Con,guration tab.
7. For Organization name, enter 12345678.
8. For the Initial domain name, enter 12345678.
9. Leave the Country/Region as the default.
The next step is to create the user.
1. From the Azure portal menu, select Azure Active Directory.
2. Select Users then select New user.
3. Enter User1 in the User name and Name ,elds.
4. Leave the default option of Auto-generate password.
5. Click the Create button.
Reference:
[Link]
[Link]

[Link] Page 9 of 12
AZ-500 Exam - Free Actual Q&As, Page 12 | ExamTopics 21/10/2024, 4:07 PM

Question #77 Topic 2

HOTSPOT -
You have an Azure subscription that contains a resource group named RG1. RG1 contains a storage account named storage1.
You have two custom Azure roles named Role1 and Role2 that are scoped to RG1.
The permissions for Role1 are shown in the following JSON code.

"permissions":[

"actions":[
"[Link]/storageAccounts/listKeys/action"
"MicrosoftStorage/storageAccounts/ListAccountSas/act
"[Link]/storageAccounts/read"
],
"notActions":[],
"dataActions":[],
"notDataActions":[]
}
The permissions for]Role2 are shown in the following JSON code.

"permissions":[

"actions":[
"[Link]/*/read",
"[Link]/alertRules/**
"[Link]/diagnosticSettings/*",
[Link]/virtualNetworks/subnets/joinViaServiceEndpoint/a
"[Link]/availabilityStatuses/read",
"[Link]/deployments/*",
"MicrosoftResources/subscriptions/resourceGroups/read",
"MicrosoftStorage/storageAccounts/*",
"[Link]/*"
],
"notActions":[],
"dataActions":[],
"notDataActions":[]
You assign the roles to }the users shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

[Link] Page 10 of 12
AZ-500 Exam - Free Actual Q&As, Page 12 | ExamTopics 21/10/2024, 4:07 PM

NOTE: Each correct selection is worth one point.


Hot Area:

AnswerArea

Statements Yes No

Usercanreaddatainstorage1.

User2canreaddatainstorage1.

Usercanrestorestoragefromabackup
inAzureBackup.
Correct Answer:

Reference:
[Link]

[Link] Page 11 of 12
AZ-500 Exam - Free Actual Q&As, Page 12 | ExamTopics 21/10/2024, 4:07 PM

 Previous Questions Next Questions 

Get IT Certi*cation
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!

Start Learning for free

[Link] Page 12 of 12

You might also like