Microsoft AZ-500 Quiz 24 Topic 1 Questions 116-120

Question: 1

You have an Azure subscription that contains a

You need to grant user1 access to blob1. The solution must ensure that the access expires after six days.

What should you use?

Aa shared access policy

Ba shared access signature (SAS)

Crole-based access control (RBAC)

Da managed identity

Show Answer

Question: 2

You have an Azure Active Din-dory (Azure AD) tenant named contoso.com that contains a user named User1.

You plan to publish several apps in the tenant.

You need to ensure that User1 can grant admin consent for the published apps.

Which two possible user roles can you assign to User! to achieve this goal? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

AApplication developer

BSecurity administrator

CApplication administrator

DUser administrator

ECloud application administrator

Show Answer

Question: 3

You have an Azure subscription that contains a Microsoft Defender External Attack Surface Management (Defender EASM) resource named EASM1. EASM1 has discovery enabled and contains several inventory assets.

You need to identify which inventory assets are vulnerable to the most critical web app security risks.

Which Defender EASM dashboard should you use?

AAttack Surface Summary

BGDPRCompliance

CSecurity Posture

DOWASPToplO

Show Answer

Question: 4

SIMULATION

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: User1-10598168@ExamUsers.com

Azure Password: Ag1Bh9!#Bd

The following information is for technical support purposes only:

Lab Instance: 10598168

q4_AZ-500

You need to perform the following tasks:

*Ensure that App10598168 is registered to Azure Active Directory (Azure AD).

*Generate a password for App10598168.

To complete this task, sign in to the Azure portal.

AStep 1: Register the Application
1. Sign in to your Azure Account through the Azure portal.
2. Select Azure Active Directory.
3. Select App registrations.
4. Select New registration.

6. Click Register
Step 2: Create a new application secret
If you choose not to use a certificate, you can create a new application secret.
7 Select Certificates & secrets.
8. Select Client secrets -> New client secret.
9. Provide a description of the secret, and a duration. When done, select Add.
After saving the client secret, the value of the client secret is displayed. Copy this value because you aren't able to retrieve the key later. You provide the key value with the application ID to sign in as the application. Store the key value where your application can retrieve it.

BStep 1: Register the Application
1. Sign in to your Azure Account through the Azure portal.
2. Select Azure Active Directory.
3. Select App registrations.
4. Select New registration.
5. Name the application App10598168 . Select a supported account type, which determines who can use the application. Under Redirect URI, select Web for the type of application you want to create. Enter the URI: https://www.contoso.com , where the access token is sent to.
6. Click Register
Step 2: Create a new application secret
If you choose not to use a certificate, you can create a new application secret.
7 Select Certificates & secrets.
8. Select Client secrets -> New client secret.
9. Provide a description of the secret, and a duration. When done, select Add.
After saving the client secret, the value of the client secret is displayed. Copy this value because you aren't able to retrieve the key later. You provide the key value with the application ID to sign in as the application. Store the key value where your application can retrieve it.

Show Answer

Question: 5

SIMULATION

You need to ensure that the events in the NetworkSecurityGroupRuleCounter log of the VNET01-Subnet0-NSG network security group (NSG) are stored in the logs11597200 Azure Storage account for 30 days.

AYou need to configure the diagnostic logging for the NetworkSecurityGroupRuleCounter log.
* In the Azure portal, type Network Security Groups in the search box, select Network Security Groups from the search results then select VNET01-Subnet0-NSG. Alternatively, browse to Network Security Groups in the left navigation pane.
* In the properties of the Network Security Group, click on Diagnostic Settings.
* Click on the Add diagnostic setting link.
* Provide a name in the Diagnostic settings name field. It doesn't matter what name you provide for the exam.
* In the Log section, select NetworkSecurityGroupRuleCounter.
* Click the Save button to save the changes.

BYou need to configure the diagnostic logging for the NetworkSecurityGroupRuleCounter log.
* In the Azure portal, type Network Security Groups in the search box, select Network Security Groups from the search results then select VNET01-Subnet0-NSG. Alternatively, browse to Network Security Groups in the left navigation pane.
* In the properties of the Network Security Group, click on Diagnostic Settings.
* Click on the Add diagnostic setting link.
* Provide a name in the Diagnostic settings name field. It doesn't matter what name you provide for the exam.
* In the Log section, select NetworkSecurityGroupRuleCounter.
* In the Destination details section, select Archive to a storage account.
* In the Storage account field, select the logs11597200 storage account.
* In the Retention (days) field, enter 30.
* Click the Save button to save the changes.

Show Answer

Microsoft AZ-500 Quiz:24 Topic:1 Questions:116-120