Valid AZ-500 Dumps shared by PassLeader for Helping Passing AZ-500 Exam! PassLeader now offer the newest AZ-500 VCE dumps and AZ-500 PDF dumps, the PassLeader AZ-500 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader AZ-500 dumps with VCE and PDF here: https://www.passleader.com/az-500.html (531 Q&As Dumps)
BTW, DOWNLOAD part of PassLeader AZ-500 dumps from Cloud Storage: https://drive.google.com/open?id=1CnqNGckypCByp19q05gCYQD-Qai7gnHt
NEW QUESTION 501
You have a Microsoft Entra tenant named Contoso.com and an Azure Kubernetes Service (AKS) cluster AKS1. You discover that AKS1 cannot be accessed by using accounts from Contoso.com. You need to ensure AKS1 can be accessed by using accounts from Contoso.com. The solution must minimize administrative effort. What should you do first?
A. From Azure, recreate AKS1.
B. From AKS1, upgrade the version of Kubernetes.
C. From Microsoft Entra, add a Microsoft Entra ID P2 license.
D. From Microsoft Entra, configure the User settings.
Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration-cli
NEW QUESTION 502
You have a Microsoft Entra tenant named contoso.com. You have a partner company that has a Microsoft Entra tenant named fabrikam.com. You need to ensure that when a user in fabrikam.com attempts to access the resources in contoso.com, the user only receives a single Microsoft Entra Multi-Factor Authentication (MFA) prompt. The solution must minimize administrative effort. What should you do?
A. From the Azure portal of contoso.com, configure the inbound access default settings.
B. From the Azure portal of contoso.com, configure the External collaboration settings.
C. From the Azure portal of contoso.com, configure the outbound access default settings.
D. From the Azure portal of fabrikam.com, configure the outbound access default settings.
Answer: A
Explanation:
Trust multi-factor authentication from Microsoft Entra tenants: Select this checkbox to allow your Conditional Access policies to trust MFA claims from external organizations. During authentication, Microsoft Entra ID checks a user’s credentials for a claim that the user completed MFA. If not, an MFA challenge is initiated in the user’s home tenant.
https://learn.microsoft.com/en-us/entra/external-id/cross-tenant-access-settings-b2b-collaboration#to-change-inbound-trust-settings-for-mfa-and-device-claims
NEW QUESTION 503
You have a Microsoft Entra tenant named contoso.com. You plan to collaborate with a partner organization that has a Microsoft Entra tenant named fabrikam.com. Fabrikam.com uses the following identity providers:
– Google Cloud Platform (GCP).
– Microsoft accounts.
– Microsoft Entra ID.
You need to configure the Cross-tenant access settings for B2B collaboration. Which identity providers support cross-tenant access?
A. Microsoft Entra ID only.
B. GCP and Microsoft Entra ID only.
C. Microsoft accounts and Microsoft Entra ID only.
D. GCP, Microsoft accounts, and Microsoft Entra ID.
Answer: D
Explanation:
https://learn.microsoft.com/en-us/entra/external-id/identity-providers
NEW QUESTION 504
You have an Azure subscription that contains an Azure Data Lake Storage account named sa1. You plan to deploy an app named App1 that will access sa1 and perform operations, including Read, List, Create Directory, and Delete Directory. You need to ensure that App1 can connect securely to sa1 by using a private endpoint. What is the minimum number of private endpoints required for sa1?
A. 1
B. 2
C. 3
D. 4
E. 5
Answer: B
NEW QUESTION 505
You have an Azure subscription that contains an Azure Kubernetes Service (AKS) cluster named AKS1. You have an Azure container registry that stores container images that were deployed by using Azure DevOps Microsoft-hosted agents. You need to ensure that administrators can access AKS1 only from specific networks. The solution must minimize administrative effort. What should you configure for AKS1?
A. authorized IP address ranges
B. an Application Gateway Ingress Controller (AGIC)
C. a private endpoint
D. a private cluster
Answer: A
NEW QUESTION 506
You have an Azure subscription that uses Microsoft Defender for Cloud. You need to add a custom security recommendation to Defender for Cloud. The recommendation must be assigned the custom severity rating of the subscription. What should you create?
A. an exemption
B. an initiative definition
C. a policy definition
D. an assignment
Answer: C
Explanation:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/create-custom-recommendations
NEW QUESTION 507
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a single subnet. The subscription contains a virtual machine named VM1 that is connected to VNet1. You plan to deploy an Azure SQL managed instance named SQL1. You need to ensure that VM1 can access SQL1. Which three components should you create? (Each correct answer presents part of the solution. Choose three.)
A. a subnet
B. a network security perimeter
C. a virtual network gateway
D. a network security group (NSG)
E. a route table
Answer: ADE
Explanation:
https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/connectivity-architecture-overview?view=azuresql&tabs=current#network-requirements
NEW QUESTION 508
You have an Azure subscription that contains an Azure Key Vault Standard key vault named Vault1. Vault1 hosts a 2048-bit RSA key named key1. You need to ensure that key1 is rotated every 90 days. What should you do first?
A. Create a key rotation policy.
B. Modify the Access policies settings of Vault1.
C. Upgrade Vault1 to Key Vault Premium.
D. Recreate key1 as an EC key.
Answer: A
Explanation:
https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/key-rotation
NEW QUESTION 509
You have an Azure subscription. You plan to deploy Microsoft Defender External Attack Surface Management (Defender EASM) to identify and monitor externally facing assets. You create a new Defender EASM instance named EASM1. What should you do next?
A. Create a custom attack surface.
B. Add a Log Analytics workspace.
C. Add a discovery group.
D. Import seeds from an organization.
Answer: D
Explanation:
https://learn.microsoft.com/en-us/azure/external-attack-surface-management/what-is-discovery
NEW QUESTION 510
You have an Azure AD tenant. You need to ensure that users cannot create passwords containing a variation of the word contoso. What should you configure?
A. Microsoft Entra Verified ID
B. Microsoft Entra Identity Governance
C. Azure AD Privileged Identity Management (PIM)
D. Azure AD Password Protection
E. Azure AD Identity Protection
Answer: D
Explanation:
Azure AD Password Protection enables you to:
– Define custom password policies.
– Prevent the use of common words or patterns.
– Protect against various types of common attacks on passwords.
NEW QUESTION 511
Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure AD tenant. You plan to implement single sign-on (SSO) for Azure AD resources. You need to configure an Intranet Zone setting for all users by using a Group Policy Object (GPO). Which setting should you configure?
A. Logon options.
B. Allow updates to status bar via script.
C. Allow active scripting.
D. Access data sources across domains.
Answer: B
Explanation:
You also must enable an intranet zone policy setting called Allow updates to status bar via script through Group Policy.
https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-sso-quick-start#roll-out-the-feature
NEW QUESTION 512
You have an Azure subscription that contains a storage account and an Azure web app named App1. App1 connects to an Azure Cosmos DB database named Cosmos1 that uses a private endpoint named Endpoint1. Endpoint1 has the default settings. You need to validate the name resolution to Cosmos1. Which DNS zone should you use?
A. endpoint1.privatelink.documents.azure.com
B. endpoint1.privatelink.blob.core.windows.net
C. endpoint1.privatelink.azurewebsites.net
D. endpoint1.privatelink.database.azure.com
Answer: A
Explanation:
https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-configure-private-endpoints
NEW QUESTION 513
You have an Azure subscription that contains an Azure Blob storage account named blob1. You need to configure attribute-based access control (ABAC) for blob1. Which attributes can you use in access conditions?
A. blob index tags only
B. blob index tags and container names only
C. file extensions and container names only
D. blob index tags, file extensions, and container names
Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-overview
NEW QUESTION 514
You are troubleshooting a security issue for an Azure Storage account. You enable Azure Storage Analytics logs and archive it to a storage account. What should you use to retrieve the diagnostics logs?
A. Azure Cosmos DB explorer.
B. Azure Monitor.
C. AzCopy.
D. Microsoft Defender for Cloud.
Answer: C
Explanation:
AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.
NEW QUESTION 515
You have an Azure subscription that contains an Azure SQL server named SQL1. SQL1 contains an Azure SQL database named DB1. You need to use Microsoft Defender for Cloud to complete a vulnerability assessment for DB1. What should you do first?
A. From Advanced Threat Protection types, select SQL injection vulnerability.
B. Configure the Send scan report to setting.
C. Set Periodic recurring scans to ON.
D. Enable the Microsoft Defender for SQL plan.
Answer: D
NEW QUESTION 516
You have an Azure subscription that contains an Azure web app named App1 and a virtual machine named VM1. VM1 runs Microsoft SQL Server and is connected to a virtual network named VNet1. App1, VM1, and VNet1 are in the US Central Azure region. You need to ensure that App1 can connect to VM1. The solution must minimize costs. What should you include in the solution?
A. regional virtual network integration
B. gateway-required virtual network integration
C. Azure Front Door
D. Azure Application Gateway integration
E. NAT gateway integration
Answer: A
Explanation:
In this scenario, connectivity to the SQL Database is achieved by using the new VNet Integration feature found on the App Service component. Using this feature removes the requirement of an App Service Environment (ASE) for the WebApp thus reducing overall hosting costs.
https://connectedcircuits.blog/2020/04/23/connecting-an-azure-webapp-to-a-sql-server-vm-inside-a-vnet/
NEW QUESTION 517
You have an Azure subscription. You need to deploy an Azure virtual WAN to meet the following requirements:
– Create three secured virtual hubs located in the East US, West US, and North Europe Azure regions.
– Ensure that security rules sync between the regions.
What should you use?
A. Azure Virtual Network Manager
B. Azure Front Door
C. Azure Network Function Manager
D. Azure Firewall Manager
Answer: A
Explanation:
https://azure.microsoft.com/en-us/products/virtual-network-manager
NEW QUESTION 518
You have an Azure subscription that contains an instance of Azure Firewall Standard named AzFW1. You need to identify whether you can use the following features with AzFW1:
– TLS inspection.
– Threat intelligence.
– The network intrusion detection and prevention systems (IDPS).
What can you use?
A. TLS inspection only.
B. threat intelligence only.
C. TLS inspection and the IDPS only.
D. threat intelligence and the IDPS only.
E. TLS inspection, threat intelligence, and the IDPS.
Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/firewall/features
NEW QUESTION 519
You have an Azure subscription that contains a web app named App1. App1 provides users with product images and videos. Users access App1 by using a URL of HTTPS://app1.contoso.com. You deploy two server pools named Pool1 and Pool2. Pool1 hosts product images. Pool2 hosts product videos. You need to optimize the performance of App1. The solution must meet the following requirements:
– Minimize the performance impact of TLS connections on Pool1 and Pool2.
– Route user requests to the server pools based on the requested URL path.
What should you include in the solution?
A. Azure Bastion
B. Azure Front Door
C. Azure Traffic Manager
D. Azure Application Gateway
Answer: B
Explanation:
By using Azure Front Door, you can configure routing rules to direct requests for product images to Pool1 and requests for product videos to Pool2. This ensures that user requests are directed to the appropriate server pool based on the requested URL path.
NEW QUESTION 520
You have an Azure subscription that contains a storage account named storage1 and a virtual machine named VM1. VM1 is connected to a virtual network named VNet1 that contains one subnet and uses Azure DNS. You need to ensure that VM1 connects to storage1 by using a private IP address. The solution must minimize administrative effort. What should you do?
A. For storage1, disable public network access.
B. On VNet1, create a new subnet.
C. For storage1, create a new private endpoint.
D. Create an Azure Private DNS zone.
Answer: C
NEW QUESTION 521
HotSpot
You have an Azure subscription that contains an Azure firewall named AzFW1. AzFW1 has a firewall policy named FWPolicy1. You need to add rule collections to FWPolicy1 to meet the following requirements:
– Allow traffic based on the FQDN of the destination.
– Allow TCP traffic.
Which types of rule collections should you add for each requirement? (To answer, select the appropriate options in the answer area.)
Answer:
NEW QUESTION 522
HotSpot
You have an Azure key vault. You need to delegate administrative access to the key vault to meet the following requirements:
– Provide a user named User1 with the ability to set access policies for the key vault.
– Provide a user named User2 with the ability to add and delete certificates in the key vault.
– Use the principle of least privilege.
What should you use to assign access to each user? (To answer, select the appropriate options in the answer area.)
Answer:
NEW QUESTION 523
Drag and Drop
You have a Microsoft Entra tenant. On January 1, you configure a multi-factor authentication (MFA) registration policy that has the following settings:
– Assignments: All users.
– Require Microsoft Entra ID multifactor authentication registration: Enabled.
– Enforce policy: On.
On January 3, you create two new users named User1 and User2. On January 5, User1 authenticates to Microsoft Entra ID for the first time. On January 7, User2 authenticates to Microsoft Entra ID for the first time. On which date will User1 and User2 be forced to register for MFA? (To answer, drag the appropriate dates to the correct users. Each date may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Answer:
Explanation:
https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-configure-mfa-policy
NEW QUESTION 524
Drag and Drop
You have an Azure subscription that contains an Azure web app named App1. You plan to configure a Conditional Access policy for App1. The solution must meet the following requirements:
– Only allow access to App1 from Windows devices.
– Only allow devices that are marked as compliant to access App1.
Which Conditional Access policy settings should you configure? (To answer, drag the appropriate settings to the correct requirements. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Answer:
NEW QUESTION 525
……
Get the newest PassLeader AZ-500 VCE dumps here: https://www.passleader.com/az-500.html (531 Q&As Dumps)
And, DOWNLOAD the newest PassLeader AZ-500 PDF dumps from Cloud Storage for free: https://drive.google.com/open?id=1CnqNGckypCByp19q05gCYQD-Qai7gnHt