Microsoft Azure

Microsoft Azure Security Technologies

AZ-500
Popular

The AZ-500 exam assesses your skills in implementing security controls and threat protection on Azure.

147 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 111–120 of 147

Q111

What happens when you delete an Azure Resource Group that contains an Azure Kubernetes Service (AKS)?

  • A Only AKS is deleted
  • B AKS and all resources are deleted
  • C Alerts are sent to admin
  • D Deletion is not permitted
Explanation Deleting a Resource Group removes all resources within it, including AKS.
Q112

Which service helps protect against DDoS attacks in Azure?

  • A Azure DDoS Protection
  • B Azure Firewall
  • C Azure Application Gateway
  • D Azure Traffic Manager
Explanation Azure DDoS Protection specifically targets DDoS attacks, while others serve different purposes.
Q113

A company needs to secure API access using OAuth 2.0. What Azure service should they use?

  • A Azure AD B2C
  • B Azure API Management
  • C Azure App Service
  • D Azure Functions
Explanation Azure API Management supports OAuth 2.0 for securing APIs, while the others do not focus on API management specifically.
Q114

You are configuring Azure Security Center. What happens when you set the security policies?

  • A Instantly closes all security threats
  • B Enforces compliance and security best practices
  • C Removes all unused resources
  • D Increases data storage capacity
Explanation Setting security policies in Azure Security Center ensures compliance and mandates security best practices, not the other options.
Q115

You are configuring Azure Policy for your resources. Which effect allows you to deny the creation of resources that do not meet a specific policy definition?

  • A Deny
  • B Audit
  • C Append
  • D Disabled
Explanation The 'Deny' effect prevents non-compliant resources from being created, while 'Audit' only records them, 'Append' adds settings, and 'Disabled' does nothing.
Q116

A company needs to share documents securely within Azure Active Directory (Azure AD) without using third-party applications. Which Microsoft service should they use?

  • A OneDrive for Business
  • B Microsoft Teams
  • C SharePoint Online
  • D Azure Blob Storage
Explanation SharePoint Online facilitates secure document sharing with permissions, unlike OneDrive (personal use), Teams (collaborative chat), or Blob Storage (unstructured data).
Q117

What happens when you Azure AD-join a Windows 10 device and it tries to log in without internet access?

  • A Login fails instantly
  • B Login succeeds using cached credentials
  • C Login is temporarily disabled
  • D No access to any local resources
Explanation Azure AD provides cached credentials for offline login, while instant failure, disabled login, and no access are incorrect for signed-in users.
Q118

Which Azure service helps automate the management of secrets?

  • A Azure Key Vault
  • B Azure DevOps
  • C Azure Functions
  • D Azure Firewall
Explanation Azure Key Vault securely stores and manages secrets; others do not focus on secrets management.
Q119

A company needs to restrict certain users from accessing specific Azure resources. What should they implement?

  • A Azure Role-Based Access Control (RBAC)
  • B Azure Policy
  • C Network Security Groups
  • D Azure Firewall
Explanation RBAC allows role-based permissions; others affect network security or compliance but not access directly.
Q120

What happens when an Azure resource has no defined Network Security Group (NSG)?

  • A Open access to the internet
  • B Access is denied by default
  • C Limited by Azure default rules
  • D Requires manual approval for access
Explanation Without an NSG, default rules apply which might still allow some traffic; others are incorrect because they misinterpret default behavior.