Microsoft Azure

Microsoft Azure Security Technologies

AZ-500
Popular

The AZ-500 exam assesses your skills in implementing security controls and threat protection on Azure.

147 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 11–20 of 147

Q11

A company needs to restrict access to a Web App only to users authenticated via corporate Active Directory. What should they implement?

  • A Azure AD App Registration
  • B Azure Firewall
  • C Azure Front Door
  • D Azure DDoS Protection
Explanation Azure AD App Registration will allow you to integrate corporate Active Directory for user authentication; the other options do not offer this functionality.
Q12

What happens when a virtual machine's network interface is removed, but the public IP remains?

  • A VM is still accessible
  • B Public IP is deleted
  • C VM becomes inaccessible
  • D Network resources are allocated
Explanation Removing the network interface disconnects the VM from the network, making it inaccessible; the public IP remains but is not connected to any interface.
Q13

Which Azure service provides advanced threat protection for workloads?

  • A Azure Defender
  • B Azure Monitor
  • C Azure Backup
  • D Azure Traffic Manager
Explanation Azure Defender offers enhanced security against threats while other services focus on different functions.
Q14

You are configuring access control for an Azure Resource Group. What should you use to grant specific permissions to a user?

  • A Azure Policy
  • B Role-Based Access Control (RBAC)
  • C Network Security Groups
  • D Azure Blueprints
Explanation RBAC assigns specific roles and permissions, while others serve different governance or security purposes.
Q15

What happens when you delete a resource group in Azure?

  • A Resources are retained until restored
  • B All resources within it are deleted
  • C Only tags associated are deleted
  • D Usage is automatically migrated
Explanation Deleting a resource group removes it and all contained resources, unlike other options which do not fully apply.
Q16

Which Azure service can provide advanced threat protection for databases?

  • A Azure Defender for SQL
  • B Azure Monitor
  • C Azure Security Center
  • D Azure Key Vault
Explanation Azure Defender for SQL offers advanced threat protection; others do not focus specifically on database security.
Q17

A company needs to enforce conditional access policies for their Azure environment. What should they use?

  • A Azure Firewall
  • B Azure Active Directory
  • C Azure VPN Gateway
  • D Azure NSG
Explanation Azure Active Directory provides conditional access; the others do not manage user access policies directly.
Q18

You are configuring an NSG for an Azure virtual network. What will happen if there are conflicting rules?

  • A Top-down approach applied.
  • B Bottom-up approach applied.
  • C Deny rules take precedence.
  • D Allow rules take precedence.
Explanation NSG rules are evaluated in a top-down manner; application of deny or allow is based on that order.
Q19

Which Azure service provides network security groups?

  • A Azure Network Security
  • B Azure Virtual Network
  • C Azure Storage Accounts
  • D Azure Resource Manager
Explanation Azure Network Security is responsible for network security groups; other options do not provide this functionality.
Q20

A company needs to securely manage secrets across applications. Which Azure service should they use?

  • A Azure Key Vault
  • B Azure Blob Storage
  • C Azure DevOps
  • D Azure Active Directory
Explanation Azure Key Vault is designed for managing secrets; the other services focus on different functionalities.