Microsoft Azure

Microsoft Azure Security Technologies

AZ-500
Popular

The AZ-500 exam assesses your skills in implementing security controls and threat protection on Azure.

147 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 31–40 of 147

Q31

A company needs to manage access to their Azure resources effectively. Which Azure service should they use for identity management?

  • A Azure Active Directory
  • B Azure Key Vault
  • C Azure Blob Storage
  • D Azure Monitor
Explanation Azure Active Directory provides comprehensive identity management, while the others serve different purposes.
Q32

You are configuring Azure Security Center. What happens when you set a policy to enforce DDoS protection?

  • A Traffic is automatically filtered.
  • B Costs increase due to extra charges.
  • C Limited to only specific regions.
  • D Protection applies to all resources.
Explanation DDoS protection applies to all resources in the relevant subscription, not limited by geography or selection.
Q33

Which option enables you to restrict access to specific IP addresses for an Azure Virtual Network?

  • A Network Security Groups
  • B Azure Firewall
  • C VPN Gateway
  • D Azure Load Balancer
Explanation Network Security Groups allow for fine-grained control over inbound and outbound traffic based on IP addresses.
Q34

Which Azure service helps monitor and manage security posture?

  • A Azure Security Center
  • B Azure Load Balancer
  • C Azure Monitor
  • D Azure Active Directory
Explanation Azure Security Center provides security management and threat protection, while the others serve different purposes.
Q35

A company needs to secure sensitive data in Azure Blob Storage. What should they implement?

  • A Public access
  • B Shared Access Signatures
  • C Blob Indexer
  • D Azure Data Lake
Explanation Shared Access Signatures provide controlled access to secured Blob storage, unlike the other options.
Q36

What happens when a user attempts to access an Azure resource without proper RBAC permissions?

  • A Access denied requires backup
  • B Access is granted automatically
  • C Access is logged for review
  • D User is prompted for MFA
Explanation Access denied will prevent usage, while the others do not reflect standard RBAC behavior.
Q37

A company needs to protect sensitive data stored in Azure Blob Storage. Which Azure service provides encryption at rest?

  • A Azure Storage Service Encryption
  • B Azure SQL Database
  • C Azure Application Gateway
  • D Azure Key Vault
Explanation Azure Storage Service Encryption automatically encrypts data at rest, while the other options serve different security purposes.
Q38

What happens when a user attempts to access an Azure resource but their identity is not verified by Active Directory?

  • A Access is denied
  • B Access is granted
  • C Access is granted with limitations
  • D User is logged out
Explanation Access is denied because identity verification is essential, while other options incorrectly state that access is granted.
Q39

You are configuring Azure Policy for a compliance initiative. Which effect would ensure that non-compliant resources are remediated automatically?

  • A Deny
  • B Append
  • C DeployIfNotExists
  • D Audit
Explanation DeployIfNotExists automatically remediates compliance issues, while the others only restrict or log resources without remediation.
Q40

Which service provides advanced threat protection for Azure resources?

  • A Azure Security Center
  • B Azure Firewall
  • C Azure Sentinel
  • D Azure DDoS Protection
Explanation Azure Security Center provides comprehensive threat protection, while others focus on specific areas like network security.