최신 AZ-500 무료덤프 - Microsoft Azure Security Technologies
You have an Azure subscription that contains a SQL Server on Azure Virtual Machines instance named SQt1 and a Microsoft Sentinel workspace named Sentinel1.
You need to monitor security incidents on SQL1 by using Sentinel1.
What should you do first?
You need to monitor security incidents on SQL1 by using Sentinel1.
What should you do first?
정답: C
You have an Azure subscription that contains the resources show in the following table.
Both VM1 and VM2 connect to VNET1 and are configured to use NSG1.
You need to ensure that only VM1 and VM2 can access DB1.
What should you do?
Both VM1 and VM2 connect to VNET1 and are configured to use NSG1.
You need to ensure that only VM1 and VM2 can access DB1.
What should you do?
정답: D
You have an Azure AD turned that contains a user named User1.
You purchase an App named App1.
User1 needs to publish App1 by using Azure AD Application Proxy.
Which role should you assign to User1?
You purchase an App named App1.
User1 needs to publish App1 by using Azure AD Application Proxy.
Which role should you assign to User1?
정답: B
You have five Azure subscriptions linked to a single Azure Active Directory (Azure AD) tenant.
You create an Azure Policy initiative named SecurityPolicyInitiative1.
You identify which standard role assignments must be configured on all new resource groups.
You need to enforce SecurityPolicyInitiative1 and the role assignments when a new resource group is created.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You create an Azure Policy initiative named SecurityPolicyInitiative1.
You identify which standard role assignments must be configured on all new resource groups.
You need to enforce SecurityPolicyInitiative1 and the role assignments when a new resource group is created.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
정답:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/create-blueprint-portal
https://docs.microsoft.com/en-us/azure/azure-australia/azure-policy
You have an Azure subscription that contains a web app named Appl. App1 provides users with product images and videos. Users access App1 by using a URL of HTTPS://appl.contoso.com. You deploy two server pools named Pool! and Pool2. Pool1 hosts product images. Pool2 hosts product videos. You need to optimize The performance of Appl. The solution must meet the following requirements:
* Minimize the performance impact of TLS connections on Pool1 and Pool2.
* Route user requests to the server pools based on the requested URL path.
What should you include in the solution?
* Minimize the performance impact of TLS connections on Pool1 and Pool2.
* Route user requests to the server pools based on the requested URL path.
What should you include in the solution?
정답: C
You have an Azure subscription named Subscription1.
You need to view which security settings are assigned to Subscription1 by default.
Which Azure policy or initiative definition should you review?
You need to view which security settings are assigned to Subscription1 by default.
Which Azure policy or initiative definition should you review?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure subscription named Sub1.
In Azure Security Center, you have a security playbook named Play1. Play1 is configured to send an email message to a user named User1.
You need to modify Play1 to send email messages to a distribution group named Alerts.
What should you use to modify Play1?
In Azure Security Center, you have a security playbook named Play1. Play1 is configured to send an email message to a user named User1.
You need to modify Play1 to send email messages to a distribution group named Alerts.
What should you use to modify Play1?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure subscription named Subscription1.
You deploy a Linux virtual machine named VM1 to Subscription1.
You need to monitor the metrics and the logs of VM1.
D18912E1457D5D1DDCBD40AB3BF70D5D
What should you use?
You deploy a Linux virtual machine named VM1 to Subscription1.
You need to monitor the metrics and the logs of VM1.
D18912E1457D5D1DDCBD40AB3BF70D5D
What should you use?
정답: A
You have an Azure subscription that contains an Azure Files share named share1 and a user named User1.
Identity-based authentication is configured for share1.
User1 attempts to access share1 from a Windows 10 device by using SMB.
Which type of token will Azure Files use to authorize the request?
Identity-based authentication is configured for share1.
User1 attempts to access share1 from a Windows 10 device by using SMB.
Which type of token will Azure Files use to authorize the request?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure subscription that contains the resources shown in the following table.
You plan to deploy an Azure Private Link service named APL1.
Which resource must you reference during the creation of APL1?
You plan to deploy an Azure Private Link service named APL1.
Which resource must you reference during the creation of APL1?
정답: A
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains the subnets shown in the following table.
The subscription contains the virtual machines shown in the following table.
VM3 contains a service that listens for connections on port 8080.
For VM1, you configure just-in-time (JIT) VM access as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE; Each correct selection is worth one point.
The subscription contains the virtual machines shown in the following table.
VM3 contains a service that listens for connections on port 8080.
For VM1, you configure just-in-time (JIT) VM access as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE; Each correct selection is worth one point.
정답:
Explanation:
You plan to configure Azure Disk Encryption for VM4. Which key vault can you use to store the encryption key?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
You are evaluating the security of the network communication between the virtual machines in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Yes,
Yes
No
You need to deploy Microsoft Antimalware to meet the platform protection requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
1. DeployifNotExists
2. Scope
Topic 3, Fabrikam inc
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
General Overview
Fabrikam, Inc. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York. Fabrikam has IT, human resources (HR), and finance departments.
Existing Environment
Network Environment
Fabrikam has a Microsoft 365 subscription and an Azure subscription named subscription1.
The network contains an on-premises Active Directory domain named Fabrikam.com. The domain contains two organizational units (OUs) named OU1 and OU2. Azure AD Connect cloud sync syncs only OU1.
The Azure resources hierarchy is shown in the following exhibit.
The Azure Active Directory (Azure AD) tenant contains the users shown in the following table.
Azure AD contains the resources shown in the following table.
Subscription1 Resources
Subscription1 contains the virtual networks shown in the following table.
Subscription1 contains the network security groups (NSGs) shown in the following table.
Subscription1 contains the virtual machines shown in the following table.
Subscription1 contains the Azure key vaults shown in the following table.
Subscription1 contains a storage account named storage1 in the West US Azure region.
Planned Changes and Requirements
Planned Changes
Fabrikam plans to implement the following changes:
* Create two application security groups as shown in the following table.
* Associate the network interface of VM1 to ASG1.
* Deploy SecPol1 by using Azure Security Center.
* Deploy a third-party app named App1. A version of App1 exists for all available operating systems.
* Create a resource group named RG2.
* Sync OU2 to Azure AD.
* Add User1 to Group1.
Technical Requirements
Fabrikam identifies the following technical requirements:
* The finance department users must reauthenticate after three hours when they access SharePoint Online.
* Storage1 must be encrypted by using customer-managed keys and automatic key rotation.
* From Sentinel1, you must ensure that the following notebooks can be launched:
* Entity Explorer - Account
* Entity Explorer - Windows Host
* Guided Investigation Process Alerts
* VM1, VM2, and VM3 must be encrypted by using Azure Disk Encryption.
* Just in time (JIT) VM access for VM1, VM2, and VM3 must be enabled.
* App1 must use a secure connection string stored in KeyVault1.
* KeyVault1 traffic must NOT travel over the internet.
You have a network security group (NSG) bound to an Azure subnet.
You run Get-AzureRmNetworkSecurityRuleConfig and receive the output shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
You run Get-AzureRmNetworkSecurityRuleConfig and receive the output shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Box 1: able to connect to East US 2
The StorageEA2Allow has DestinationAddressPrefix {Storage/EastUS2}
Box 2: dropped
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group
You are configuring just in time (JIT) VM access to a set of Azure virtual machines.
You need to grant users PowerShell access to the virtual machine by using JIT VM access.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to grant users PowerShell access to the virtual machine by using JIT VM access.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
1. Read permission
2. 5986
https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained#what-permissions-are-needed- to-configure-and-use-jit
You have an Azure subscription named Sub1 that contains the resource groups shown in the following table.
You create the Azure Policy definition shown in the following exhibit.
You assign the policy to Sub1.
You plan to create the resources shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You create the Azure Policy definition shown in the following exhibit.
You assign the policy to Sub1.
You plan to create the resources shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
