Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-500

Microsoft AZ-500 Exam
Microsoft Azure Security Technologies (Page 18 )

Updated On: 9-Feb-2026
Page 18 of 103
PDF with 505 Questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Sub1.
You have an Azure Storage account named sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in sa1 by using several shared access signatures (SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to sa1.
Solution: You generate new SASs.
Does this meet the goal?

  1. Yes
  2. No

Answer(s): B

Explanation:

Instead you should create a new stored access policy.
To revoke a stored access policy, you can either delete it, or rename it by changing the signed identifier. Changing the signed identifier breaks the associations between any existing signatures and the stored access policy. Deleting or renaming the stored access policy immediately affects all of the shared access signatures associated with it.


Reference:

https://docs.microsoft.com/en-us/rest/api/storageservices/Establishing-a-Stored-Access-Policy



You have an Azure subscription that contains virtual machines.
You enable just in time (JIT) VM access to all the virtual machines.
You need to connect to a virtual machine by using Remote Desktop.
What should you do first?

  1. From Azure Directory (Azure AD) Privileged Identity Management (PIM), activate the Security administrator user role.
  2. From Azure Active Directory (Azure AD) Privileged Identity Management (PIM), activate the Owner role for the virtual machine.
  3. From the Azure portal, select the virtual machine, select Connect, and then select Request access.
  4. From the Azure portal, select the virtual machine and add the Network Watcher Agent virtual machine extension.

Answer(s): C

Explanation:


Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/connect-logon



HOTSPOT (Drag and Drop is not supported) (Drag and Drop is not supported)
Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. The tenant contains the users shown in the following table.
The tenant contains the groups shown in the following table.
You configure a multi-factor authentication (MFA) registration policy that has the following settings:
-Assignments:
- Include: Group1
- Exclude: Group2
-Controls: Require Azure MFA registration
-Enforce Policy: On
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:


  1. See Explanation section for answer.

Answer(s): A

Explanation:



SIMULATION
The developers at your company plan to publish an app named App12345678 to Azure.
You need to ensure that the app is registered to Azure Active Directory (Azure AD). The registration must use the sign-on URLs of https://app.contoso.com.
To complete this task, sign in to the Azure portal and modify the Azure resources.

  1. See Explanation section for answer.

Answer(s): A

Explanation:

Step 1: Register the Application
1. Sign in to your Azure Account through the Azure portal.
2. Select Azure Active Directory.
3. Select App registrations.
4. Select New registration.
5. Name the application App12345678. Select a supported account type, which determines who can use the application. Under Redirect URI, select Web for the type of application you want to create. Enter the URI: https://app.contoso.com , where the access token is sent to.

6. Click Register


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal



You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
The User administrator role is assigned to a user named Admin1.
An external partner has a Microsoft account that uses the user1@outlook.com sign in.
Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: `Unable to invite user user1@outlook.com Generic authorization exception.`
You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.
What should you do?

  1. From the Roles and administrators blade, assign the Security administrator role to Admin1.
  2. From the Organizational relationships blade, add an identity provider.
  3. From the Custom domain names blade, add a custom domain.
  4. From the Users blade, modify the External collaboration settings.

Answer(s): D

Explanation:

You need to allow guest invitations in the External collaboration settings.






Post your Comments and Discuss Microsoft AZ-500 exam prep with other Community members:

Join the AZ-500 Discussion