AZ-500 無料問題集「Microsoft Azure Security Technologies」
You have an Azure subscription named Sub1. Sub1 has an Azure Storage account named Storage1 that contains the resources shown in the following table.
You generate a shared access signature (SAS) to connect to the blob service and the file service.
Which tool can you use to access the contents in Container1 and Share! by using the SAS? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You generate a shared access signature (SAS) to connect to the blob service and the file service.
Which tool can you use to access the contents in Container1 and Share! by using the SAS? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
You have a Microsoft Entra tenant named contoso.com. The tenant contains the users shown in the following table.
You configure an access review named Review1 as shown in the following exhibit Dates in the exhibit are in the MM/DD/YYYY format.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
You configure an access review named Review1 as shown in the following exhibit Dates in the exhibit are in the MM/DD/YYYY format.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
You have an Azure Sentinel workspace that has the following data connectors:
Azure Active Directory Identity Protection
Common Event Format (CEF)
Azure Firewall
You need to ensure that data is being ingested from each connector.
From the Logs query window, which table should you query for each connector? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Azure Active Directory Identity Protection
Common Event Format (CEF)
Azure Firewall
You need to ensure that data is being ingested from each connector.
From the Logs query window, which table should you query for each connector? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
You plan to deploy Azure container instances.
You have a containerized application that validates credit cards. The application is comprised of two containers: an application container and a validation container.
The application container is monitored by the validation container. The validation container performs security checks by making requests to the application container and waiting for responses after every transaction.
You need to ensure that the application container and the validation container are scheduled to be deployedtogether. The containers must communicate to each other only on ports that are not externally exposed.
What should you include in the deployment?
You have a containerized application that validates credit cards. The application is comprised of two containers: an application container and a validation container.
The application container is monitored by the validation container. The validation container performs security checks by making requests to the application container and waiting for responses after every transaction.
You need to ensure that the application container and the validation container are scheduled to be deployedtogether. The containers must communicate to each other only on ports that are not externally exposed.
What should you include in the deployment?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have the Azure virtual networks shown in the following table.
You have the Azure virtual machines shown in the following table.
The firewalls on all the virtual machines allow ping traffic.
NSG1 is configured as shown in the following exhibit.
Inbound security rules
Outbound security rules
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have the Azure virtual machines shown in the following table.
The firewalls on all the virtual machines allow ping traffic.
NSG1 is configured as shown in the following exhibit.
Inbound security rules
Outbound security rules
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
You have an Azure subscription named Sub1 that contains an Azure Log Analytics workspace named LAW1.
You have 100 on-premises servers that run Windows Server 2012 R2 and Windows Server 2016. The servers connect to LAW1. LAW1 is configured to collect security-related performance counters from the connected servers.
You need to configure alerts based on the data collected by LAW1. The solution must meet the following requirements:
Alert rules must support dimensions.
The time it takes to generate an alert must be minimized.
Alert notifications must be generated only once when the alert is generated and once when the alert is resolved.
Which signal type should you use when you create the alert rules?
You have 100 on-premises servers that run Windows Server 2012 R2 and Windows Server 2016. The servers connect to LAW1. LAW1 is configured to collect security-related performance counters from the connected servers.
You need to configure alerts based on the data collected by LAW1. The solution must meet the following requirements:
Alert rules must support dimensions.
The time it takes to generate an alert must be minimized.
Alert notifications must be generated only once when the alert is generated and once when the alert is resolved.
Which signal type should you use when you create the alert rules?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have an Azure subscription that contains the Azure Active Directory (Azure AD) resources shown in the following table.
You create the groups shown in the following table.
Which resources can you add to Group5 and Group6? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You create the groups shown in the following table.
Which resources can you add to Group5 and Group6? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
You have an Azure subscription that contains an Azure SQL database named SQL1.
You plan to deploy a web app named App1.
You need to provide App1 with read and write access to SQL1. The solution must meet the following requirements:
Provide App1 with access to SQL1 without storing a password.
Use the principle of least privilege.
Minimize administrative effort.
Which type of account should App1 use to access SQL1, and which database roles should you assign to App1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You plan to deploy a web app named App1.
You need to provide App1 with read and write access to SQL1. The solution must meet the following requirements:
Provide App1 with access to SQL1 without storing a password.
Use the principle of least privilege.
Minimize administrative effort.
Which type of account should App1 use to access SQL1, and which database roles should you assign to App1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Reference:
https://docs.microsoft.com/en-us/azure/app-service/tutorial-connect-msi-sql-database?tabs=windowsclient%2Cdotnet
You have an Azure subscription that contains the virtual machines shown in the following table.
Subnet1 and Subnet2 have a Microsoft.Storage service endpoint configured.
You have an Azure Storage account named storageacc1 that is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Subnet1 and Subnet2 have a Microsoft.Storage service endpoint configured.
You have an Azure Storage account named storageacc1 that is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
正解:
Reference:
https://docs.microsoft.com/en-gb/azure/storage/common/storage-network-security
You have five Azure subscriptions linked to a single Azure Active Directory (Azure AD) tenant.
You create an Azure Policy initiative named SecurityPolicyInitiative1.
You identify which standard role assignments must be configured on all new resource groups.
You need to enforce SecurityPolicyInitiative1 and the role assignments when a new resource group is created.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You create an Azure Policy initiative named SecurityPolicyInitiative1.
You identify which standard role assignments must be configured on all new resource groups.
You need to enforce SecurityPolicyInitiative1 and the role assignments when a new resource group is created.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
1 - Create an Azure Blueprints definition.
2 - Publish an Azure Blueprints version
3 - Assign an Azure blueprint.
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/create-blueprint-portal
https://docs.microsoft.com/en-us/azure/azure-australia/azure-policy
You have three Azure subscriptions and a user named User1.
You need to provide User1 with the ability to manage and view costs for the resources across all three subscriptions. The solution must use the principle of least privilege.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
You need to provide User1 with the ability to manage and view costs for the resources across all three subscriptions. The solution must use the principle of least privilege.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
正解:
1 - Assign User1 the Cost Management Reader role for the management group.
2 - Assign User1 the Global administrator role.
3 - Add the three subscriptions to the management group.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create an initiative and an assignment that is scoped to a management group.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create an initiative and an assignment that is scoped to a management group.
Does this meet the goal?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You create an alert rule that has the following settings:
Resource: RG1
Condition: All Administrative operations
Actions: Action groups configured for this alert rule: ActionGroup1
Alert rule name: Alert1
You create an action rule that has the following settings:
Scope: VM1
Filter criteria: Resource Type = "Virtual Machines"
Define on this scope: Suppression
Suppression config: From now (always)
Name: ActionRule1
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Note: Each correct selection is worth one point.
Resource: RG1
Condition: All Administrative operations
Actions: Action groups configured for this alert rule: ActionGroup1
Alert rule name: Alert1
You create an action rule that has the following settings:
Scope: VM1
Filter criteria: Resource Type = "Virtual Machines"
Define on this scope: Suppression
Suppression config: From now (always)
Name: ActionRule1
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Note: Each correct selection is worth one point.
正解:
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-action-rules
Lab Task
use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password. place your cursor in the Enter password box and click on the password below.
Azure Username: Userl [email protected]
Azure Password: GpOAe4@lDg
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 28681041
Task 3
The developers at your company plan to create a web app named App28681041 and to publish the app to https://www.contoso.com. You need to perform the following tasks:
* Ensure that App28681041 is registered to Azure AD.
* Generate a password for App28681041.
use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password. place your cursor in the Enter password box and click on the password below.
Azure Username: Userl [email protected]
Azure Password: GpOAe4@lDg
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 28681041
Task 3
The developers at your company plan to create a web app named App28681041 and to publish the app to https://www.contoso.com. You need to perform the following tasks:
* Ensure that App28681041 is registered to Azure AD.
* Generate a password for App28681041.
正解:
Check below steps in explanation for Task
Explanation:
To register App28681041 to Azure AD and generate a password for it, you can follow these steps:
In the Azure portal, search for and select Azure Active Directory.
In the left pane, select App registrations.
Select New registration.
In the Register an application pane, enter the following information:
Name: App28681041
Supported account types: Select the appropriate account types for your scenario.
Redirect URI: Leave this field blank.
Select Register.
In the App registrations pane, select the newly created App28681041 application.
In the left pane, select Certificates & secrets.
Select New client secret.
In the Add a client secret pane, enter the following information:
Description: Enter a description for the client secret.
Expires: Select an appropriate expiration date for the client secret.
Select Add.
In the Certificates & secrets pane, copy the value of the newly created client secret.
You can find more information on this topic in the following Microsoft documentation: Quickstart: Register an application with the Microsoft identity platform.
Explanation:
To register App28681041 to Azure AD and generate a password for it, you can follow these steps:
In the Azure portal, search for and select Azure Active Directory.
In the left pane, select App registrations.
Select New registration.
In the Register an application pane, enter the following information:
Name: App28681041
Supported account types: Select the appropriate account types for your scenario.
Redirect URI: Leave this field blank.
Select Register.
In the App registrations pane, select the newly created App28681041 application.
In the left pane, select Certificates & secrets.
Select New client secret.
In the Add a client secret pane, enter the following information:
Description: Enter a description for the client secret.
Expires: Select an appropriate expiration date for the client secret.
Select Add.
In the Certificates & secrets pane, copy the value of the newly created client secret.
You can find more information on this topic in the following Microsoft documentation: Quickstart: Register an application with the Microsoft identity platform.
You have a management group named Group1 that contains an Azure subscription named sub1. Sub1 has a subscription ID of 11111111-1234-1234-1234-1111111111.
You need to create a custom Azure role-based access control (RBAC) role that will delegate permissions to manage the tags on all the objects in Group1.
What should you include in the role definition of Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to create a custom Azure role-based access control (RBAC) role that will delegate permissions to manage the tags on all the objects in Group1.
What should you include in the role definition of Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal#step-5-assignable-scopes