Exam AZ-500: Microsoft Azure Security Technologies
| Exam Number: AZ-500 | Length of test: 120 mins |
| Exam Name: Microsoft Azure Security Technologies | Number of questions in the actual exam: 40-60 |
| Format: PDF, VPLUS | Passing Score: 700/1000 |
|
Total Questions: 473 $30 Premium PDF file 2 months updates Last updated: April-2025 |
Total Questions: 473 FREE Premium VPLUS file Last updated: April-2025 |
Download practice test questions – AZ-500 exam topic
| Title | Size | Hits | Download |
|---|---|---|---|
| Microsoft.AZ-500.vNov-2024.by.Dien.122q | 15.93 MB | 117 | Download |
| Microsoft.AZ-500.vNov-2024.by.Dien.122q | 16.01 MB | 68 | Download |
| Microsoft.AZ-500.vJun-2024.by.Any.158q | 21.40 MB | 169 | Download |
| Microsoft.AZ-500.vFeb-2024.by.Yasi.126q | 17.73 MB | 152 | Download |
| Microsoft.AZ-500.vDec-2023.by.Lazyo.168q | 21.22 MB | 128 | Download |
Study guide for Exam AZ-500: Microsoft Azure Security Technologies
Audience profile
As the Azure security engineer, you implement, manage, and monitor security for resources in Azure, multi-cloud, and hybrid environments as part of an end-to-end infrastructure. You recommend security components and configurations to protect the following:
- Identity and access
- Data
- Applications
- Networks
Your responsibilities as an Azure security engineer include:
- Managing the security posture.
- Identifying and remediating vulnerabilities.
- Performing threat modelling.
- Implementing threat protection.
You may also participate in responding to security incidents. As an Azure security engineer, you work with architects, administrators, and developers to plan and implement solutions that meet security and compliance requirements.
You should have:
- Practical experience in administration of Microsoft Azure and hybrid environments.
- Strong familiarity with compute, network, and storage in Azure and Microsoft Entra ID.
Skills at a glance
Manage identity and access (25–30%)
- Manage Microsoft Entra identities
- Manage Microsoft Entra authentication
- Manage Microsoft Entra authorization
- Manage Microsoft Entra application access
Secure networking (20–25%)
- Plan and implement security for virtual networks
- Plan and implement security for private access to Azure resources
- Plan and implement security for public access to Azure resources
Secure compute, storage, and databases (20–25%)
- Plan and implement advanced security for compute
- Plan and implement security for storage
- Plan and implement security for Azure SQL Database and Azure SQL Managed Instance
Manage security operations (25–30%)
- Plan, implement, and manage governance for security
- Manage security posture by using Microsoft Defender for Cloud
- Configure and manage threat protection by using Microsoft Defender for Cloud
- Configure and manage security monitoring and automation solutions
Some new sample questions:
Question:
You have an on-premises datacenter that contains multiple servers.
You have an Azure subscription.
You plan to onboard the on-premises servers to Microsoft Defender for Cloud by using a script.
You need to create an identity to enable the script to run without prompting for Microsoft Entra credentials.
Which type of identity should you create?
A. user account
B. user-assigned managed identity
C. system-assigned managed identity
D. group account
E. service principal
Question:
You have an Azure subscription.
You plan to deploy an Azure SQL managed instance named AzSQL1.
You need to recommend an encryption solution for AzSQL1.
The solution must meet the following requirements:
* The database engine must be prevented from performing key provisioning, data encryption, and decryption operations.
* Database administrators must be prevented from viewing the encrypted data in plain text.
What should you include in the recommendation?
A. Azure Disk Encryption
B. TLS
C. Transparent Data Encryption (TDE) with customer-managed keys
D. Always Encrypted
E. Transparent Data Encryption (TDE) with Microsoft-managed keys
Question:
You have an Azure subscription that contains an Azure App Services web app named WebApp1. WebApp1 is accessed by users in multiple Azure regions.
You need to secure access to WebApp1. The solution must meet the following requirements:
* Protect against common web vulnerabilities.
* Optimize the routing of traffic from different regions.
What should you use?
A. Azure Application Gateway
B. Azure Content Delivery Network (CDN)
C. Azure Firewall
D. Azure Front Door Premium
………
Some new questions:
Q
You have an Azure subscription that contains an Azure key vault named Vault1 and a virtual machine named VM1. VM1 has the Key Vault VM extension installed.
For Vault1, you rotate the keys, secrets, and certificates.
What will be updated automatically on VM1?
A. the keys only
B. the secrets only
C. the certificates only
D. the keys and secrets only
E. the secrets and certificates only
F. the keys, secrets, and certificates
Q
You have a Microsoft Entra tenant that uses Microsoft Entra Permissions Management and contains the accounts shown in the following table:
Which accounts will be listed as assigned to highly privileged roles on the Azure AD insights tab in the Entra Permissions Management portal?
A. Admin1 only
B. Admin2 and Admin3 only
C. Admin2 and Admin4 only
D. Admin1. Admin2, and Admin3 only
E. Admin2. Admin3, and Admin4 only
F. Admin1. Admin2, Admin3. and Admin4
Q
HOTSPOT
You have a Microsoft Entra tenant that contains the users shown in the following table.
You configure a Conditional Access policy that has the following settings:
* Name: CAPolicy1
* Assignments
o Users or workload identities: Group1
o Target resources: All cloud apps
* Access controls
o Grant access: Require multifactor authentication
From Microsoft Authenticator settings for the tenant, the Enable and Target settings are configured as shown in the Enable and Target exhibit. (Click the Enable and Target tab.)
From Microsoft Authenticator settings for the tenant, the Configure settings are configured as shown in the Configure exhibit. (Click the Configure tab.)
Q
You have an Azure subscription that contains an Azure Kubernetes Service (AKS) cluster named AKS1.
You have an Azure container registry that stores container images that were deployed by using Azure DevOps Microsoft-hosted agents.
You need to ensure that administrators can access AKS1 only from specific networks. The solution must minimize administrative effort.
What should you configure for AKS1?
A. an Application Gateway Ingress Controller (AGIC)
B. a private cluster
C. authorized IP address ranges
D. a private endpoint
………….