[17-Sep-2019 Update] Exam AZ-500 VCE Dumps and AZ-500 PDF Dumps from PassLeader

Valid AZ-500 Dumps shared by PassLeader for Helping Passing AZ-500 Exam! PassLeader now offer the newest AZ-500 VCE dumps and AZ-500 PDF dumps, the PassLeader AZ-500 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader AZ-500 dumps with VCE and PDF here: https://www.passleader.com/az-500.html (99 Q&As Dumps –> 151 Q&As Dumps –> 191 Q&As Dumps –> 268 Q&As Dumps –> 278 Q&As Dumps –> 306 Q&As Dumps –> 367 Q&As Dumps –> 438 Q&As Dumps –> 531 Q&As Dumps)

BTW, DOWNLOAD part of PassLeader AZ-500 dumps from Cloud Storage: https://drive.google.com/open?id=1CnqNGckypCByp19q05gCYQD-Qai7gnHt

You have an Azure Subscription named Sub1. You have an Azure Storage account named Sa1 in a resource group named RG1. Users and applications access the blob service and the file service in Sa1 by using several shared access signatures (SASs) and stored access policies. You discover that unauthorized users accessed both the file service and the blob service. You need to revoke all access to Sa1.
Solution: You generate new SASs.
Does this meet the goal?

A.    Yes
B.    No

Answer: B
Instead you should create a new stored access policy. To revoke a stored access policy, you can either delete it, or rename it by changing the signed identifier. Changing the signed identifier breaks the associations between any existing signatures and the stored access policy. Deleting or renaming the stored access policy immediately affects all of the shared access signatures associated with it.

You have a hybrid configuration of Azure Active Directory (Azure AD). You have an Azure HDInsight cluster on a virtual network. You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials. You need to configure the environment to support the planned authentication.
Solution: You create a site-to-site VPN between the virtual network and the on-premises network.
Does this meet the goal?

A.    Yes
B.    No

Answer: A
You can connect HDInsight to your on-premises network by using Azure Virtual Networks and a VPN gateway.

Your company plans to create separate subscriptions for each department. Each subscription will be associated to the same Azure Active Directory (Azure AD) tenant. You need to configure each subscription to have the same role assignments. What should you use?

A.    Azure Security Center
B.    Azure Blueprints
C.    Azure AD Privileged Identity Management (PIM)
D.    Azure Policy

Answer: C
The Azure AD Privileged Identity Management (PIM) service also allows Privileged Role Administrators to make permanent admin role assignments.

You have Azure Resource Manager templates that you use to deploy Azure virtual machines. You need to disable unused Windows features automatically as instances of the virtual machines are provisioned. What should you use?

A.    device compliance policies in Microsoft Intune
B.    Azure Automation State Configuration
C.    application security groups
D.    Azure Advisor

Answer: B
You can use Azure Automation State Configuration to manage Azure VMs (both Classic and Resource Manager), on-premises VMs, Linux machines, AWS VMs, and on-premises physical machines.

You are configuring an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry. You need to use the auto-generated service principal to authenticate to the Azure Container Registry. What should you create?

A.    an Azure Active Directory (Azure AD) group
B.    an Azure Active Directory (Azure AD) role assignment
C.    an Azure Active Directory (Azure AD) user
D.    a secret in Azure Key Vault

Answer: B
When you create an AKS cluster, Azure also creates a service principal to support cluster operability with other Azure resources. You can use this auto-generated service principal for authentication with an ACR registry. To do so, you need to create an Azure AD role assignment that grants the cluster’s service principal access to the container registry.

You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. You are assigned the Global administrator role for the tenant. You are responsible for managing Azure Security Center settings. You need to create a custom sensitivity label. What should you do first?

A.    Create a custom sensitive information type.
B.    Elevate access for global administrators in Azure AD.
C.    Upgrade the pricing tier of the Security Center to Standard.
D.    Enable integration with Microsoft Cloud App Security.

Answer: A
First, you need to create a new sensitive information type because you can’t directly modify the default rules.

You have an Azure subscription named Sub1. In Azure Security Center, you have a security playbook named Play1. Play1 is configured to send an email message to a user named User1. You need to modify Play1 to send email messages to a distribution group named Alerts. What should you use to modify Play1?

A.    Azure DevOps
B.    Azure Application Insights
C.    Azure Monitor
D.    Azure Logic Apps Designer

Answer: D
You can change an existing playbook in Security Center to add an action, or conditions. To do that you just need to click on the name of the playbook that you want to change, in the Playbooks tab, and Logic App Designer opens up.

You create a new Azure subscription. You need to ensure that you can create custom alert rules in Azure Security Center. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Onboard Azure Active Directory (Azure AD) Identity Protection.
B.    Create an Azure Storage account.
C.    Implement Azure Advisor recommendations.
D.    Create an Azure Log Analytics workspace.
E.    Upgrade the pricing tier of Security Center to Standard.

Answer: BD
D: You need write permission in the workspace that you select to store your custom alert.

You have an Azure SQL database. You implement Always Encrypted. You need to ensure that application developers can retrieve and decrypt data in the database. Which two pieces of information should you provide to the developers? (Each correct answer presents part of the solution. Choose two.)

A.    a stored access policy
B.    a shared access signature (SAS)
C.    the column encryption key
D.    user credentials
E.    the column master key

Answer: CE
Always Encrypted uses two types of keys: column encryption keys and column master keys. A column encryption key is used to encrypt data in an encrypted column. A column master key is a key-protecting key that encrypts one or more column encryption keys.

Your company uses Azure DevOps. You need to recommend a method to validate whether the code meets the company’s quality standards and code review standards. What should you recommend implementing in Azure DevOps?

A.    branch folders
B.    branch permissions
C.    branch policies
D.    branch locking

Answer: C
Branch policies help teams protect their important branches of development. Policies enforce your team’s code quality and change management standards.


Get the newest PassLeader AZ-500 VCE dumps here: https://www.passleader.com/az-500.html (99 Q&As Dumps –> 151 Q&As Dumps –> 191 Q&As Dumps –> 268 Q&As Dumps –> 278 Q&As Dumps –> 306 Q&As Dumps –> 367 Q&As Dumps –> 438 Q&As Dumps –> 531 Q&As Dumps)

And, DOWNLOAD the newest PassLeader AZ-500 PDF dumps from Cloud Storage for free: https://drive.google.com/open?id=1CnqNGckypCByp19q05gCYQD-Qai7gnHt