AZ-500 Exam Details

  • Exam Code
    :AZ-500
  • Exam Name
    :Microsoft Azure Security Technologies
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :626 Q&As
  • Last Updated
    :Jul 12, 2026

Microsoft AZ-500 Online Questions & Answers

  • Question 171:

    You are securing access to the resources in an Azure subscription.

    A new company policy states that all the Azure virtual machines in the subscription must use managed disks.

    You need to prevent users from creating virtual machines that use unmanaged disks.

    What should you use?

    A. Azure Monitor
    B. Azure Policy
    C. Azure Security Center
    D. Azure Service Health

  • Question 172:

    DRAG DROP

    You have an on-premises datacenter.

    You have an Azure subscription that contains a virtual machine named VM1. VM1 is connected to a virtual network named VNet1. VNet1 is connected to the on-premises datacenter by using a Site-to-Site (S2S) VPN.

    You plan to create an Azure storage account named storage1 and deploy an Azure web app named App1.

    You need to ensure that network communication to each resource meets the following requirements:

    1. Connections to App1 must be allowed only from corporate network NAT addresses.

    2. Connections from VNet1 to storage1 must use the Microsoft backbone network.

    3. The solution must minimize costs.

    What should you configure for each resource? To answer, drag the appropriate components to the correct resources. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

    NOTE: Each correct selection is worth one point.

    Select and Place:

  • Question 173:

    You have an Azure subscription that contains the resources shown in the following table.

    App1 uses Function 1, SQL1, and storage 1.

    You need to secure the traffic between App1, Function1, SQL1. and storage1, by using private endpoints.

    With which resources can App1 communicate by using a private endpoint?

    A. SQL1 only
    B. storage1 only
    C. Function1 only
    D. SQL1 and storage1 only
    E. storage1 and Function1 only
    F. storage1, SQL1, and Function1

  • Question 174:

    You have an Azure subscription that contains an Azure SQL database named SQL1. SQL1 contains the columns shown in the following table.

    You configure SQL! to use Always Encrypted.

    You need to configure deterministic encryption.

    Which column supports deterministic encryption?

    A. Column1
    B. Column2
    C. Column3
    D. Column4

  • Question 175:

    HOTSPOT

    You have an Azure Subscription that is linked to an Azure Active Directory (Azure AD). The tenant contains the users shown in the following table.

    You have an Azure key vault named Vault1 that has Purge protection set to Disabled. Vault1 contains the access policies shown in the following table.

    You create role assignments for Vault1 as shown in the following table.

    For each of the following statements, Yes if the statement is true, Otherwise, select No.

    NOTE: Each correct selection is worth one point.

  • Question 176:

    You are troubleshooting a security issue for an Azure Storage account.

    You enable Azure Storage Analytics logs and archive it to a storage account.

    What should you use to retrieve the diagnostics logs?

    A. Azure Cosmos DB explorer
    B. Azure Monitor
    C. AzCopy
    D. Microsoft Defender for Cloud

  • Question 177:

    SIMULATION

    You need to create a new Azure Active Directory (Azure AD) directory named 10317806.onmicrosoft.com. The new directory must contain a user named user10317806 who is configured to sign in by using Azure Multi-Factor Authentication (MFA).

    A. See the explanation below.

  • Question 178:

    You have an Azure subscription that contains a managed identity named Identity1 and the Azure key vaults shown in the following table.

    2026-02-24_192708.jpg

    KeyVault1 contains an access policy that grants Identity1 the following key permissions:

    Get

    List

    Wrap

    Unwrap

    You need to provide Identity1 with the same permissions for KeyVault2. The solution must use the principle of least privilege.

    Which role should you assign to Identity1?

    A. Key Vault Crypto Service Encryption User
    B. Key Vault Crypto User
    C. Key Vault Reader
    D. Key Vault Crypto Officer

  • Question 179:

    HOTSPOT

    You have an Azure subscription that contains the storage accounts shown in the following table.

    You need to create private endpoints for the target sub-resources of the storage accounts. The solution must ensure that all the target sub-resources can be accessed by using a private endpoint.

    What is the minimum number of private endpoints you should create for each storage account? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 180:

    You have an Azure subscription that is linked to an Azure AD tenant and contains the resources shown in the following table.

    Which resources can be assigned the Contributor role for VM1?

    A. Managed1 and App1 only
    B. Group1 and Managed1 only
    C. Group1, Managed1, and VM2 only
    D. Group1, Managed1, VM1, and App1 only

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your AZ-500 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.