Microsoft AZ-500 Online Practice
Questions and Exam Preparation
AZ-500 Exam Details
Exam Code
:AZ-500
Exam Name
:Microsoft Azure Security Technologies
Certification
:Microsoft Certifications
Vendor
:Microsoft
Total Questions
:626 Q&As
Last Updated
:Jul 12, 2026
Microsoft AZ-500 Online Questions &
Answers
Question 241:
SIMULATION
You need to configure network connectivity between a virtual network named VNET1 and a virtual network named VNET2. The solution must ensure that virtual machines connected to VNET1 can communicate with virtual machines connected to VNET2.
To complete this task, sign in to the Azure portal and modify the Azure resources.
A. See the explanation below.
A. See the explanation below.
Explanation
You need to configure VNet Peering between the two networks. The questions states, "The solution must ensure that virtual machines connected to VNET1 can communicate with virtual machines connected to VNET2". It doesn't say the VMs on VNET2 should be able to communicate with VMs on VNET1. Therefore, we need to configure the peering to allow just the one-way communication.
1. In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET1. Alternatively, browse to Virtual Networks in the left navigation pane.
2. In the properties of VNET1, click on Peerings.
3. In the Peerings blade, click Add to add a new peering.
4. In the Name of the peering from VNET1 to remote virtual network box, enter a name such as VNET1-VNET2 (this is the name that the peering will be displayed as in VNET1) 5. In the Virtual Network box, select VNET2.
6. In the Name of the peering from remote virtual network to VNET1 box, enter a name such as VNET2-VNET1 (this is the name that the peering will be displayed as in VNET2).
There is an option Allow virtual network access from VNET to remote virtual network. This should be left as Enabled.
7. For the option Allow virtual network access from remote network to VNET1, click the slider button to Disabled.
You have 10 virtual machines on a single subnet that has a single network security group (NSG).
You need to log the network traffic to an Azure Storage account.
What should you do?
A. Install the Network Performance Monitor solution. B. Create an Azure Log Analytics workspace. C. Enable diagnostic logging for the NSG. D. Enable NSG flow logs.
D. Enable NSG flow logs.
Explanation
A network security group (NSG) enables you to filter inbound traffic to, and outbound traffic from, a virtual machine (VM). You can log network traffic that flows through an NSG with Network Watcher's NSG flow log capability. Steps include:
1. Create a VM with a network security group 2. Enable Network Watcher and register the Microsoft.Insights provider
3. Enable a traffic flow log for an NSG, using Network Watcher's NSG flow log capability
You have an Azure subscription named Sub1 that contains the storage accounts shown in the following table.
The storage3 storage account is encrypted by using customer-managed keys.
You need to enable Microsoft Defender for Storage to meet the following requirements:
1. The storage1 and storage2 accounts must be included in the Defender for Storage protections.
2. The storage3 account must be excluded from the Defender for Storage protections.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area.
Select and Place:
Question 246:
You have an Azure subscription that uses Microsoft Defender for Cloud. The subscription contains the Azure Policy definitions shown in the following table.
Which definitions can be assigned as a security policy in Defender for Cloud?
A. Policy1 and Policy2 only B. Initiative1 and Initiative2 only C. Policy1 and Initiative1 only D. Policy2 and Initiative2 only E. Policy1, Policy2, Initiative1, and Initiative2
B. Initiative1 and Initiative2 only
Explanation
Microsoft Defender for Cloud applies security initiatives to your subscriptions. These initiatives contain one or more security policies. Each of those policies results in a security recommendation for improving your security posture.
Note:
What is a security policy?
An Azure Policy definition, created in Azure Policy, is a rule about specific security conditions that you want controlled. Built in definitions include things like controlling what type of resources can be deployed or enforcing the use of tags on all resources. You can also create your own custom policy definitions.
What is a security initiative?
A security initiative is a collection of Azure Policy definitions, or rules, are grouped together towards a specific goal or purpose. Security initiatives simplify management of your policies by grouping a set of policies together, logically, as a single item.
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains three security groups named Group1, Group2, and Group3 and the users shown in the following table.
Group3 is a member of Group2.
In contoso.com, you register an enterprise application named App1 that has the following settings:
1. Owners: User1
2. Users and groups: Group2
You configure the properties of App1 as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select no.
A team of developers at your company plans to deploy, and then remove, 50 customized virtual machines each week. Thirty of the virtual machines run Windows Server 2016 and 20 of the virtual machines run Ubuntu Linux.
You need to recommend which Azure service will minimize the administrative effort required to deploy and remove the virtual machines.
What should you recommend?
A. Azure Reserved Virtual Machines (VM) Instances B. Azure virtual machine scale sets C. Azure DevTest Labs D. Microsoft Managed Desktop
C. Azure DevTest Labs
Explanation
DevTest Labs creates labs consisting of pre-congured bases or Azure Resource Manager templates.
By using DevTest Labs, you can test the latest versions of your applications by doing the following tasks:
1. Quickly provision Windows and Linux environments by using reusable templates and artifacts.
2. Easily integrate your deployment pipeline with DevTest Labs to provision on-demand environments.
3. Scale up your load testing by provisioning multiple test agents and create pre-provisioned environments for training and demos.
You configure the subscription to use a different Azure Active Directory (Azure AD) tenant.
What are two possible effects of the change? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Role assignments at the subscription level are lost. B. Virtual machine managed identities are lost. C. Virtual machine disk snapshots are lost. D. Existing Azure resources are deleted.
A. Role assignments at the subscription level are lost. B. Virtual machine managed identities are lost.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Microsoft exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your AZ-500 exam preparations
and Microsoft certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.