Microsoft AZ-500 Online Practice
Questions and Exam Preparation
AZ-500 Exam Details
Exam Code
:AZ-500
Exam Name
:Microsoft Azure Security Technologies
Certification
:Microsoft Certifications
Vendor
:Microsoft
Total Questions
:626 Q&As
Last Updated
:Jul 12, 2026
Microsoft AZ-500 Online Questions &
Answers
Question 541:
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Box 1: Yes
Azure Monitor maximizes the availability and performance of your applications and services by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.
Box 2: Yes
Alerts in Azure Monitor proactively notify you of critical conditions and potentially attempt to take corrective action.
Box 3: Yes
Azure Monitor uses Target Resource, which is the scope and signals available for alerting. A target can be any Azure resource. Example targets: a virtual machine, a storage account, a virtual machine scale set, a Log Analytics workspace, or an Application Insights resource.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Subscription. The subscription contains 50 virtual machines that run Windows Server 2012 R2 or Windows Server 2016.
You need to deploy Microsoft Antimalware to the virtual machines.
Solution: You connect to each virtual machine and add a Windows feature.
Does this meet the goal?
A. Yes B. No
B. No
Explanation
Microsoft Antimalware is deployed as an extension and not a feature.
You have an Azure AD tenant and an application named App1.
You need to ensure that App1 can use Microsoft Entra Verified ID to verify credentials.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Step 1: Create an Azure key vault
Configure your tenant for Microsoft Entra Verified ID In steps: Create an Azure Key Vault instance.
Set up the Verified ID service.
Register an application in Azure AD.
Create a key vault
Azure Key Vault is a cloud service that enables the secure storage and access of secrets and keys. The Verified ID service stores public and private keys in Azure Key Vault. These keys are used to sign and verify credentials.
Step 2: Configure the Verified ID service
Step 3: Register App1 in Azure AD and grant permissions
You have Azure Resource Manager templates that you use to deploy Azure virtual machines.
You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.
What should you use?
A. device compliance policies in Microsoft Intune B. Azure Automation State Configuration C. application security groups D. Azure Advisor
B. Azure Automation State Configuration
Explanation
You can use Azure Automation State Configuration to manage Azure VMs (both Classic and Resource Manager), on-premises VMs, Linux machines, AWS VMs, and on-premises physical machines.
Note: Azure Automation State Configuration provides a DSC pull server similar to the Windows Feature DSC-Service so that target nodes automatically receive configurations, conform to the desired state, and report back on their compliance. The built-in pull server in Azure Automation eliminates the need to set up and maintain your own pull server. Azure Automation can target virtual or physical Windows or Linux machines, in the cloud or on-premises.
You have an Azure Active Directory (Azure AD) tenant that contains two administrative units named AU1 and AU2.
Users are assigned to the administrative units as shown in the following table.
Users are assigned the roles shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point
Question 546:
You have an Azure AD tenant that contains the identities shown in the following table.
You plan to implement Azure AD Identity Protection.
What is the maximum number of user risk policies you can configure?
A. 1 B. 90 C. 200 D. 265 E. 1000
D. 265
Explanation
For assigning usage rights and access controls:
You can use any type of group in Azure AD that has an email address that contains a verified domain for the user's tenant. A group that has an email address is often referred to as a mail-enabled group.
Note: or assigning labels:
To configure scoped policies that assign additional labels to group members, you can use any type of group in Azure AD that has an email address that contains a verified domain for the user's tenant. A group that has an email address is often referred to as a mail-enabled group.
For example, you can use a mail-enabled security group, a static distribution group, and a Microsoft 365 group. You cannot use a security group (dynamic or static) because this group type doesn't have an email address. You also cannot use a dynamic distribution list from Exchange Online because this group isn't replicated to Azure AD.
You need to ensure that when administrators deploy resources by using an Azure Resource Manager template, the deployment can access secrets in an Azure key vault named KV31330471.
A. Please check the answer in the explantion B. PlaceHolder C. PlaceHolder D. PlaceHolder
A. Please check the answer in the explantion
Explanation
Grant permission to the application that is used to deploy the resources to access the secrets in the key vault. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to assign theKey Vault Secrets Userrole to the application at the scope of the key vault or individual secrets.
Enable template deployment for the key vault. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to set theenabledForTemplateDeploymentproperty of the key vault to true.
Reference the secrets in the template by using their resource ID. You can use the listSecrets function to get the resource ID of a secret in the key vault. You need to specify the name of the key vault and the name of the secret as parameters.
Deploy the template by using Azure PowerShell, Azure CLI, or REST API. You can use the New-AzResourceGroupDeployment cmdlet, the az deployment group create command, or the Deployments - Create Or Update REST API to do this. You need to provide the template file or URI and any required parameters.
Question 548:
You have an Azure key vault named Vault1 that stores the resources shown in the following table.
Which resources support the creation of a rotation policy?
A. Key 1 only B. Cert1 only C. Key1 and Secret1 only D. Key1 and Cert1 only E. Secret1 and Cert1 only F. Key1, Secret1, and Cert1
A. Key 1 only
Question 549:
HOTSPOT
You have an Azure subscription that contains a resource group named RG1. RG1 contains a virtual machine named VM1 that uses Azure Active Directory (Azure AD) authentication.
You have two custom Azure roles named Role1 and Role2 that are scoped to RG1.
The permissions for Role1 are shown in the following JSON code.
The permissions for Role2 are shown in the following JSON code.
You assign the roles to the users shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Question 550:
You have an Azure subscription that contains a Microsoft Defender External Attack Surface Management (Defender EASM) resource named EASM1.
You review the Attack Surface Summary dashboard. You need to identify the following insights:
1. Deprecated technologies that are no longer supported
2. Infrastructure that will soon expire
Which section of the dashboard should you review?
A. Securing the Cloud B. Sensitive Services C. attack surface composition D. Attack Surface Priorities
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Microsoft exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your AZ-500 exam preparations
and Microsoft certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.