AZ-500 Exam Details

  • Exam Code
    :AZ-500
  • Exam Name
    :Microsoft Azure Security Technologies
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :626 Q&As
  • Last Updated
    :Jul 12, 2026

Microsoft AZ-500 Online Questions & Answers

  • Question 81:

    You plan to deploy Azure container instances.

    You have a containerized application that validates credit cards. The application is comprised of two containers: an application container and a validation container.

    The application container is monitored by the validation container. The validation container performs security checks by making requests to the application container and waiting for responses after every transaction.

    You need to ensure that the application container and the validation container are scheduled to be deployed together. The containers must communicate to each other only on ports that are not externally exposed.

    What should you include in the deployment?

    A. application security groups
    B. network security groups (NSGs)
    C. management groups
    D. container groups

  • Question 82:

    HOTSPOT

    You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

    You create and enforce an Azure AD Identity Protection sign-in risk policy that has the following settings:

    1. Assignments: Include Group1, exclude Group2

    2. Conditions: Sign-in risk level: Low and above

    3. Access: Allow access, Require multi-factor authentication

    You need to identify what occurs when the users sign in to Azure AD.

    What should you identify for each user? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 83:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You use Azure Security Center for the centralized policy management of three Azure subscriptions.

    You use several policy definitions to manage the security of the subscriptions.

    You need to deploy the policy definitions as a group to all three subscriptions.

    Solution: You create a policy definition and assignments that are scoped to resource groups.

    Does this meet the goal?

    A. Yes
    B. No

  • Question 84:

    SIMULATION

    You need to create a web app named Intranet11597200 and enable users to authenticate to the web app by using Azure Active Directory (Azure AD).

    To complete this task, sign in to the Azure portal.

    A. See the explanation below.

  • Question 85:

    You have an Azure subscription that contains a Microsoft Defender External Attack Surface Management (Defender EASM) resource named EASM1. EASM1 has discovery enabled and contains several inventory assets.

    You need to identify which inventory assets are vulnerable to the most critical web app security risks.

    Which Defender EASM dashboard should you use?

    A. Attack Surface Summary
    B. GDPRCompliance
    C. Security Posture
    D. OWASP Top 10

  • Question 86:

    HOTSPOT

    You have an Azure subscription that contains the resources shown in the following table.

    You perform the following tasks:

    Create a managed identity named Managed1.

    Create a Microsoft 365 group named Group1.

    Register an enterprise application named App1.

    Enable a system-assigned managed identity for VM1.

    You need to identify which service principals were created and which identities can be assigned the Reader role for RG1.

    What should you identify? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 87:

    From Microsoft Defender for Cloud, you need to deploy SecPol1.

    What should you do first?

    A. Enable Microsoft Defender for Cloud.
    B. Create an Azure Management group.
    C. Create an initiative.
    D. Configure continuous export.

  • Question 88:

    You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.

    The User administrator role is assigned to a user named Admin1.

    An external partner has a Microsoft account that uses the [email protected] sign in.

    Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: "Unable to invite user [email protected] Generic authorization exception."

    You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.

    What should you do?

    A. From the Roles and administrators blade, assign the Security administrator role to Admin1.
    B. From the Organizational relationships blade, add an identity provider.
    C. From the Custom domain names blade, add a custom domain.
    D. From the Users blade, modify the External collaboration settings.

  • Question 89:

    DRAG DROP

    You create an Azure subscription.

    You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure AD roles.

    Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

    Select and Place:

  • Question 90:

    You have an Azure subscription that contains the resources shown in the following table.

    You need to ensure that ServerAdmins can perform the following tasks:

    1. Create virtual machines in RG1 only.

    2. Connect the virtual machines to the existing virtual networks in RG2 only.

    The solution must use the principle of least privilege.

    Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    A. a custom RBAC role for RG2
    B. the Network Contributor role for RG2
    C. the Contributor role for the subscription
    D. a custom RBAC role for the subscription
    E. the Network Contributor role for RG1
    F. the Virtual Machine Contributor role for RG1

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your AZ-500 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.