Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AZ500 > Microsoft Azure AZ-500 Security Technologies (Practice Exam #4) - Udemy > Flashcards

Microsoft Azure AZ-500 Security Technologies (Practice Exam #4) - Udemy Flashcards

1
Q

You have an existing AD Connect implementation. You have to prevent users from a certain department to be synchronised to AAD. What tool do you use?

A. AAD Connect wizard on the AD Connect server
B . Synchronization Rules Editor on the AD Connect server
C. AAD Connect in the Azure portal
D. AD Users and Computers on the local DC

A

B . Synchronization Rules Editor on the AD Connect server

Explanation:
Synchronization rules editor on the AD Connect server is used to change the users to be synced.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What format is an OpenID Connect token?

A. XML
B. SAML
C. JWT
D. Java

A

C. JWT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which two of the following are objects you can configure to apply AAD PIM to?

A. Access Reviews
B. AAD Roles
C. ADD Groups
D. Azure Resources
E. AAD Dynamic Groups

A

B. AAD Roles
D. Azure Resources

Explanation:
AAD Roles and Azure resources https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure#who-can-do-what-in-pim

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In Azure SQL Database AlwaysEncrypted, two types of column encryption is supported. Match the requirement with the appropriate column encryption type. Plaintext data values always produce the same cyphertext:

A. Deterministic
B. Randomized

A

A. Deterministic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In Azure SQL Database AlwaysEncrypted, two types of column encryption is supported. Match the requirement with the appropriate column encryption type. SQL Server can use the encrypted columns in joins and lookups:

A. Deterministic
B. Randomized

A

A. Deterministic

Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In Azure SQL Database AlwaysEncrypted, two types of column encryption is supported. Match the requirement with the appropriate column encryption type. Highest level of security:

A. Deterministic
B. Randomized

A

B. Randomized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In Azure SQL Database AlwaysEncrypted, two types of column encryption is supported. Match the requirement with the appropriate column encryption type. Not suitable for columns containing boolean data:

A. Deterministic
B. Randomized

A

A. Deterministic

Explanation:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You create a new Azure Key Vault and want to ensure that malicious permanent deletions of key vault items can be recovered for 90 days. What at a minimum would you have to enable on the Key Vault?

A. Soft-delete only
B. Purge protection only
C. Soft-delete and purge protection
D. Delete lock only
E. Read-only lock only

A

C. Soft-delete and purge protection

Explanation:
Soft-delete will allow recovery of accidentally deleted key vault items (or the key vault itself) for 90 days. However a malicious user might purge soft-deleted items which will prevent their recovery despite soft-delete being enabled. To prevent purging of soft-deleted items you should enable purge protection which in turn requires soft-delete to be enabled. The best answer is Soft-delete and purge protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following are default rules created with a network security group?

A. DenyAllInBound
B. DenyAllOutBound
C. DenyVnetInBound
D. DenyVnetOutBound

A

A. DenyAllInBound

Explanation:
AllowVnetInBound,

AllowAzureLoadBalancerInBound,

DenyAllInBound,

AllowVnetOutBound,

AllowInternetOutBound,

DenyAllOutBound,

Are the default rules in all NSGs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You must minimise costs. What is the minimum license required to configure Azure AD MFA?

A. Azure AD Premium P1
B. Azure AD Premium P2
C. No license is required
D. Any Office 365 license
E. No license is required, but the user must be an Azure AD Global Administrator

A

E. No license is required, but the user must be an Azure AD Global Administrator

Explanation:
No license is required, but the user must be an Azure AD Global Administrator

MFA is free if you are a AAD global administrator - reduced functionality

You get MFA for all users with any O365 subscription - reduced functionality

You get full-featured MFA with AAD P1

You get full-featured MFA with AAD P2 (all AAD P1 features is included in AAD P2)

You can configure MFA for any user with no licenses and your subscription will be charged on a per-user consumption-based model

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-licensing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When configuring AAD conditional access policies, which of the following are mandatory requirements?

A. User / group
B. Cloud Apps
C. Sign-in risk
D. Device platforms
E. Device state
F. Location
G. Client apps
H. Access controls

A

A. User / group
B. Cloud Apps
H. Access controls

Explanation:
User / group,

Cloud Apps,

Access controls,

All the others are optional.

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-based-mfa

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You are configuring AIP policies. You specify two labels:

Label1: matches “Word1”

Label2: matches “Word2”

You create a document in MS Word that contains both words, which label is applied?

A. Label1
B. Label2
C. Label1 and Label2
D. No label

A

B. Label2

Explanation:
Label 2 is applied. AIP labels are applied in the order they are listed in the policy with the last matching label (or sublable) winning. Only one label is applied to the document. Only Office documents are supported.

https://docs.microsoft.com/en-us/azure/information-protection/faqs-infoprotect#can-a-file-have-more-than-one-classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What tools are available to you for changing the key scenario in AIP (from Microsoft managed to BYOK for example)?

A. Azure portal
B. O365 management portal
C. Security and Compliance Centre
D. Windows PowerShell
E. Azure CLI

A

D. Windows PowerShell

Explanation:
https://www.udemy.com/course/azure-az-500-security-technologies-practice-test/learn/quiz/4704056/result/1388030393#overview:~:text=Windows%20PowerShell%20is%20currently%20the%20only%20option%20for%20key%20management%20in%20AIP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You must minimise costs. What is the minimum license required to configure Azure AD Conditional Access?

A. Azure AD Premium P1
B. Azure AD Premium P2
C. No license is required
D. Any Office 365 license
E. No license is required, but the user must be an Azure AD Global Administrator

A

A. Azure AD Premium P1

Explanation:
Azure AD Premium P1 is required to configure and use Conditional Access

Azure AD Premium P2 includes all the features of Azure Premium P1 (not minimum)

You cannot configure or use conditional access if you don’t have at least AAD P1

Conditional access in not included in Azure AD for O365 - having an O365 license won’t help

Being an Azure AD Global Administrator doesn’t permit configuring AAD Conditional access, you must have an AAD P1 license at least.

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview#license-requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When configuring an privileged access review what are the three available settings when an assigned reviewer does not complete the review before the configured review ends?

A. Do nothing
B. Take recommendations
C. Remove Access
D. Approve Access
E. Prompt owner

A

B. Take recommendations
C. Remove Access
D. Approve Access

Explanation:
Do nothing - not an option

Take recommendations - use the PIM access review recommended action

Remove Access - revoke all access to the role

Approve Access - approve all existing access to the role

https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review#upon-completion-settings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When you configure Azure AD PIM for the first time, what are the three things you must do?

A. Consent to PIM; verify your identity with MFA; sign-up PIM for AD roles
B. Consent to PIM; verify your identity with MFA; discover AD roles; sign-up PIM for AD roles
C. Verify your identity with MFA; consent to PIM; discover AD roles; sign-up PIM for AD roles
D. Verify your identity with MFA; consent to PIM; sign-up PIM for AD roles

A

A. Consent to PIM; verify your identity with MFA; sign-up PIM for AD roles

Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-discover-resources

17
Q

You deploy several VMs in Azure. You need to ensure that all the VMs have a consistent OS configuration including registry settings. Which of the following options would you configure?

A. ARM templates
B. Desired State Configuration
C. Application Security Groups
D. Device configuration policies

A

B. Desired State Configuration

Explanation:
Desired State Configuration (DSC) is used to ensure consistent VM deployment.

https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started

18
Q
A

AZ500 (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions