Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. Microsoft
  3. AZ-500

Microsoft AZ-500 Exam (page: 12)
Microsoft Azure Security Technologies
Updated on: 27-Feb-2026

Viewing Page 12 of 65
AZ-500 PDF 505 Questions

You have an Azure subscription that is associated with an Azure Active Directory (Azure AD) tenant.
When a developer attempts to register an app named App1 in the tenant, the developer receives the error message shown in the following exhibit.
You need to ensure that the developer can register App1 in the tenant.
What should you do for the tenant?

  1. Modify the Directory properties.
  2. Set Enable Security defaults to Yes.
  3. Configure the Consent and permissions settings for enterprise applications.
  4. Modify the User settings.

Answer(s): D

Explanation:


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are-added



You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant and a user named User1.
The App registrations settings for the tenant are configured as shown in the following exhibit.
You plan to deploy an app named App1.
You need to ensure that User1 can register App1 in Azure AD. The solution must use the principle of least privilege.
Which role should you assign to User1?

  1. App Configuration Data Owner for the subscription
  2. Managed Application Contributor for the subscription
  3. Cloud application administrator in Azure AD
  4. Application developer in Azure AD

Answer(s): D

Explanation:


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task



You have the Azure virtual machines shown in the following table.
Each virtual machine has a single network interface.
You add the network interface of VM1 to an application security group named ASG1.
You need to identify the network interfaces of which virtual machines you can add to ASG1.
What should you identify?

  1. VM2 only
  2. VM2 and VM3 only
  3. VM2, VM3, VM4, and VM5
  4. VM2, VM3, and VM5 only

Answer(s): B

Explanation:


Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/application-security-groups



SIMULATION
You need to create a new Azure Active Directory (Azure AD) directory named 12345678.onmicrosoft.com. The new directory must contain a user named user12345678 who is configured to sign in by using Azure Multi-Factor Authentication (MFA).

  1. See Explanation section for answer.

Answer(s): A

Explanation:

To create a new Azure AD tenant:
1. Browse to the Azure portal and sign in with an account that has an Azure subscription.
2. Select the plus icon (+) and search for Azure Active Directory.

3. Select Azure Active Directory in the search results.

4. Select Create.
5. Provide an Organization name (12345678) and an Initial domain name (12345678). Then select Create. This will create the directory named
12345678.onmicrosoft.com.

6. After directory creation is complete, select the information box to manage your new directory.
To create the user:
1. In the Azure portal, make sure you are on the Azure Active Directory fly out.

If not, select the Azure Active Directory icon from the left services navigation.

2. Under Manage, select Users.

3. Select All users and then select + New user.
4. Provide a Name and User name (user12345678) for the user. When you're done, select Create.
To enable MFA:
1. In the Azure portal, make sure you are on the Azure Active Directory fly out.

If not, select the Azure Active Directory icon from the left services navigation.

2. Under Manage, select Users.

3. Click on the Multi-Factor Authentication link.
4. Tick the checkbox next to the user's name and click the Enable link.


Reference:

https://docs.microsoft.com/en-us/power-bi/developer/create-an-azure-active-directory-tenant



You have an Azure subscription named Subcription1 that contains an Azure Active Directory (Azure AD) tenant named contoso.com and a resource group named
RG1.
You create a custom role named Role1 for contoso.com.
Where you can use Role1 for permission delegation?

  1. contoso.com only
  2. contoso.com and RG1 only
  3. contoso.com and Subscription1 only
  4. contoso.com, RG1, and Subscription1

Answer(s): A



You have an Azure subscription.
You enable Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
Your company's security policy for administrator accounts has the following conditions:
-The accounts must use multi-factor authentication (MFA).
-The accounts must use 20-character complex passwords.
-The passwords must be changed every 180 days.
-The accounts must be managed by using PIM.
You receive multiple alerts about administrators who have not changed their password during the last 90 days.
You need to minimize the number of generated alerts.
Which PIM alert should you modify?

  1. Roles are being assigned outside of Privileged Identity Management
  2. Roles don't require multi-factor authentication for activation
  3. Administrators aren't using their privileged roles
  4. Potential stale accounts in a privileged role

Answer(s): D

Explanation:


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-configure-security-alerts?tabs=new



Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure Active Directory (Azure AD). Azure AD Connect is installed on a domain member server named Server1.
You need to ensure that a domain administrator for the adatum.com domain can modify the synchronization options. The solution must use the principle of least privilege.
Which Azure AD role should you assign to the domain administrator?

  1. Security administrator
  2. Global administrator
  3. User administrator

Answer(s): B

Explanation:


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions



You have an Azure subscription that contains the users shown in the following table.
Which users can enable Azure AD Privileged Identity Management (PIM)?

  1. User2 and User3 only
  2. User1 and User2 only
  3. User2 only
  4. User1 only

Answer(s): A

Explanation:

For Azure AD roles in PIM, only a user who is in the Privileged Role Administrator or Global Administrator role can manage assignments for other administrators.
Global Administrators, Security Administrators, Global Readers, and Security Readers can also view assignments to Azure AD roles in PIM.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-deployment-plan



Viewing Page 12 of 65



Share your comments for Microsoft AZ-500 exam with other users:

Moreece 5/15/2023 8:44:00 AM

just passed the az-500 exam this last friday. most of the questions in this exam dumps are in the exam. i bought the full version and noticed some of the questions which were answered wrong in the free version are all corrected in the full version. this site is good but i wish the had it in an interactive version like a test engine simulator.
Anonymous


Qasim 6/11/2022 9:43:00 AM

just clear exam on 10/06/2202 dumps is valid all questions are came same in dumps only 2 new questions total 46 questions 1 case study with 5 question no lab/simulation in my exam please check the answers best of luck
Anonymous


deally 1/19/2024 3:41:00 PM

knowable questions
UNITED STATES


labuschanka 11/16/2023 6:06:00 PM

i gave the microsoft azure az-500 tests and prepared from this site as it has latest mock tests available which helped me evaluate my performance and score 919/1000
Anonymous