Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. Microsoft
  3. AZ-500

Microsoft AZ-500 Exam (page: 13)
Microsoft Azure Security Technologies
Updated on: 27-Feb-2026

Viewing Page 13 of 65
AZ-500 PDF 505 Questions

You have an Azure subscription.
You plan to create a custom role-based access control (RBAC) role that will provide permission to read the Azure Storage account.
Which property of the RBAC role definition should you configure?

  1. NotActions []
  2. DataActions []
  3. AssignableScopes []
  4. Actions []

Answer(s): D

Explanation:

To 'Read a storage account', ie. list the blobs in the storage account, you need an 'Action' permission.
To read the data in a storage account, ie. open a blob, you need a 'DataAction' permission.


Reference:

https://docs.microsoft.com/en-us/azure/role-based-access-control/role-definitions



HOTSPOT (Drag and Drop is not supported) (Drag and Drop is not supported)
You have a Microsoft Entra tenant named contoso.com.
You collaborate with a partner organization that has a Microsoft Entra tenant named fabrikam.com. Fabrikam.com has multi-factor authentication (MFA) enabled for all users.
Contoso.com has the Cross-tenant access settings configured as shown in the Cross-tenant access settings exhibit. (Click the Cross-tenant access settings tab.)
Contoso.com has the External collaboration settings configured as shown in the External collaboration settings exhibit. (Click the External collaboration settings tab.)
You create a Conditional Access policy that has the following settings:
• Name: CAPolicy1
• Assignments
o Guest or external users: B2B collaboration guest users
o Target resources
- Include: All cloud apps
• Access controls
- Grant access
• Require device to be marked as compliant
• Require multi-factor authentication
- Enable policy: On
For each of the following statements, select Yes if the statement is true, otherwise select No.
NOTE: Each correct section is worth one point.


  1. See Explanation section for answer.

Answer(s): A

Explanation:



HOTSPOT (Drag and Drop is not supported) (Drag and Drop is not supported)
You have the hierarchy of Azure resources shown in the following exhibit.
RG1, RG2, and RG3 are resource groups.
RG2 contains a virtual machine named VM2.
You assign role-based access control (RBAC) roles to the users shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:


  1. See Explanation section for answer.

Answer(s): A

Explanation:



HOTSPOT (Drag and Drop is not supported) (Drag and Drop is not supported)
You plan to implement an Azure function named Function1 that will create new storage accounts for containerized application instances.
You need to grant Function1 the minimum required privileges to create the storage accounts. The solution must minimize administrative effort.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/howto-assign-access-portal



You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant.
From the Azure portal, you register an enterprise application.
Which additional resource will be created in Azure AD?

  1. a service principal
  2. an X.509 certificate
  3. a managed identity
  4. a user account

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are-added



HOTSPOT (Drag and Drop is not supported) (Drag and Drop is not supported)
You have an Azure Active Directory (Azure AD) tenant that contains the resources shown in the following table.
User2 is the owner of Group2.
The user and group settings for App1 are configured as shown in the following exhibit.
You enable self-service application access for App1 as shown in the following exhibit.
User3 is configured to approve access to App1.
After you enable self-service application access for App1, who will be configured as the Group2 owner and who will be configured as the App1 users? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-access



HOTSPOT (Drag and Drop is not supported) (Drag and Drop is not supported)
You have a management group named Group1 that contains an Azure subscription named sub1. Sub1 has a subscription ID of 11111111-1234-1234-1234
1111111111.
You need to create a custom Azure role-based access control (RBAC) role that will delegate permissions to manage the tags on all the objects in Group1.
What should you include in the role definition of Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Note: Assigning a custom RBAC role as the Management Group level is currently in preview only. So, for now the answer to the assignable scope is the subscription level.


Reference:

https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal#step-5-assignable-scopes



HOTSPOT (Drag and Drop is not supported) (Drag and Drop is not supported)
You have an Azure subscription that contains the custom roles shown in the following table.
In the Azure portal, you plan to create new custom roles by cloning existing roles. The new roles will be configured as shown in the following table.
Which roles can you clone to create each new role? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:


  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/roles/custom-create https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal



Viewing Page 13 of 65



Share your comments for Microsoft AZ-500 exam with other users:

Moreece 5/15/2023 8:44:00 AM

just passed the az-500 exam this last friday. most of the questions in this exam dumps are in the exam. i bought the full version and noticed some of the questions which were answered wrong in the free version are all corrected in the full version. this site is good but i wish the had it in an interactive version like a test engine simulator.
Anonymous


Qasim 6/11/2022 9:43:00 AM

just clear exam on 10/06/2202 dumps is valid all questions are came same in dumps only 2 new questions total 46 questions 1 case study with 5 question no lab/simulation in my exam please check the answers best of luck
Anonymous


deally 1/19/2024 3:41:00 PM

knowable questions
UNITED STATES


labuschanka 11/16/2023 6:06:00 PM

i gave the microsoft azure az-500 tests and prepared from this site as it has latest mock tests available which helped me evaluate my performance and score 919/1000
Anonymous