Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Palo Alto Networks
Salesforce
SAP
All Vendors
  1. Home
  2. Microsoft
  3. AZ-500

Microsoft AZ-500 Exam (page: 7)
Microsoft Azure Security Technologies
Updated on: 28-Jul-2025

Viewing Page 7 of 103
AZ-500 PDF 503 Questions

You have a sneaking suspicion that there are users trying to sign in to resources which are inaccessible to them.
You decide to create an Azure Log Analytics query to confirm your suspicions. The query will detect unsuccessful user sign-in attempts from the last few days.
You want to make sure that the results only show users who had failed to sign-in more than five times.
Which of the following should be included in your query?

  1. The EventID and CountIf() parameters.
  2. The ActivityID and CountIf() parameters.
  3. The EventID and Count() parameters.
  4. The ActivityID and Count() parameters.

Answer(s): C

Explanation:


Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/examples



Your company uses Azure DevOps with branch policies configured.
Which of the following is TRUE with regards to branch policies? (Choose all that apply.)

  1. It enforces your team's change management standards.
  2. It controls who can read and update the code in a branch.
  3. It enforces your team's code quality.
  4. It places a branch into a read-only state.

Answer(s): A,C

Explanation:

Branch policies help teams protect their important branches of development. Policies enforce your team's code quality and change management standards.


Reference:

https://docs.microsoft.com/en-us/azure/devops/repos/git/branch-policies?view=azure-devops&viewFallbackFrom=vsts



After creating a new Azure subscription, you are tasked with making sure that custom alert rules can be created in Azure Security Center.
You have created an Azure Storage account.
Which of the following is the action you should take?

  1. You should make sure that Azure Active Directory (Azure AD) Identity Protection is removed.
  2. You should create a DLP policy.
  3. You should create an Azure Log Analytics workspace.
  4. You should make sure that Security Center has the necessary tier configured.

Answer(s): C

Explanation:

C: You need write permission in the workspace that you select to store your custom alert.


Reference:

https://docs.microsoft.com/en-us/azure/security-center/security-center-custom-alert



Your company's Azure subscription includes an Azure Log Analytics workspace.
Your company has a hundred on-premises servers that run either Windows Server 2012 R2 or Windows Server 2016, and is linked to the Azure Log Analytics workspace. The Azure Log Analytics workspace is set up to gather performance counters associated with security from these linked servers.
You have been tasked with configuring alerts according to the information gathered by the Azure Log Analytics workspace.
You have to make sure that alert rules allow for dimensions, and that alert creation time should be kept to a minimum. Furthermore, a single alert notification must be created when the alert is created and when the alert is sorted out.
You need to make use of the necessary signal type when creating the alert rules.
Which of the following is the option you should use?

  1. You should make use of the Activity log signal type.
  2. You should make use of the Application Log signal type.
  3. You should make use of the Metric signal type.
  4. You should make use of the Audit Log signal type.

Answer(s): C

Explanation:

Metric alerts in Azure Monitor provide a way to get notified when one of your metrics cross a threshold. Metric alerts work on a range of multi-dimensional platform metrics, custom metrics, Application Insights standard and custom metrics.
Note: Signals are emitted by the target resource and can be of several types. Metric, Activity log, Application Insights, and Log.


Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-metric



Your company's Azure subscription includes a hundred virtual machines that have Azure Diagnostics enabled.
You have been tasked with retrieving the identity of the user that removed a virtual machine fifteen days ago. You have already accessed Azure Monitor.
Which of the following options should you use?

  1. Application Log
  2. Metrics
  3. Activity Log
  4. Logs

Answer(s): C

Explanation:

Azure activity logs provide insight into the operations that were performed on resources in your subscription. Activity logs were previously known as ג€audit logsג€ or
ג€operational logs,ג€ because they report control-plane events for your subscriptions.


Reference:

https://docs.microsoft.com/en-us/azure/security/azure-log-audit



Viewing Page 7 of 103



Share your comments for Microsoft AZ-500 exam with other users:

Moreece 5/15/2023 8:44:00 AM

just passed the az-500 exam this last friday. most of the questions in this exam dumps are in the exam. i bought the full version and noticed some of the questions which were answered wrong in the free version are all corrected in the full version. this site is good but i wish the had it in an interactive version like a test engine simulator.
Anonymous


Qasim 6/11/2022 9:43:00 AM

just clear exam on 10/06/2202 dumps is valid all questions are came same in dumps only 2 new questions total 46 questions 1 case study with 5 question no lab/simulation in my exam please check the answers best of luck
Anonymous


deally 1/19/2024 3:41:00 PM

knowable questions
UNITED STATES


labuschanka 11/16/2023 6:06:00 PM

i gave the microsoft azure az-500 tests and prepared from this site as it has latest mock tests available which helped me evaluate my performance and score 919/1000
Anonymous