[June-2021]Full Version AZ-500 Dumps VCE and PDF AZ-500 278Q for Free Download[Q269-Q278] June 29, 2021 lead2pass June/2021 Latest Braindump2go AZ-500 Exam Dumps with PDF and VCE Free Updated Today! Following are some new AZ-500 Real Exam Questions! QUESTION 269You are troubleshooting a security issue for an Azure Storage account.You enable the diagnostic logs for the storage account.What should you use to retrieve the diagnostics logs? A. Azure Security CenterB. Azure MonitorC. the Security admin centerD. Azure Storage Explorer Answer: BExplanation:https://docs.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage?tabs=azure-portal QUESTION 270You have an Azure subscription that contains the resources shown in the following table. You plan to enable Azure Defender for the subscription.Which resources can be protected by using Azure Defender? A. VM1, VNET1, storage1, and Vault1B. VM1, VNET1, and storage1 onlyC. VM1, storage1, and Vault1 onlyD. VM1 and VNET1 onlyE. VM1 and storage1 only Answer: AExplanation:https://docs.microsoft.com/en-us/azure/security-center/azure-defender QUESTION 271You have an Azure subscription that contains a resource group named RG1 and a security group named ServerAdmins. RG1 contains 10 virtual machines, a virtual network named VNET1, and a network security group (NSG) named NSG1. ServerAdmins can access the virtual machines by using RDP.You need to ensure that NSG1 only allows RDP connections to the virtual machines for a maximum of 60 minutes when a member of ServerAdmins requests access.What should you configure? A. an Azure policy assigned to RG1B. a just in time (JIT) VM access policy in Azure Security CenterC. an Azure Active Directory (Azure AD) Privileged Identity Management (PIM) role assignmentD. an Azure Bastion host on VNET1 Answer: BExplanation:https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained QUESTION 272You have a web app named WebApp1.You create a web application firewall (WAF) policy named WAF1.You need to protect WebApp1 by using WAF1.What should you do first? A. Deploy an Azure Front Door.B. Add an extension to WebApp1.C. Deploy Azure Firewall. Answer: AExplanation:https://docs.microsoft.com/en-us/azure/frontdoor/quickstart-create-front-door QUESTION 273You have an Azure subscription that contains an Azure SQL database named sql1.You plan to audit sql1.You need to configure the audit log destination. The solution must meet the following requirements:– Support querying events by using the Kusto query language.– Minimize administrative effort.What should you configure? A. an event hubB. a storage accountC. a Log Analytics workspace Answer: CExplanation:https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-log-analytics-wizard QUESTION 274Hotspot QuestionYou have a management group named Group1 that contains an Azure subscription named sub1. Sub1 has a subscription ID of 11111111-1234-1234-1234-1111111111.You need to create a custom Azure role-based access control (RBAC) role that will delegate permissions to manage the tags on all the objects in Group1.What should you include in the role definition of Role1? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Answer: Explanation:Note: Assigning a custom RBAC role as the Management Group level is currently in preview only. So, for now the answer to the assignable scope is the subscription level.Reference:https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operationshttps://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roleshttps://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal#step-5-assignable-scopes QUESTION 275Hotspot QuestionYou have an Azure subscription that contains the custom roles shown in the following table. In the Azure portal, you plan to create new custom roles by cloning existing roles. The new roles will be configured as shown in the following table. Which roles can you clone to create each new role? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Answer: Explanation:https://docs.microsoft.com/en-us/azure/active-directory/roles/custom-createhttps://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal QUESTION 276Drag and Drop QuestionYou have an Azure subscription that contains the following resources:– A network virtual appliance (NVA) that runs non-Microsoft firewall software and routes all outbound traffic from the virtual machines to the internet– An Azure function that contains a script to manage the firewall rules of the NVA– Azure Security Center standard tier enabled for all virtual machines– An Azure Sentinel workspace– 30 virtual machinesYou need to ensure that when a high-priority alert is generated in Security Center for a virtual machine, an incident is created in Azure Sentinel and then a script is initiated to configure a firewall rule for the NVA.How should you configure Azure Sentinel to meet the requirements? To answer, drag the appropriate components to the correct requirements. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point. Answer: Explanation:https://docs.microsoft.com/en-us/azure/sentinel/create-incidents-from-alertshttps://docs.microsoft.com/en-us/azure/sentinel/connect-azure-security-center QUESTION 277Hotspot QuestionYou have an Azure subscription named Subscription1 that contains the resources shown in the following table. You have an Azure subscription named Subscription2 that contains the following resources:– An Azure Sentinel workspace– An Azure Event Grid instanceYou need to ingest the CEF messages from the NVAs to Azure Sentinel.What should you configure for each subscription? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Answer: QUESTION 278SIMULATIONYou need to ensure that the rg1lod10598168n1 Azure Storage account is encrypted by using a key stored in the KeyVault10598168 Azure key vault.To complete this task, sign in to the Azure portal.Answer: See the explanation below.Explanation::Step 1: To enable customer-managed keys in the Azure portal, follow these steps:1. Navigate to your storage account rg1lod10598168n12. On the Settings blade for the storage account, click Encryption. Select the Use your own key option, as shown in the following figure. Step 2: Specify a key from a key vaultTo specify a key from a key vault, first make sure that you have a key vault that contains a key. To specify a key from a key vault, follow these steps:4. Choose the Select from Key Vault option.5. Choose the key vault KeyVault10598168 containing the key you want to use.6. Choose the key from the key vault. Reference:https://docs.microsoft.com/en-us/azure/storage/common/storage-encryption-keys-portal Resources From: 1.2021 Latest Braindump2go AZ-500 Exam Dumps (PDF & VCE) Free Share:https://www.braindump2go.com/az-500.html 2.2021 Latest Braindump2go AZ-500 PDF and AZ-500 VCE Dumps Free Share:https://drive.google.com/drive/folders/1sQAsVdJ79oBKFiswxjUzGT6Gt6a6PYWl?usp=sharing 3.2021 Free Braindump2go AZ-500 Exam Questions Download:https://www.braindump2go.com/free-online-pdf/AZ-500-PDF-Dumps(269-278).pdf Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!