callicon +1 210-504-8191
whatsAppIcon +1 210-504-8191
emailIcon info@koenig-solutions.com
koenig-logo
logo-30-years
Login
koenig-logo
+1 210-504-8191
+1 210-504-8191

AZ-500: Microsoft Azure Security Technologies Quiz Questions and Answers

Answer :
  • Medium

Explanation :

<p>It is very unlikely the Microsoft will require the memorization of specific risk levels given that they have changed the documentation. Previously the risk levels were very well defined, however they now provide this very vague paragraph: &quot;Microsoft doesn&#39;t provide specific details about how risk is calculated. Each level of risk brings higher confidence that the user or sign-in is compromised. For example, something like one instance of unfamiliar sign-in properties for a user might not be as threatening as leaked credentials for another user.&quot;</p> <p>Modern Documentation: https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection#investigate-risk</p> <p>Legacy Documentation: https://web.archive.org/web/20190419234045/https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risk-events</p>
Answer :
  • Azure Blueprints

Explanation :

<p>Just as a blueprint allows an engineer or an architect to sketch a project&#39;s design parameters, Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization&#39;s standards, patterns, and requirements.<br /> Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as:<br /> ✑ Role Assignments<br /> ✑ Policy Assignments<br /> ✑ Azure Resource Manager templates<br /> ✑ Resource Groups<br /> Reference:<br /> https://docs.microsoft.com/en-us/azure/governance/blueprints/overview</p>
Answer :
  • FQDN Tags

Explanation :

An FQDN tag represents a group of fully qualified domain names (FQDNs) associated with well known Microsoft services. You can use an FQDN tag in application rules to allow the required outbound network traffic through your firewall.This can be used to allow Windows Update network traffic through your firewall, you need to create multiple application rules per the Microsoft documentation. Using FQDN tags, you can create an application rule, include the Windows Updates tag, and now network traffic to Microsoft Windows Update endpoints can flow through your firewall.
Answer :
  • Pass-through authentication with seamless single sign-on (SSO)

Explanation :

<p>A is out; it required more servers B could be the answer but user logon restriction does not sync immediately &quot;The password expired and account locked-out states aren&#39;t currently synced to Azure AD with Azure AD Connect. When you change a user&#39;s password and set the user must change password at next logon flag, the password hash will not be synced to Azure AD with Azure AD Connect until the user changes their password.&quot; From &lt;https://learn.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn&gt;</p>
Answer :
  • AcrPull

Explanation :

<p>Question gives the condition, &quot;The role assigned should not require more privileges than necessary.&quot; Therefore, D (Acrpull) is CORRECT because it provides the least number of permissions required for downloading images from a Container Registry. Answer A (Reader): provides at least two (2) permissions, which would be one (1) more than Acrpull allows for. [Ref. https://docs.microsoft.com/bs-latn-ba/azure/container-registry/container-registry-roles?tabs=azure-cli]</p>
Answer :
  • Zero trust model

Explanation :

Gone are the days when security focused on a strong perimeter defense to keep malicious hackers out. Anything outside the perimeter was treated as hostile, whereas inside the wall, an organization’s systems were trusted. Today's security posture is to assume breach and use the Zero Trust model. Security professionals no longer focus on perimeter defense. Modern organizations have to support access to data and services evenly from both inside and outside the corporate firewall.
Answer :
  • Yes

Explanation :

<p>1. When you create an AKS cluster, Azure also creates a service principal to support cluster operations with other Azure resources. 2. This service principal can already authenticate to AAD (since it was created in AAD by Azure). 3. But it needs to be RBAC permissions on the ACR Registry to pull images. 4. To do so, you need to create an Azure AD role assignment that grants the cluster&#39;s service principal access to the container registry.</p>
Answer :
  • Service endpoint

Explanation :

Virtual Network (VNet) service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Service Endpoints enables private IP addresses in the VNet to reach the endpoint of an Azure service without needing a public IP address on the VNet.
Answer :
  • Add App1 as an enterprise application

Explanation :

<p>The Token encryption option is only available for SAML applications that have been set up from the Enterprise applications blade in the Azure portal, either from the Application Gallery or a Non-Gallery app. For other applications, this menu option is disabled. https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/howto-saml-token-encryption?tabs=azure-portal</p>