AZ-500 Microsoft Azure Security Technologies Exam

Are you a guardian of your domain? Lean how to leverage your aptitude in security to protect Microsoft Azure technologies, with a goal of earning the Microsoft Certified: Azure Security Engineer Associate certification!

Expert

Gauge your current knowledge

Practice test preview
Track Readiness
Set Exam Goal

A security-conscious organization is developing a critical backend daemon service that requires unattended access to Microsoft Graph. This service needs to perform two distinct, high-privilege operations: 1. Retrieve the full profile details for all users across the entire Microsoft Entra tenant. 2. Send emails from a designated shared mailbox without user interaction. The organization's security policy strictly enforces the **principle of least privilege** and mandates that all necessary permissions for this daemon service must be granted through **admin consent**. Which configuration approach correctly defines the required permissions and ensures they are granted appropriately for this application?

Explanations

Related questions

A company is deploying a critical, multi-tier application in an Azure region that supports Availability Zones. The application requires maximum resilience against infrastructure failures, including individual hardware component failures within a datacenter and complete datacenter outages within the region. Additionally, the company needs to ensure that planned Azure maintenance activities do not cause a full application downtime. Which Azure high availability strategy should be implemented for the application's virtual machines to meet these comprehensive requirements?

Deploy virtual machines to availability zones and availability sets

A company has Azure File Sync deployed with cloud tiering enabled on several Windows Servers. Users report that some files that should be tiered are still consuming local disk space, and some tiered files are failing to recall. The administrator needs to investigate these issues efficiently. Which monitoring tools and event logs should the administrator primarily use on the Windows Server to diagnose why files are failing to tier and recall, and to check the overall health of the server endpoint?

Configure and manage Azure File Sync

A software development company is designing a new cloud-native application composed of multiple independent microservices. The application needs to handle highly variable loads, including periods of inactivity, and must scale down to zero instances to optimize costs. The architecture requires robust inter-service communication, dynamic service discovery, and the ability to perform A/B testing by routing a percentage of traffic to new versions of services. The development team has strong containerization skills but prefers a platform that abstracts away the complexities of direct Kubernetes API management and underlying infrastructure operations. Which Azure container hosting and orchestration service should the company recommend to meet these requirements efficiently?

Recommend a container-based solution

A development team is building an application that uploads various document types, such as PDFs and images, to Azure Blob Storage. For each uploaded document, they need to ensure that the browser correctly interprets the file type by setting the appropriate Content-Type property. Additionally, they must attach custom information, specifically a ProjectID and DocumentVersion, to each blob for internal tracking and categorization. The team is using the Azure Blob Storage .NET SDK. Which of the following approaches should the team use to efficiently set both the standard `Content-Type` and the custom `ProjectID` and `DocumentVersion` for each blob?

Set and retrieve properties and metadata

A development team manages a critical application's source code in a GitHub repository. They need to implement a robust security and compliance plan for their `main` branch to ensure code quality and prevent unauthorized changes. The organization uses Microsoft Entra ID for centralized identity management. The team has identified the following requirements: * Direct pushes to the `main` branch must be strictly prohibited. * All code changes must go through a pull request process, requiring at least two approved reviews before merging. * Automated CI build and security scanning checks must pass successfully before a pull request can be merged into `main`. * All GitHub users must authenticate via Microsoft Entra ID, and their access policies should be validated against corporate standards. Which combination of GitHub and Azure features should the team implement to meet these set of requirements?

Design and implement permissions and roles in GitHub

A large enterprise has deployed a critical, multi-tier application on Azure, comprising Azure Spring Apps microservices, Azure SQL Database, and several Azure Virtual Machines hosting legacy components. They are currently experiencing unexpectedly high data ingestion costs due to default monitoring configurations. The operations team requires a comprehensive monitoring solution that provides deep application performance insights, infrastructure health, and user behavior analytics, while significantly optimizing costs. The design must fulfill the following specific requirements: * Collect detailed application telemetry, including custom events and metrics, from Azure Spring Apps. * Monitor infrastructure performance counters and system logs from Azure Virtual Machines efficiently. * Implement cost-effective data retention for frequently collected logs that are less frequently queried. * Ensure critical alerts are configured to be both proactive and cost-efficient. * Provide unified dashboard visualization for all collected telemetry. Which integrated monitoring solution design best meets these requirements?

Recommend a monitoring solution

Want more questions like this?

Get a free certification question every week.