AZ-500 Misc

Ace your homework & exams now with Quizwiz!

What gets applied to documents in Azure Information Protection

Labels

What AKS setting should you use if you want the cluster to handle Authentication and Authorization

Local Accounts with Kubernetes RBAC

Where is Azure Monitor Logging data stored?

Log Analytics workspace

Where is Azure Sentinel Logging data stored?

Log Analytics workspace

How do you verify the trustworthiness of a platform and the binaries running on it in Azure?

Microsoft Azure Attestation

Where can you find hunting in Sentinel?

Microsoft Sentinel > Hunting

Where can you find incidents in Sentinel?

Microsoft Sentinel > Incidents

Where can you find Notebooks in Sentinel?

Microsoft Sentinel > Notebooks

Where can you find threat intelligence in Sentinel?

Microsoft Sentinel > Threat Intelligence

Where can you find workbooks in Sentinel?

Microsoft Sentinel > Workbooks

What action allows the read/write of a custom role?

Microsoft.Authorization/roleDefinitions/*

Where can you see the activity log?

Monitor > Activity Log

Where can you specify a data collection endpoint?

Monitor > Data Collection Endpoint

Where can you specify data collection rules?

Monitor > Data Collection Rules

What is the name of the Azure Front Door component that refers to the host name or public IP of the application that services your request

Orgin

Which Azure AD license is required for dynamic groups?

P1

Where does Azure resource manager store parameters?

Parameters File

For Azure firewall, are child or parent polices applied first?

Parent

How is DDOS Network protection priced

Per 100 IPs

How is DDOS IP Protection Priced

Per IP

When creating a custom policy, what is the name of the rule?

PolicyRule

What is the minimum spend for Azure Dedicated HSM

$5 million

What type of file is used for multi-step web tests in Application Insights

.webtest

What is the minimum priority for a custom rule

100

What is the number of custom roles can you have?

100 per organization

Azure DDoS protection network provides protection for

100 public ip addresses per tenent

What is the maximum number of conditional access policies?

195 per organization

What is the number of dynamic groups and dynamic AUs?

5,000 per organization

How many role-assignable groups can you have

500 per organization

What ports are used for WinRM

5985 & 5986

What docker isolation mode should you use when containers can share the same kernel?

Process

How should one revoke access to a storage accounts?

Regenerate Storage Account Access Keys

In defender for cloud, what should you select after the scanner has run and you want to remediate

Remediate Security Configurations

For ADFS what do you need to give a 3rd party provider for them to integrate into your SSO?

SAML Metadata File

In the context of Microsoft Identity Platform for an Angular application?

SPA

What is the --scope for a role assignment

Scope at which a role applies

What is a User Delegation SAS

Secured with an AAD Account

What table are security events stored in?

SecurityEvent

For Defender External Attack Surface Management, what is used to discover attack surface?

Seeds

Where can TDE be enabled? Server, Database or Both?

Server

What DNS record is used to map an IP Address to a DNS Name

A

What DNS record should you use in App Service for a root domain? A NS TXT CNAME

A

What should you configure in application registration, when an application needs to authenticate with a certificate?

A Client certificate

How do you export logs from a storage account?

Storage > Activity Log > Export Activity Log

What is a sentinel incident?

A container of threats and alerts

Where are service endpoints enabled for storage?

Storage > Networking > Firewalls & Virtual Networks

How do you configure a storage private networking connection?

Storage > Networking > Private Endpoint Connection

What are virtual network hubs?

A feature of Azure Firewall to centralize virtual networks

What should you configure in application registration, when an application needs to authenticate with OAuth 2

A redirect URI

Where can you set access to an AKS Cluster?

AKS > Access

What is the name of the module that detects unusual SQL DB activity in defender?

ATP

What do you change in storage to allow/disallow anonymous access?

Access Level

In a custom role, what section defines what the role can do?

Actions

What do you need to integrate an Azure SQL Severs with Azure Active Directory?

Active Directory Admin

What DB encryption method can encrypt everything at rest?

TDE

For authentication, in what case is Signature hash used for?

Android

What DNS record is used help verify ownership of the domain

TXT

What DNS record is used to verify ownership of a custom domain?

TXT

What DNS record should you use in App Service to verify ownership of a domain? A NS TXT CNAME

TXT

For Azure Identity Protection, if a user is in a include and exclude group, what takes precedence?

The Include Group

Where do you enable a service endpoint?

The Virtual Network > Subnet > Service Endpoints

Where do you configure API permissions for an application?

App Registrations > API Permissions

Where can you allow public client flows?

App Registrations > Authentication

Where can you change application branding?

App Registrations > Branding & Properties

Where can you set a Certificate or Client Secret that's used by the application to identify itself?

App Registrations > Certificates & Secrets

What do azure functions under the hood?

App Service

How do you set a certificate in App Service?

App Service > Certificate

How do you manage AKS accounts with K8s local accounts?

The command line

In a custom role, what section defines where the role can be used?

AssignableScopes

What does application proxy do?

Authentication to On-Premsises apps

Use this Microsoft Identity Platform flow for Oauth 2 integration

Authorization Code

For conditional access, what controls if a user is enrolled in MFA (assuming user MFA is not set up)?

Azure AD P1 or P2 license

What AKS setting should you use if you want Azure AD to Authentication and Authorization?

Azure AD authentication with Azure RBAC

What AKS setting should you use if you want Azure AD to handle Authentication and the cluster to handle authorization?

Azure AD authentication with Kubernetes RBAC

What service allows the management of off-azure resources?

Azure Arc

What HSM type should be used for shrink wrapped software?

Azure Dedicated HSM

What HSM type should be used if you need to be FIPS 140-2 Level-3 Compliance?

Azure Dedicated HSM

What HSM type should be used if you're doing a lift-and-shift scenario?

Azure Dedicated HSM

What HSM type can be used if you need single tenent usage?

Azure Managed HSM

What is the name of the Agent automatically installed for Microsoft's cloud services?

Azure Monitoring Agent

What is the Azure-native solution to secure traffic between containers in AKS?

Azure Network Policy Manager

Where can you check Azure policy compliance?

Azure Policy > Compliance

What is the name of Azure's DLP and Data Management?

Azure Purview

What additional subnet in addition to AzureFirewallSubent does a basic Azure Firewall require?

AzureFirewallManagementSubnet

What is the name of the subnet used for Azure firewall

AzureFirewallSubnet

Where can you set conditional access policies?

Conditional Access > Polices

What can we use to automatically apply labels to data in Azure Information Protection?

Conditions

What does Defender for Cloud require to connect to another cloud?

Connector

Where do you set customer managed keys for Azure Container Instances?

Container Instance > Advanced

What is the routing priority for Azure Networks? Of BGP, Custom and System

Custom > BGP > System

How do you send alerts in Defender ATP without SIEM?

Email

Where can you classify permissions into low medium and high?

Enterprise Applications > Consent & Permission

Where can you set Admin Consent?

Enterprise Applications > Consent & Permission

Where can you set User Consent?

Enterprise Applications > Consent & Permission

Where can you set up permission classifications?

Enterprise Applications > Consent and Permissions

How do you specify which characters to show in a custom Dynamic Data Masking? In the form ... Prefix or ... Suffix

Exposed

For Virtual Network Gateway what name must be used for a virtual network subnet?

GatewaySubnet

What role is needed to activate PIM

Golbal Admin

What does Key Vault Premium get you?

HSM-backed resources

How do you connect an Azure App Service workload to another network (including on prem)?

Hybrid Connections

What docker isolation mode should you use when containers should not share the same kernel?

Hyper-V

Which networks can you add to an Azure firewall

In Region

Where does Azure resource manager define location?

In the template

What setting is set to configure double encryption?

Infrastructure Encryption

What Azure App Service setting is used to load certificates in code?

WEBSITE_LOAD_CERTIFICATES

When do you use a data collection endpoint in Azure Monitor?

When network isolation is required

What is the --assignee of a role assignment?

Where the role applies to

.pfx is a private certificate type

Yes

Are Azure Blobs protected by Customer Keys by default?

Yes

Are Azure Files protected by Customer Keys by default?

Yes

Can Azure IDP block access to the web service in response to a sign-in risk?

Yes

Can Azure IDP for a user to change his password in response to a user risk?

Yes

Can Azure IDP require MFA in response to a sign-in risk?

Yes

Can Azure Policy be applied to a resource?

Yes

Can Defender for cloud centrally manage firewalls?

Yes

Can Public Client/Native be used with delegated authorization?

Yes

Can Storage V1 Account's data plane be Accessed by Azure AD?

Yes

Can a B-Series VM Support Azure Disk Encryption

Yes

Can a D-Series VM Support Azure Disk Encryption

Yes

Can a VM WITH a temporary disk support Azure Disk Encryption

Yes

Can a VM with less than 4 GB of memory support Azure Disk Encryption

Yes

Can database audit logs be sent to an event grid

Yes

Can defender for cloud support other cloud enviroments?

Yes

Can multiple application gateways be deployed to the same subnet

Yes

Can the Microsoft Sentinel Contributor Account create automation playbooks?

Yes

Can you deploy an Application gateway of the same license type to the same subnet

Yes

Can you deploy application gateways to a /24 subnet

Yes

Can you deploy application gateways to a /27 subnet

Yes

Container Network Interface is used in AKS

Yes

Data collection endpoints can be deployed by region

Yes

Defender for SQL detects legitimate access from a breached computer

Yes

Do app service support .pfx certificates

Yes

Do app service support managed certificates?

Yes

Do app services support .cer cerficates?

Yes

Do function app suport TLS by default?

Yes

Do you need an ACR premium SKU for dedicated endpoints?

Yes

Do you need an ACR premium SKU for network rules?

Yes

Do you need an ACR premium SKU for private endpoints?

Yes

Do you need to install something on Server Core to set up disk encryption?

Yes

Do you need to make note of threat intelligence settings whenever you upgrade an Azure Firewall?

Yes

Does AKS Azure Network Policy Support CNI?

Yes

Does AKS Azure Network Policy Support Linux?

Yes

Does AKS Azure Network Policy Support Windows?

Yes

Does AKS Calico Network Policies Support Kubenet?

Yes

Does AKS Calico Network Policies Support Linux?

Yes

Does AKS-managed Azure AD integration on an existing AKS cluster require the creation of an AD group?

Yes

Does AKS-managed Azure AD integration on an existing AKS cluster require updating the cluster configuration?

Yes

Does Azure App Service require a dedicated subnet

Yes

Does Azure Backup support managed encrypted disks?

Yes

Does Azure Backup support support file & folder level recovery for unencrypted disks?

Yes

Does Azure Backup support unmanaged encrypted disks?

Yes

Does Azure defender for servers support JIT VM Access?

Yes

Does Azure defender for servers support adaptive application controls?

Yes

Does Azure defender for servers support adaptive network hardening?

Yes

Does Azure defender for servers support docker host hardening?

Yes

Does Azure defender for servers support file integrity monitoring?

Yes

Does Azure defender for servers support fileless attack detection?

Yes

Does Azure defender for servers support scanning for servers?

Yes

Does an Application Gateway V2 support Public ip with private IP

Yes

Does an Application Gateway V2 support Public ips

Yes

For AKS networking does CNI give each container an IP address?

Yes

For Azure Firewall, does a parent policy need to be the same region as the child policy?

Yes

Is MACsec supported for ExpressRoute?

Yes

Is SSTP supported for ExpressRoute?

Yes

Is a user delegation SAS a type of SAS

Yes

Is account a type of SAS

Yes

Is service a type of SAS

Yes

Is the following a Sentinel rule type: Anomaly

Yes

Is the following a Sentinel rule type: Fusion

Yes

Is the following a Sentinel rule type: ML

Yes

Is the following a Sentinel rule type: Microsoft Security

Yes

Is the following a Sentinel rule type: Near-real-time

Yes

Is the following a Sentinel rule type: Scheduled

Yes

Microsoft BPA is used to measure OS Security Posture

Yes

Should you assign the Application Developer role to developers who need to create applications?

Yes

To allow single sign on in Azure AD, you configure an Azure AD administrator for the database

Yes

To allow single sign on in Azure AD, you should grant a managed database access to Azure AD

Yes

Update management requires a log analytics agent

Yes

Update management requires an automation account

Yes

You can enable PIM for a Role

Yes

For authentication, in what case is Bundle ID used for?

iOS

What happens Azure Identity Protection if a medium sign-in risk is identified but per-user Azure AD MFA is disabled?

The user is blocked

What are the precedence of Azure Firewall Rules? Of threat intelligence, network and application

Threat Intelligence > Network > Application

To create a database user do you create a user from an external provider or a login from an external provider?

User

What is hunting in sentinel?

Using KQL to find threats

Where does Azure resource manager store variables?

Variables File

How do you enable Dynamic Data Masking in a Managed SQL Database?

Database > Dynamic Data Masking

How do you enable encryption on a managed SQL database?

Database Server > TDE

What Azure Monitor option allows customer managed and double-encrption?

Dedicated Cluster

Where can you check Regulatory Compliance?

Defender for Cloud

Where can you inventory assets?

Defender for Cloud

Where can you use defender for cloud to hunt for vulnerabilities?

Defender for Cloud > Cloud Security Explorer

Where can you see assets not monitored by defender?

Defender for Cloud > Inventory

Where can you see Defender for Cloud Findings?

Defender for Cloud > Recommendations

Where can you see Defender alerts?

Defender for Cloud > Security Alerts

Where can you track your secure score over time in Defender?

Defender for Cloud > Security Posture

Where can you find compliance workbooks in Defender?

Defender for Cloud > Workbooks

Is an Azure AD Premium P1 license required to create a dynamic user group?

No

Is the following a Sentinel rule type: Azure Security

No

Is the following a Sentinel rule type: Breach

No

Is the following a Sentinel rule type: IAM

No

What DNS record is used to map one DNS name to another

CNAME

What DNS record should you use in App Service for a wildcard domain? A NS TXT CNAME

CNAME

How do you use an Azure Key Vault for AKS? Azure Key Vault Provider for Secrets Store ... ...

CSI Driver

What is the open source solution to secure traffic between containers in AKS?

Calico Network Policies

How does Authentication work in Service Fabric?

Certificate in KeyVault

How do you manage AKS with Azure AD Accounts and K8s RBAC?

Cluster Admin Group

Is the following a Sentinel rule type: Policy

No

Microsoft BPA is used to measure Azure Security Posture

No

Should you assign the Application Administrator role to developers who need to create applications?

No

Should you ever share storage account keys?

No

Update management requires Azure Monitor

No

When a subscription gets moved to another directory, RBAC assignments are preserved

No

You can enable PIM for an Account

No

In a custom role, what section defines what the role can not do?

NotActions

In a custom role, what section defines what data plane actions the role does not allow?

NotDataActions

How do you send Azure SQL logs for a Database?

Database > Diagnostic Settings > Add Diagnostic Setting

When creating a policy, where can you specify the enforcement mode type?

AllowedValues

What DB encryption method can encrypt a column?

Always Encrypted

Minimum DDOS SKU for L3/L4 automatic attack mitigation

DDoS IP

Minimum DDOS SKU for integration with firewall manager

DDoS IP

Minimum DDOS SKU to protect Public IP Standard SKU

DDoS IP

Minimum DDOS SKU for DDoS Rapid Response support

DDoS Network

Minimum DDOS SKU for DDoS cost protection

DDoS Network

Minimum DDOS SKU for a WAF discount

DDoS Network

Minimum DDOS SKU to protect Public IP Basic SKU

DDoS Network

What do you use to discover data in Azure Purview

Data Catalog

What is used to manage stewardship in Azure Purview

Data Estate Insights

What is used to govern access to data in Azure Purview

Data Policy

In a custom role, what section defines what data plane actions the role allows?

DataActions

How do you enable Auditing in a Managed SQL Database?

Database > Auditing

For Managed SQL, how do you apply data discovery and classification?

Database > Data Discovery and Classification

Where can you set Providers or Phone call settings for MFA?

Multifactor Authentication

What DNS record specifies the DNS server for a domain

NS

What configurations are used to control network access in AKS?

NetworkPolicy

Azure relay supports the exposure of what sort of resources in the cloud?

On Premises

What is a temporary solution in case someone needs MFA disabled?

One-Time Code

.cer is a private certificate type

No

Application IDs are created before an application is registered

No

Are Azure Queues protected by Customer Keys by default?

No

Are Azure Tables protected by Customer Keys by default?

No

Can Azure IDP ask an administrator for help in response to a sign-in risk?

No

Can Azure IDP for a user to change his password in response to a sign-in risk?

No

Can Public Client/Native be used with application authorization?

No

Can a VM WITHOUT a temporary disk support Azure Disk Encryption

No

Can a VM with less than 1 GB of memory support Azure Disk Encryption

No

Can a VM with less than 2 GB of memory support Azure Disk Encryption

No

Can a single page app use a client secret?

No

Can access restrictions be applied to Application Gateways?

No

Can an A-Series VM Support Azure Disk Encryption

No

Can you deploy an Standard_v2 and a Standard Application gateway to the same subnet

No

Can you deploy other resources to a subnet with an application gateway

No

Can you enable JIT for a VM deployed in Classic?

No

Can you enable TLS on azure container instances in Azure?

No

Can you enable infrastructure encryption on an existing storage account?

No

Can you switch back to a server key from a customer key with cosmos DB

No

Container Network Interface is used in Docker

No

Do you need an ACR premium SKU for image signing?

No

Does AKS Azure Network Policy Support kubenet?

No

Does AKS Calico Network Policies Support CNI?

No

Does AKS Calico Network Policies Support Windows?

No

Does AKS-managed Azure AD integration on an existing AKS cluster require the creation of a service principle?

No

Does AKS-managed Azure AD integration on an existing AKS cluster require the deletion and re-creation of the cluster?

No

Does Azure App Service require a virtual network gateway

No

Does Azure Backup support support file & folder level recovery for encrypted disks?

No

Does Azure defender for servers support Azure automanage?

No

Does Azure defender for servers support identity protection?

No

Does an Application Gateway V2 support private ips without a public ip

No

Does the contributor role on a storage account provide access to the data plane?

No

For AKS networking does kubent give each container an IP address?

No

For Azure Firewall, does a parent policy need to be the same license as the child policy?

No

Is IPSec supported for ExpressRoute?

No

Is L2TP supported for ExpressRoute?

No

Is a TXT record required in App Service?

No

Is a user SAS a type of SAS

No

What is the KQL command for filtering time and dates?

ago()


Related study sets

COMPTIA SEC+ Practice Exam 6 (SY0-601)

View Set

CPE Sentence Transformations by patryk_walkowicz (edited)

View Set

Week 5: Wrist and Hand Diagnoses

View Set

Algebra Lesson 4.7 "absolute value inequalities"

View Set

Saunders NCLEX-RN Leadership Management Delegating & Prioritizing

View Set

Chapter 7, part2-Social Security Benefits and Taxation

View Set

Chapter 1: Environment and Theoretical Structure of Financial Accounting

View Set

Biological psychology Practice Quiz's clo 1

View Set

Concepts Review & Self Study CH 6

View Set

The Cosmic Perspective Fundamentals 2e: CH. 1-11, 12.3, 13.2, 14.1, 14.3

View Set