Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Manage identity and access practice sets

AZ-500 Manage identity and access • Complete Question Bank

AZ-500 Manage identity and access — All Questions With Answers

Complete AZ-500 Manage identity and access question bank — all 0 questions with answers and detailed explanations.

177
Questions
Free
No signup
Certifications/AZ-500/Practice Test/Manage identity and access/All Questions
Question 1hardmultiple choice
Read the full Manage identity and access explanation →

A company uses Azure AD Identity Protection. They want to automatically block sign-ins that have a high user risk level, but only for users in the 'Finance' department. They also want to require MFA for medium user risk level for all users (including Finance) when sign-in risk is not blocked. They have already created a Conditional Access policy for the Finance department that has a condition of 'User risk level: High' and a grant control of 'Block access'. What additional configuration is needed to also require MFA for all users with medium user risk?

Question 2hardmulti select
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) to manage access to Azure AD roles. They want to require that users who activate the Global Administrator role must get approval from their manager before activation, and that the approval must be time-bound (maximum 8 hours). Which two PIM configurations should they set?

Question 3hardmultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) to manage the Global Administrator role. They want to require that when a user activates the role, they must be using a device that is compliant with Intune policies (e.g., compliant device) and must provide a justification. The company already has Conditional Access policies in place for regular access. How should they enforce the device compliance requirement specifically during PIM activation?

Question 4hardmultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) for the Global Administrator role. They have configured the role activation to require approval from a specific security group. When a user attempts to activate the role, they are immediately approved without any approval request being sent. The user is a member of the same security group that is configured as the approver. What is the most likely cause?

Question 5hardmultiple choice
Read the full Manage identity and access explanation →

A company has a partner organization in another Azure AD tenant. They want to allow users from the partner tenant to access their Azure resources through Azure AD B2B collaboration. They also want the partner's Multi-Factor Authentication (MFA) claims to be trusted when partner users access their resources, so that they do not need to perform MFA again. Which configuration in cross-tenant access settings should they enable?

Question 6mediummultiple choice
Read the full VPN explanation →

A company has an on-premises web application that they want to expose to external users over the internet without requiring a VPN. External users must authenticate with Modern Authentication (e.g., using Azure Multi-Factor Authentication) and access policies must be enforced via Conditional Access. The application does not support SAML or OAuth. Which Azure service should they use to publish this application securely?

Question 7mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Azure AD Identity Protection and Conditional Access. A user is detected with a 'High' user risk level due to suspicious activity. The security team wants to automatically block sign-ins for this user, but only when the sign-in originates from a location that is not in the company's list of trusted IPs. They have created a Conditional Access policy targeting all users. Which configuration should they add to the policy to achieve this?

Question 8hardmultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) for the Security Administrator role. The security policy requires that when a user activates the Security Administrator role, they must: 1) Provide a justification, 2) Get approval from a designated security group, and 3) The activation must last a maximum of 4 hours. Which combination of PIM settings should they configure?

Question 9hardmultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) to manage access to critical roles. They want to require that users who are eligible for the 'Security Administrator' role must provide a support ticket number in the justification when activating the role. Additionally, they want to set a maximum activation duration of 4 hours. Which PIM role setting should they configure?

Question 10hardmultiple choice
Read the full Manage identity and access explanation →

A company has Azure AD Conditional Access policies that require multi-factor authentication (MFA) for all users accessing sensitive cloud apps. The security team wants to extend this protection by monitoring and controlling user activities within those applications (e.g., preventing data exfiltration during a session). Which Conditional Access session control should they implement?

Question 11mediummultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) to manage the 'Global Administrator' role. The security team wants to ensure that when a user activates the role, they must provide a justification, and the activation request must be approved by a specific group of security administrators. They have already configured the role for activation with a maximum duration of 8 hours. Which additional PIM settings should they configure?

Question 12hardmultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) for the Security Administrator role. They have configured the role activation to require Azure Multi-Factor Authentication and a support ticket number. However, users are reporting that they can activate the role without entering a ticket number. What is the most likely cause?

Question 13hardmultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) for the Security Administrator role. They want the activation of this role to require approval from a specific group of senior security engineers before the role becomes active. They also want the approvers to receive an email notification when an activation request is submitted. Which PIM configuration must be set?

Question 14mediummultiple choice
Read the full Manage identity and access explanation →

A company uses Azure Active Directory (Azure AD) and has a conditional access policy that requires multi-factor authentication (MFA) for all external users accessing SharePoint Online. However, the security team wants to enforce that external users must re-authenticate every 30 minutes when accessing SharePoint. Which control should they configure in a new conditional access policy targeting SharePoint Online?

Question 15mediummulti select
Study the full multicast explanation →

A company manages Azure AD roles with Privileged Identity Management (PIM). They want to enforce that when a user activates the Global Administrator role, they must provide a justification and also use Multi-Factor Authentication. Which PIM settings should they configure? (Choose two.)

Question 16mediummultiple choice
Read the full Manage identity and access explanation →

A company uses Azure AD B2B collaboration to invite external partner users to collaborate on a project. The security team wants to ensure that when a partner user's account is disabled in their home Azure AD tenant, the user should immediately lose access to the company's resources, even if the user had a valid session token. Which configuration should they implement in cross-tenant access settings?

Question 17mediummultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) to manage the 'Security Administrator' role. They want to ensure that when a user activates the role, they must provide a ticket number as justification, and the activation must be approved by a designated approver group. The role activation duration should be limited to 4 hours. Which PIM settings should be configured?

Question 18mediummultiple choice
Read the full Manage identity and access explanation →

A company uses Azure AD Identity Protection. They have detected a user with a 'High' user risk level due to suspicious activity. The security team wants to automatically block sign-ins for this user only when the sign-in comes from a location that is not in the company's list of trusted IPs. They have created a Conditional Access policy. Which configuration should they use?

Question 19mediummultiple choice
Read the full Manage identity and access explanation →

A company uses Azure AD B2B collaboration to invite external partner users. The security policy requires that guest users who have not signed in for more than 90 days should have their access automatically reviewed and, if not approved, removed. The company has Azure AD Premium P2 licenses. Which Azure AD feature should they configure to meet this requirement?

Question 20mediummultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) for the Global Administrator role. They want to ensure that when a user activates the role, the activation request must be approved by a member of the 'Global Admin Approvers' group, and the activation should be time-bound with a maximum of 4 hours. Which PIM settings should they configure?

Question 21mediummultiple choice
Read the full Manage identity and access explanation →

A company has Azure AD Identity Protection enabled. The security team wants to automatically block sign-ins that are detected as coming from a known malicious IP address. They have created a Conditional Access policy and assigned it to all users. Which configuration should they add to the policy to trigger the block based on Identity Protection risk?

Question 22mediummultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) to manage access to the 'Security Administrator' role. They want a specific user to be able to activate the role only when needed, rather than having standing access. The user should not have the role active at all times. Which type of assignment should they configure for this user in PIM?

Question 23mediummultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) to manage the 'Security Administrator' role. They want to require that when a user activates this role, they must provide a support ticket number and a brief justification. Additionally, the activation should have a maximum duration of 4 hours. Which PIM role setting should they configure?

Question 24mediummultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) to manage access to Azure resources. They want to enforce that when a user activates the Contributor role for a specific resource group, they must provide a ticket number as justification and the activation is limited to 4 hours. Which PIM settings should they configure?

Question 25easymultiple choice
Read the full Manage identity and access explanation →

A company uses Azure AD with Premium P2 licenses. They want to require that all new users register for Azure Multi-Factor Authentication (MFA) within 14 days of their first sign-in. If they do not register, they should be denied access to all cloud applications until registration is completed. Which Azure AD feature should they configure?

Question 26mediummultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) for Azure AD roles. They want to require that when a user activates the Security Administrator role, they must provide a justification and the activation must be approved by a member of a specific security group. Which PIM setting should they configure?

Question 27mediummultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) to manage the 'Security Administrator' role. They want users who activate this role to provide a justification and a support ticket number, and they want the activation to expire after a maximum of 4 hours. Which PIM role settings should they configure?

Question 28mediummultiple choice
Read the full Manage identity and access explanation →

A company uses Azure AD Identity Protection. They want to automatically block sign-ins that are detected as having a high sign-in risk. They have created a Conditional Access policy and assigned it to all users. Which configuration should they add to the policy to trigger the block based on the sign-in risk?

Question 29mediummultiple choice
Read the full Manage identity and access explanation →

A company uses Azure AD B2B collaboration to invite external vendors. They want to restrict the vendors to only be able to access a specific application, and prevent them from discovering other users or applications in the directory. Which configuration should they apply to the external users?

Question 30mediummultiple choice
Read the full Manage identity and access explanation →

A company wants to ensure that users can only access Microsoft 365 services (e.g., Exchange Online, SharePoint Online) from devices that are confirmed to be compliant with corporate security policies (e.g., encryption enabled, antivirus active). Which Azure AD policy type should they create?

Question 31easymultiple choice
Read the full Manage identity and access explanation →

A company has a subscription with Azure Active Directory (Azure AD). They want to enable a conditional access policy that requires all users to use multi-factor authentication (MFA) when accessing the Azure portal. The policy should only apply to users who are members of a group called 'AllUsers'. Which assignment should they configure in the policy?

Question 32mediummultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) to manage the 'Security Administrator' role. They want to require that activation of this role must be approved by a designated group of security engineers before it becomes active. Which PIM role setting should they configure?

Question 33mediummultiple choice
Read the full Manage identity and access explanation →

A company uses Azure AD. They want to ensure that all users enroll in Azure Multi-Factor Authentication (MFA) within 14 days of their first sign-in. After 14 days, any user who has not enrolled must be blocked from accessing applications. Which configuration should they implement?

Question 34easymultiple choice
Read the full Manage identity and access explanation →

A company uses Azure Active Directory and has guest users invited via B2B collaboration. The security team wants to require that all guest users from specific external organizations must complete multi-factor authentication (MFA) when accessing the company's SaaS applications. Which Conditional Access policy configuration should they use?

Question 35mediummultiple choice
Read the full Manage identity and access explanation →

A company uses Azure AD Identity Protection and Conditional Access. They want to automatically block user access to cloud applications when Identity Protection detects that a user's sign-in risk level is high. Which configuration should they use in a Conditional Access policy?

Question 36mediummultiple choice
Read the full Manage identity and access explanation →

A company uses Azure AD Conditional Access. They want to require multi-factor authentication (MFA) for all users accessing the Azure portal, but only when the sign-in risk level is medium or above. Which configuration should they use in the Conditional Access policy?

Question 37easymultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) for the 'Security Administrator' role. They want to ensure that when a user activates the role, they must provide a justification, and the activation requires approval from a designated security group. Which PIM role settings should they configure?

Question 38mediummultiple choice
Read the full Manage identity and access explanation →

A company wants to allow external business partners to access specific SharePoint Online sites using their own corporate credentials. They do not want to manage partner accounts in their own Azure AD tenant. Which Azure AD feature should they use?

Question 39mediummultiple choice
Read the full Manage identity and access explanation →

A company uses Azure Active Directory (Azure AD) and wants to regularly review the membership of a group that grants access to a critical application. Each member must attest their continued need for access. Which Azure AD feature should they use?

Question 40easymultiple choice
Read the full Manage identity and access explanation →

A company has Azure AD with Premium P2 licenses. They want to enforce Azure Multi-Factor Authentication (MFA) for all users accessing the Azure portal from untrusted networks, but only after the user has successfully entered their password. Which Conditional Access grant control should they configure?

Question 41easymultiple choice
Read the full Manage identity and access explanation →

A company develops a web application that runs on Azure App Service. The application needs to access Azure Key Vault to retrieve secrets. The security team wants to avoid using service principals or connection strings. Which identity should they assign to the App Service to authenticate to Key Vault?

Question 42mediummultiple choice
Read the full Manage identity and access explanation →

A company uses Azure AD Conditional Access. They need to restrict access to a cloud application such that users with unmanaged devices can only view data but cannot download it. Which Conditional Access session control should they enable?

Question 43mediummultiple choice
Read the full Manage identity and access explanation →

A company uses Azure AD Conditional Access. They want to block sign-ins from countries where the company does not have offices. They have a list of allowed countries. Which condition should they configure in the Conditional Access policy?

Question 44mediummultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) to manage the 'Security Administrator' role. They want a user to be able to activate this role for a maximum of 2 hours per activation. Which PIM setting should they configure?

Question 45easymultiple choice
Read the full Manage identity and access explanation →

A company wants to require that users perform multi-factor authentication (MFA) when accessing a critical enterprise application, but only when they are outside the corporate network. They have Azure Active Directory Premium P1 licenses. Which feature should they use to enforce this requirement?

Question 46mediummultiple choice
Study the full multicast explanation →

A company uses Azure AD Privileged Identity Management (PIM) for Azure AD roles. They want to require that users must perform multi-factor authentication (MFA) when activating a role. Which PIM setting should they configure?

Question 47hardmultiple choice
Read the full Manage identity and access explanation →

A company uses Microsoft Defender for Cloud's Just-In-Time (JIT) VM access to manage RDP connections to a critical jump-box virtual machine. The company has a CI/CD pipeline running on Azure DevOps agent pools that needs to periodically RDP into this VM to deploy software. The agent pool's source IP addresses are dynamic and change frequently. They want the pipeline to automatically request JIT access before each deployment without manual intervention. Which approach should they implement?

Question 48hardmulti select
Read the full Manage identity and access explanation →

A security team uses Microsoft Defender for Cloud to centralize security alerts. They want to continuously export all security alerts to a Log Analytics workspace for long-term retention and custom analysis. Which two actions must be taken to achieve this? (Choose two that apply.)

Question 49hardmultiple choice
Read the full Ansible explanation →

A security operations team uses Microsoft Sentinel. They have created a playbook that sends an email notification to the security team when a high-severity incident is created by a specific analytics rule named 'CriticalRDPAccess'. They want the playbook to trigger automatically only when the incident has severity 'High' AND the incident was created by the rule named 'CriticalRDPAccess'. Which automation rule configuration should they use?

Question 50mediummultiple choice
Read the full Ansible explanation →

A security operations team uses Microsoft Sentinel. They create a playbook that changes the severity of an incident from 'Medium' to 'High' when a specific indicator of compromise (IOC) is detected within the incident's entities. The team wants this playbook to run automatically as soon as the incident is created, without manual intervention. Which type of automation rule trigger should they configure to invoke the playbook?

Question 51hardmultiple choice
Read the full Manage identity and access explanation →

A security team uses Microsoft Sentinel. They create a scheduled analytics rule that queries Azure Activity Logs to detect virtual machines deployed in non-approved regions. The rule generates an incident. The team wants the incident to be automatically assigned to the 'Infrastructure' team and its severity set to 'High' when it is created. Which automation feature should they use?

Question 52mediummultiple choice
Read the full Manage identity and access explanation →

A security team uses Microsoft Defender for Cloud. They have assigned a custom regulatory compliance initiative that includes policies to enforce encryption on storage accounts and SQL databases. They want to automatically remediate any non-compliant resources as soon as they are created, without manual intervention. Which feature should they configure?

Question 53mediummultiple choice
Read the full Manage identity and access explanation →

A company uses Microsoft Defender for Cloud. They have assigned a custom regulatory compliance initiative that includes policies to enforce encryption on storage accounts and SQL databases. They want to automatically remediate any non-compliant resources that are discovered, without manual intervention. Which feature should they configure?

Question 54mediummultiple choice
Read the full Manage identity and access explanation →

A security team uses Microsoft Sentinel. They want to create a custom detection rule that identifies a potential data exfiltration scenario: when a user signs in from an unusual location and then, within 30 minutes, performs a large download from Azure Blob Storage. They need to correlate sign-in logs from Azure AD with storage diagnostic logs. Which type of analytics rule should they create in Microsoft Sentinel?

Question 55hardmultiple choice
Read the full Manage identity and access explanation →

A security team uses Microsoft Defender for Cloud to protect Azure virtual machines. They want to implement application allowlisting to prevent execution of unauthorized software on a set of Windows Server VMs. They need to create a baseline of allowed applications and then enforce the allowlist. Which Defender for Cloud feature should they enable?

Question 56mediummultiple choice
Read the full Manage identity and access explanation →

A security team uses Microsoft Defender for Cloud. They want to ensure that all Azure virtual machines have the guest configuration extension installed to apply a security baseline automatically. They need to remediate non-compliant VMs without manual intervention. Which Defender for Cloud feature should be configured?

Question 57mediummultiple choice
Read the full Manage identity and access explanation →

A security team uses Microsoft Defender for Cloud to monitor the security posture of a hybrid environment that includes on-premises servers connected via Azure Arc. They want to enable a vulnerability assessment solution that automatically scans all servers (both Azure VMs and on-premises Arc-enabled servers) for OS vulnerabilities. Which solution should they enable directly from Defender for Cloud?

Question 58mediummulti select
Read the full Manage identity and access explanation →

A security team wants to use Microsoft Sentinel to detect potential data exfiltration events from Azure Blob Storage. Which two logs should they ingest to best identify unauthorized read access and data transfer activities? (Choose two.)

Question 59hardmultiple choice
Read the full Manage identity and access explanation →

A security analyst uses Microsoft Defender for Cloud. They need to continuously monitor the security posture of their Azure subscription against the Microsoft cloud security benchmark (MCSB). They want to see the current compliance score and specific recommendations for failing controls. Which Defender for Cloud feature should they use?

Question 60mediummultiple choice
Read the full Manage identity and access explanation →

A company uses Microsoft Defender for Cloud to monitor its security posture. The compliance team wants to receive email notifications immediately when a control in the ISO 27001 regulatory compliance standard fails. They want to be alerted only when specific controls change from 'compliant' to 'non-compliant'. Which feature should they configure?

Question 61mediummultiple choice
Read the full Manage identity and access explanation →

A security operations team uses Microsoft Sentinel. They are investigating a security incident that involves multiple alerts from different Azure resources. They need to see the entire attack timeline and all related entities (such as user accounts, IP addresses, and hosts) in a single, visual graph to understand the scope of the attack. Which Microsoft Sentinel feature should they use?

Question 62hardmultiple choice
Read the full Manage identity and access explanation →

A security operations team uses Microsoft Sentinel. They have a scheduled analytics rule that generates an incident when a user signs in from an unusual location. They want to automatically assign the incident to the 'Security Engineering' team and set its severity to 'High' when it is created. Which feature should they use?

Question 63mediummultiple choice
Read the full Ansible explanation →

A security operations team uses Microsoft Sentinel. They want to create an automation that automatically changes the severity of an incident from 'Medium' to 'High' when a specific indicator of compromise (IOC) is observed in the incident's entities. The playbook should run immediately when the incident is created. Which type of automation rule trigger should they configure?

Question 64mediummultiple choice
Read the full NAT/PAT explanation →

A security team uses Microsoft Defender for Cloud to monitor Azure virtual machines. They want to automatically install a specific endpoint protection solution on all Windows VMs that are currently missing it, without manual intervention. The solution is not integrated natively with Defender for Cloud. Which feature should they use?

Question 65mediummultiple choice
Read the full Manage identity and access explanation →

A security team uses Microsoft Sentinel. They want to detect a potential privilege escalation scenario: when a user is added to the Global Administrator role in Azure AD (audit log) and within 10 minutes that user signs in from a suspicious location (sign-in log). Which type of analytics rule should they create to correlate these two different log sources?

Question 66hardmultiple choice
Read the full Manage identity and access explanation →

An organization uses Microsoft Defender for Cloud. They want to implement just-in-time (JIT) VM access for a set of production VMs. However, the security team needs to ensure that JIT access requests are always approved by a manager before opening ports. Which configuration should they use?

Question 67mediummultiple choice
Read the full Ansible explanation →

A security team uses Microsoft Sentinel. They have created a playbook that isolates a virtual machine by modifying a network security group rule. They want this playbook to execute automatically whenever a new incident of type 'Suspicious VM activity' is created. Which Microsoft Sentinel feature should they use to trigger the playbook?

Question 68mediummultiple choice
Read the full Manage identity and access explanation →

A security analyst is using Microsoft Sentinel to investigate a security incident. The analyst needs to view all related events, alerts, and entities (users, IPs, hosts) in a single, interactive graph to understand the full scope of the attack. Which Microsoft Sentinel feature should they use?

Question 69mediummultiple choice
Read the full Manage identity and access explanation →

A security team uses Microsoft Defender for Cloud to monitor the security posture of their Azure environment. They want to ensure that the Log Analytics agent is automatically installed on all new Azure virtual machines as soon as they are provisioned, to collect security logs. Which feature should they enable in Defender for Cloud?

Question 70mediummultiple choice
Read the full Manage identity and access explanation →

A company uses Microsoft Defender for Cloud to manage its security posture. The compliance team wants to monitor the subscription's compliance with the Payment Card Industry Data Security Standard (PCI DSS). They need to view a detailed compliance report and track progress over time. What should they do in Defender for Cloud?

Question 71mediummultiple choice
Read the full Ansible explanation →

A security team uses Microsoft Sentinel. They want to automatically isolate a compromised virtual machine by applying a network security group (NSG) rule. They have created a playbook in Azure Logic Apps that modifies the NSG. How should they trigger this playbook when an incident of type 'Suspicious VM activity' is created?

Question 72mediummultiple choice
Read the full Manage identity and access explanation →

A security operations team uses Microsoft Sentinel. They want to create a rule that generates an incident when an Azure virtual machine is deployed with a public IP address that is not in a predefined approved list. The rule should run every hour and query Azure Activity logs. Which type of analytics rule should they create?

Question 73mediummultiple choice
Read the full Manage identity and access explanation →

An organization uses Microsoft Defender for Cloud. They want to allow specific administrators to temporarily open RDP (port 3389) to a virtual machine only when needed, and for a limited time, while minimizing management overhead. Which Defender for Cloud feature should they use?

Question 74mediummultiple choice
Read the full Manage identity and access explanation →

A company uses Microsoft Defender for Cloud to manage security posture. The security team wants to receive alerts when a virtual machine has a vulnerability rated as 'Critical' by the integrated vulnerability assessment solution. Which Defender for Cloud plan must be enabled for the subscription to receive these alerts?

Question 75mediummultiple choice
Read the full Ansible explanation →

A company uses Microsoft Defender for Cloud to monitor security alerts. They receive an alert about a compromised virtual machine and want to automatically execute a playbook that isolates the VM by modifying the network security group. Which Defender for Cloud feature should they use to create this automated response?

Question 76mediummultiple choice
Read the full Manage identity and access explanation →

A security operations team uses Microsoft Sentinel for security monitoring. They want to automatically create an incident and send an email to the on-call security engineer when a specific event occurs in Azure Activity Log, such as someone disabling a key vault firewall. Which automation feature should they configure?

Question 77mediummultiple choice
Read the full Manage identity and access explanation →

A security team uses Microsoft Defender for Cloud. They have enabled the integrated vulnerability assessment (VA) solution on their Azure virtual machines. They want to receive alerts when a VM has a vulnerability rated 'Critical' by the VA solution. Which Defender for Cloud plan must be enabled on the subscription?

Question 78mediummultiple choice
Read the full Manage identity and access explanation →

A security operations team uses Microsoft Sentinel to centralize security monitoring across their hybrid environment. They need to ingest AWS CloudTrail logs from an Amazon Web Services account to detect suspicious activities in their AWS environment. Which data connector should they configure in Microsoft Sentinel?

Question 79mediummultiple choice
Read the full Manage identity and access explanation →

A security team uses Microsoft Sentinel. They want to create a custom analytics rule that generates an incident whenever a user from a list of known malicious IP addresses attempts to sign in to any Azure AD app. They have imported the IP list into Sentinel using Threat Intelligence. Which rule type should they use?

Question 80mediummultiple choice
Read the full Manage identity and access explanation →

A security team uses Microsoft Sentinel. They want to automatically assign a severity level and an owner to every incident that is created from a specific analytics rule. The owner should be a specific security operations group. Which Microsoft Sentinel feature should they configure to achieve this automation?

Question 81mediummultiple choice
Read the full Manage identity and access explanation →

A security analyst is using Microsoft Sentinel to detect multi-stage attacks. They want to create an analytics rule that correlates a user sign-in from an unusual location with a subsequent data exfiltration attempt from Azure Blob Storage within one hour. Which type of analytics rule should they use?

Question 82mediummultiple choice
Read the full Manage identity and access explanation →

A company wants to use Microsoft Defender for Cloud to continuously assess their Azure resources against the Microsoft cloud security benchmark (MCSB). They need to view the current compliance score and specific recommendations for failing controls. Which feature in Defender for Cloud should they use?

Question 83easymultiple choice
Read the full Manage identity and access explanation →

A company uses Microsoft Defender for Cloud to protect their Azure virtual machines. They have enabled the integrated vulnerability assessment (VA) solution on all VMs. The security team wants to receive an alert when a VM is found to have a vulnerability rated as 'Critical' by the VA solution. Which Defender for Cloud plan must be enabled on the subscription?

Question 84mediummultiple choice
Read the full Manage identity and access explanation →

An organization is required to comply with the Health Insurance Portability and Accountability Act (HIPAA). They use Microsoft Defender for Cloud to manage their Azure security posture. Which feature in Defender for Cloud should they use to view their current compliance status against HIPAA controls?

Question 85easymultiple choice
Read the full Ansible explanation →

A security team uses Microsoft Sentinel. They have created a playbook in Azure Logic Apps that automatically isolates a compromised VM by modifying a network security group. They want the playbook to run automatically whenever an incident of type 'VM Isolation' is created. Which Microsoft Sentinel feature should they use to trigger the playbook automatically?

Question 86easymultiple choice
Read the full Manage identity and access explanation →

A security analyst uses Microsoft Sentinel. They want to create a scheduled analytics rule that runs every hour and queries Azure Activity logs to detect deployment of VMs in non-approved regions. They want to generate an incident automatically when suspicious activity is found. Which configuration is required to automatically create an incident?

Question 87mediummultiple choice
Read the full Manage identity and access explanation →

A security analyst uses Microsoft Defender for Cloud. They need to automatically apply a specific remediation action (e.g., enable audit logging) to a set of Azure SQL servers that are found to be non-compliant with a security policy. Which Defender for Cloud feature should they use?

Question 88easymultiple choice
Read the full Manage identity and access explanation →

A company uses Microsoft Defender for Cloud. They want to automatically apply a security recommendation (such as enabling encryption on storage accounts) to all existing resources that are found to be non-compliant without manual intervention. Which Defender for Cloud feature should they configure?

Question 89mediummultiple choice
Read the full Manage identity and access explanation →

A company uses Microsoft Defender for Cloud. The security team wants to receive a weekly email digest that includes the current Secure Score, the number of healthy and unhealthy resources, and a list of top recommendations. Which Defender for Cloud feature should they configure?

Question 90mediummultiple choice
Read the full Ansible explanation →

A security analyst uses Microsoft Sentinel. They have created a playbook that tags Azure VMs as 'isolated' when a high-severity malware alert is triggered. They want this playbook to run automatically whenever a related alert is generated. Which feature should they configure?

Question 91easymultiple choice
Read the full Manage identity and access explanation →

A security team uses Microsoft Defender for Cloud to improve their security posture across multiple subscriptions. They want to quickly identify which security recommendations have the highest potential to improve their security score if remediated. Which dashboard or feature should they use?

Question 92mediummultiple choice
Read the full Manage identity and access explanation →

A security analyst uses Microsoft Sentinel. They want to create a rule that triggers an incident when a user is added to a highly privileged Azure AD role (e.g., Global Administrator). The data source is Azure AD audit logs. Which type of analytics rule should they create?

Question 93mediummultiple choice
Read the full Manage identity and access explanation →

Security analysts in your company use Microsoft Sentinel to manage incidents. They want to automatically assign any incident with a severity of 'High' or 'Critical' to the senior analyst on duty. Which Microsoft Sentinel feature should they configure to accomplish this?

Question 94mediummultiple choice
Read the full Manage identity and access explanation →

A security team uses Microsoft Sentinel. They want to create a custom analytic rule that triggers an incident when more than 10 failed Azure Active Directory sign-ins occur from the same source IP address within any 5-minute window. Which type of rule should they use?

Question 95mediummultiple choice
Read the full Manage identity and access explanation →

A security team uses Microsoft Sentinel. They want to create a custom analytics rule that detects when a user account is created in Azure AD and then within 5 minutes attempts to access a sensitive SharePoint site. What should they use to correlate these two events?

Question 96mediummultiple choice
Read the full Manage identity and access explanation →

A security analyst uses Microsoft Defender for Cloud. They need to assess their Azure environment's compliance against the Payment Card Industry Data Security Standard (PCI DSS). Which dashboard in Defender for Cloud should they use to view the compliance status?

Question 97easymultiple choice
Read the full Manage identity and access explanation →

A company needs to demonstrate compliance with the Payment Card Industry Data Security Standard (PCI DSS) for their Azure workloads. They use Microsoft Defender for Cloud for security management. Which feature should they use to view their current compliance status against PCI DSS controls and track progress over time?

Question 98easymultiple choice
Read the full Manage identity and access explanation →

A company uses Microsoft Defender for Cloud to manage the security posture of their Azure workloads. The compliance officer needs to generate a report that shows the current compliance status against the SOC 2 standard, including the pass/fail status of each control. Which feature in Defender for Cloud should they use?

Question 99mediummultiple choice
Read the full Manage identity and access explanation →

A security team has a list of known malicious IP addresses from an external threat intelligence feed in CSV format. They want to import this list into Microsoft Sentinel and use it in analytics rules to detect incoming attacks. Which feature should they use?

Question 100easymultiple choice
Read the full Manage identity and access explanation →

A security team uses Microsoft Defender for Cloud to monitor the security posture of their Azure subscription. They want to ensure that whenever a new virtual machine is created, the Log Analytics agent is automatically installed to collect security events. Which feature should they configure in Defender for Cloud?

Question 101easymultiple choice
Read the full Manage identity and access explanation →

A security team uses Microsoft Defender for Cloud. They want to automatically enable the 'vulnerability assessment' solution on all existing and future Azure SQL Database servers that are not already configured. Which Defender for Cloud feature should they use to enforce this configuration across the subscription?

Question 102mediummultiple choice
Read the full Manage identity and access explanation →

An organization has deployed Microsoft Sentinel as their SIEM. They need to ingest audit logs from their Amazon Web Services (AWS) environment, including CloudTrail logs. Which data connector should they use in Microsoft Sentinel to collect these logs?

Question 103mediummultiple choice
Read the full Manage identity and access explanation →

A security team uses Microsoft Sentinel. They want to automatically block a user's account in Azure AD when a high-severity incident is created in Sentinel indicating the user's credentials are compromised. Which automation feature should they use?

Question 104mediummultiple choice
Read the full Manage identity and access explanation →

A security operations team uses Microsoft Sentinel. They want to create a custom analytics rule that detects when an Azure virtual machine is created with a public IP address that is not in an approved list. Which type of rule should they use?

Question 105mediummultiple choice
Read the full Manage identity and access explanation →

An organization is deploying Microsoft Sentinel to centrally collect and analyze security events. They need to ingest logs from multiple on-premises Windows servers located behind a firewall. Which agent should they deploy on those servers?

Question 106easymultiple choice
Read the full Manage identity and access explanation →

A security analyst uses Microsoft Defender for Cloud to monitor the security posture of their Azure subscription. They want to receive an email notification whenever a high-severity security alert is generated for any of their Azure resources. What should they configure in Defender for Cloud?

Question 107mediummultiple choice
Read the full Ansible explanation →

A security team uses Microsoft Sentinel. They want to create a playbook that automatically adds a tag 'isolated' to any Azure virtual machine that triggers a high-severity security alert. How should they configure the automation?

Question 108mediummultiple choice
Read the full Manage identity and access explanation →

A security team uses Microsoft Defender for Cloud. They want to receive a weekly email summary of the Secure Score, top recommendations, and new alerts for their subscription. Which feature should they configure?

Question 109mediummultiple choice
Read the full Manage identity and access explanation →

A security operations team uses Microsoft Sentinel. They want to automatically assign incidents to different tiers of analysts based on severity when incidents are created. Which feature should they configure?

Question 110easymultiple choice
Read the full Manage identity and access explanation →

A company uses Microsoft Defender for Cloud. They want to automatically implement a specific security recommendation (e.g., 'Enable encryption for Azure SQL Database') on all existing and future SQL Database instances in a subscription. Which feature should they use?

Question 111mediummultiple choice
Read the full network assurance explanation →

A security operations team uses Microsoft Sentinel. They need to collect Syslog messages from on-premises Linux servers for analysis. Which data connector should they use to ingest these logs into Sentinel?

Question 112easymultiple choice
Read the full Manage identity and access explanation →

A security team wants to receive a weekly email summary of the security posture of all their Azure subscriptions, including the Secure Score, top recommendations, and the number of healthy resources. Which Microsoft Defender for Cloud feature should they configure?

Question 113easymultiple choice
Read the full Manage identity and access explanation →

A security analyst uses Microsoft Defender for Cloud. They need to view the current compliance status of their Azure subscription against the Payment Card Industry Data Security Standard (PCI DSS). Which feature in Defender for Cloud should they use?

Question 114mediummultiple choice
Read the full Manage identity and access explanation →

An organization uses Microsoft Defender for Cloud. They want to receive alerts when Azure virtual machines do not have disk encryption enabled. What should they configure to achieve this?

Question 115mediummultiple choice
Read the full Manage identity and access explanation →

A security operations team uses Microsoft Sentinel. They want to enable User and Entity Behavior Analytics (UEBA) to detect anomalous user activities. Which configuration is required?

Question 116easymultiple choice
Read the full Manage identity and access explanation →

A company uses Microsoft Defender for Cloud. They want to receive alerts when a virtual machine has a vulnerability that is rated 'Critical' by the integrated vulnerability assessment solution. Which Defender for Cloud plan must be enabled?

Question 117easymultiple choice
Read the full Manage identity and access explanation →

A company uses Microsoft Defender for Cloud. They want to receive email notifications when a high-severity security alert is generated for any resource in the subscription. Which configuration should they make in Defender for Cloud?

Question 118easymultiple choice
Read the full Manage identity and access explanation →

A security analyst uses Microsoft Defender for Cloud. They want to view a list of all security recommendations for their Azure subscription, prioritized by their potential impact. Which Defender for Cloud dashboard should they use?

Question 119mediummultiple choice
Read the full Manage identity and access explanation →

A security engineer connects Azure virtual machines to Microsoft Defender for Cloud. The team wants vulnerability findings without installing a vulnerability scanner extension on each VM. Which capability should be enabled?

Question 120hardmultiple choice
Read the full Manage identity and access explanation →

A Sentinel analytics rule creates a new incident every time the same brute-force activity is detected for the same account within an hour. The SOC wants one incident that continues to group related alerts. What should be changed?

Question 121hardmulti select
Read the full VPN explanation →

A KQL query in Microsoft Sentinel detects impossible travel but returns many false positives from known VPN egress IP addresses. Which two changes would best reduce noise while preserving useful detections?

Question 122mediummultiple choice
Read the full Manage identity and access explanation →

A company wants Defender for Cloud to automatically open a Logic App when a high-severity alert is generated for a subscription. Which feature should be configured?

Question 123hardmultiple choice
Read the full Ansible explanation →

A Sentinel playbook fails to update incidents even though the Logic App runs successfully. The playbook uses a managed identity. What is the most likely missing configuration?

Question 124mediummultiple choice
Read the full Manage identity and access explanation →

An organization wants to export Defender for Cloud recommendations and alerts into a central Log Analytics workspace for retention and hunting. Which feature should they use?

Question 125hardmultiple choice
Read the full Manage identity and access explanation →

A SOC analyst needs a Sentinel query that detects multiple failed sign-ins followed by a successful sign-in for the same user. Which table is the best primary source?

Question 126mediummultiple choice
Read the full Manage identity and access explanation →

A cloud security team wants Defender for Cloud to assess AWS accounts and GCP projects from the same portal used for Azure posture management. What should they configure?

Question 127hardmultiple choice
Read the full Manage identity and access explanation →

A Defender for Cloud recommendation is valid for most subscriptions but not for a legacy subscription with an approved exception. The team wants secure score to reflect the exception without disabling the recommendation everywhere. What should they do?

Question 128mediummulti select
Read the full Manage identity and access explanation →

A team enables Microsoft Defender for Storage. Which two threats can the plan help detect?

Question 129hardmultiple choice
Read the full Manage identity and access explanation →

A Sentinel scheduled rule runs every 5 minutes and looks back 1 hour. Analysts see repeated alerts for the same event. Which change best prevents duplicate detections without missing late-arriving logs?

Question 130mediummultiple choice
Read the full Manage identity and access explanation →

A company wants to detect exposed internet-facing assets that are not yet known in its Azure inventory. Which Microsoft Defender capability is most relevant?

Question 131hardmultiple choice
Read the full Manage identity and access explanation →

A Sentinel data connector based on Azure Monitor Agent stops collecting Windows Security Events after migration from the legacy agent. What should the engineer verify first?

Question 132mediummultiple choice
Read the full Manage identity and access explanation →

A team wants to automatically deploy Defender for Cloud settings across new subscriptions under a management group. Which Azure capability should they use?

Question 133hardmultiple choice
Read the full Manage identity and access explanation →

A SOC wants a Sentinel rule to include account, host, and IP entities so analysts can pivot during investigation. What should be configured in the analytics rule?

Question 134mediummulti select
Read the full Manage identity and access explanation →

A company uses Defender for Servers Plan 2. Which two capabilities are included compared with a basic posture-only configuration?

Question 135hardmultiple choice
Read the full Ansible explanation →

An analyst creates a Sentinel automation rule and a playbook. The playbook should run only when incidents are created from a specific analytics rule and severity is High. Where should this filtering be configured?

Question 136mediummultiple choice
Read the full Manage identity and access explanation →

A security team wants to visualize MITRE ATT&CK coverage for Microsoft Sentinel analytics rules. Which Sentinel experience should they use?

Question 137hardmultiple choice
Read the full Manage identity and access explanation →

A KQL hunting query joins SecurityIncident with SecurityAlert but returns duplicate rows for incidents with multiple alerts. What KQL approach best preserves one row per incident while summarizing alert details?

Question 138mediummultiple choice
Read the full Manage identity and access explanation →

A DevOps team wants Defender for Cloud to identify secrets exposed in GitHub repositories. What should be configured?

Question 139hardmultiple choice
Read the full network assurance explanation →

A team wants Sentinel to ingest firewall logs from an appliance that emits Common Event Format over Syslog. Which connector pattern is most appropriate?

Question 140mediummultiple choice
Read the full Manage identity and access explanation →

A Defender for Cloud secure score recommendation says storage accounts allow public blob access. What remediation best addresses the root issue?

Question 141hardmultiple choice
Read the full Manage identity and access explanation →

An organization wants to detect when a privileged Azure role assignment is created outside the approved change window. Which log source should a Sentinel rule query?

Question 142mediummultiple choice
Read the full Manage identity and access explanation →

A company wants Defender for Cloud to recommend fixes for container image vulnerabilities stored in Azure Container Registry. Which capability is most relevant?

Question 143hardmultiple choice
Read the full Manage identity and access explanation →

A Sentinel analyst needs to preserve investigation notes, related entities, and ownership while escalating a case to another analyst. Which object should be updated?

Question 144mediummulti select
Read the full Manage identity and access explanation →

A security engineer needs to collect custom application logs from Azure VMs using Azure Monitor Agent for Sentinel analysis. Which two components are required?

Question 145hardmultiple choice
Read the full Manage identity and access explanation →

A Microsoft Sentinel rule should run with minimal delay against supported data sources and produce alerts close to event time. Which rule type should be considered?

Question 146mediummultiple choice
Read the full Manage identity and access explanation →

A Defender for Cloud recommendation requires enabling private endpoints for a storage account. Which security risk is primarily reduced?

Question 147hardmultiple choice
Read the full NAT/PAT explanation →

A Sentinel watchlist contains high-value administrator accounts. Which KQL pattern best uses it in a detection rule?

Question 148mediummultiple choice
Read the full Manage identity and access explanation →

A company wants to identify excessive permissions across Azure, AWS, and GCP identities. Which Microsoft security capability is designed for cloud infrastructure entitlement management?

Question 149hardmultiple choice
Read the full Manage identity and access explanation →

An analyst investigates a Defender for Cloud alert for suspicious process execution on a VM. Which next step best preserves evidence while enabling deeper endpoint investigation?

Question 150mediummultiple choice
Read the full Manage identity and access explanation →

A team wants Sentinel incidents to automatically assign to the Tier 2 queue when severity is High and the product name is Microsoft Defender for Endpoint. What should they configure?

Question 151hardmultiple choice
Read the full Manage identity and access explanation →

A compliance team wants evidence that Azure resources are evaluated against the Microsoft Cloud Security Benchmark. Which Defender for Cloud area should they use?

Question 152mediummultiple choice
Read the full Manage identity and access explanation →

A security engineer wants Defender for Cloud to detect threats against Azure SQL Database and SQL Server on Azure VMs. Which plan should be enabled?

Question 153hardmultiple choice
Read the full Manage identity and access explanation →

A Sentinel rule using a threat intelligence table fires on stale indicators that expired last week. What should be added to the query?

Question 154hardmultiple choice
Read the full Manage identity and access explanation →

A custom Azure role should allow operators to restart virtual machines but not delete them or change networking. Which permission design is most appropriate?

Question 155mediummultiple choice
Read the full NAT/PAT explanation →

An application hosted on an Azure VM needs to read secrets from Key Vault without storing credentials. Which identity pattern should be used?

Question 156hardmulti select
Read the full Manage identity and access explanation →

An enterprise app requests tenant-wide admin consent for Microsoft Graph permissions. Security wants to prevent unreviewed user consent while allowing approved apps. Which two controls help meet this requirement?

Question 157mediummultiple choice
Read the full Manage identity and access explanation →

A privileged administrator should activate the Security Administrator role only for approved work and for a limited time. What should be configured?

Question 158hardmultiple choice
Read the full Manage identity and access explanation →

A Conditional Access policy requiring compliant devices does not apply to Azure PowerShell access. Sign-in logs show the cloud app is excluded. What should be changed?

Question 159hardmulti select
Read the full Manage identity and access explanation →

A Conditional Access policy should reduce account takeover risk for administrators without blocking normal low-risk access. Which two signals or controls are most appropriate?

Question 160mediummulti select
Read the full Manage identity and access explanation →

A managed identity is used by an Azure Function to access Key Vault. Which two configurations are required?

Question 161hardmulti select
Read the full Manage identity and access explanation →

A security team is reviewing risky OAuth applications in Microsoft Entra ID. Which two actions reduce future consent risk?

Question 162mediummulti select
Read the full Manage identity and access explanation →

A Sentinel detection should enrich alerts with business-critical asset context. Which two mechanisms are appropriate?

Question 163hardmulti select
Read the full Manage identity and access explanation →

A team wants to deploy Sentinel content consistently across workspaces. Which two approaches are appropriate?

Question 164hardmulti select
Read the full Manage identity and access explanation →

A Defender for Cloud alert indicates possible credential theft on a VM. Which two response actions are sensible early containment steps?

Question 165mediummulti select
Read the full Manage identity and access explanation →

You are configuring Azure AD Conditional Access policies for a company that uses Microsoft Intune for mobile device management. Which three of the following conditions can be used to enforce access controls in a Conditional Access policy? (Choose three.)

Question 166mediummulti select
Study the full multicast explanation →

Your organization uses Azure AD Privileged Identity Management (PIM) to manage admin roles. Which three of the following are valid configurations for role activation? (Choose three.)

Question 167mediummulti select
Read the full Manage identity and access explanation →

You are designing an Azure RBAC role assignment strategy for a subscription. Which three of the following practices are recommended for secure role management? (Choose three.)

Question 168mediummulti select
Read the full Manage identity and access explanation →

Your company is implementing an Azure AD B2B collaboration strategy for external partners. Which three of the following statements about Azure AD B2B collaboration are correct? (Choose three.)

Question 169mediummulti select
Study the full multicast explanation →

You are a security engineer for a global enterprise that uses Microsoft Entra ID (formerly Azure Active Directory). The company requires that all administrative access to Azure resources be secured using Privileged Identity Management (PIM) and that access reviews are conducted regularly. You need to implement a solution that meets the following requirements: - Administrators must be able to activate their roles only during approved time windows. - All role activations must require Azure AD Multi-Factor Authentication (MFA). - Role activations must be limited to a maximum of 4 hours. - Access reviews must be performed every 90 days for all privileged roles. Which four of the following actions should you take to meet the requirements? (Choose four.)

Question 170mediumdrag order
Study the full multicast explanation →

Drag and drop the steps to configure Azure AD Privileged Identity Management (PIM) for a role into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 171mediumdrag order
Read the full Manage identity and access explanation →

Drag and drop the steps to assign an Azure RBAC role to a user at the resource group scope into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 172mediumdrag order
Read the full NAT/PAT explanation →

Drag and drop the steps to configure Azure Application Gateway with SSL termination using a Key Vault certificate into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 173mediumdrag order
Read the full Manage identity and access explanation →

Drag and drop the steps to configure Azure Disk Encryption for a Windows VM using Azure Key Vault into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 174mediummatching
Read the full Manage identity and access explanation →

Match each Azure security feature to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Just-in-time privileged access and role activation

Unified security management and threat protection

Safeguard cryptographic keys and secrets

Classify and protect documents and emails

Managed, cloud-based network security service

Question 175mediummatching
Read the full Manage identity and access explanation →

Match each Azure AD authentication method to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Syncs password hashes from on-prem to Azure AD

Validates passwords on-prem without storing hashes in cloud

Redirects authentication to on-prem identity provider

Requires second form of verification

Uses client certificates for authentication

Question 176mediummatching
Read the full Manage identity and access explanation →

Match each Azure Security Center tier to its capabilities.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Continuous assessment and security recommendations

Advanced threat protection for hybrid workloads

Just-in-time VM access, file integrity monitoring

Vulnerability assessment and threat detection

Detect unusual access patterns and threats

Question 177mediummatching
Read the full Manage identity and access explanation →

Match each Azure AD Conditional Access component to its role.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Context such as user, location, device, and risk

Criteria like user group, app, or sign-in risk

Require MFA, compliant device, or approved app

Limit user session within apps (e.g., app enforced restrictions)

Define trusted IP ranges or countries

Practice tests

Scored 10-question sessions with instant feedback and explanations.

AZ-500 Practice Test 1 — 10 Questions→AZ-500 Practice Test 2 — 10 Questions→AZ-500 Practice Test 3 — 10 Questions→AZ-500 Practice Test 4 — 10 Questions→AZ-500 Practice Test 5 — 10 Questions→AZ-500 Practice Exam 1 — 20 Questions→AZ-500 Practice Exam 2 — 20 Questions→AZ-500 Practice Exam 3 — 20 Questions→AZ-500 Practice Exam 4 — 20 Questions→Free AZ-500 Practice Test 1 — 30 Questions→Free AZ-500 Practice Test 2 — 30 Questions→Free AZ-500 Practice Test 3 — 30 Questions→AZ-500 Practice Questions 1 — 50 Questions→AZ-500 Practice Questions 2 — 50 Questions→AZ-500 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Secure identity and accessSecure compute, storage, and databasesSecure Azure using Microsoft Defender for Cloud and Microsoft SentinelManage identity and accessSecure networking

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Manage identity and access setsAll Manage identity and access questionsAZ-500 Practice Hub