AZ-500 Secure compute, storage, and databases • Complete Question Bank
Complete AZ-500 Secure compute, storage, and databases question bank — all 0 questions with answers and detailed explanations.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Full access to all resources including delegation
Create and manage resources but cannot grant access
View resources only
Manage user access to Azure resources
Manage security policies and view security alerts
Drag a concept onto its matching description — or click a concept then click the description.
Recover deleted vaults and objects within retention period
Prevents permanent deletion until retention period ends
Periodically replace cryptographic keys
Grant permissions to users, groups, or applications
Use Azure RBAC to manage access to vaults
Drag a concept onto its matching description — or click a concept then click the description.
Data is encrypted when stored on disk
Data is encrypted during network transmission
Azure encrypts data before writing to storage
Data encrypted by client before sending to Azure
Encrypts OS and data disks using BitLocker/DM-Crypt
{
"properties": {
"encryption": {
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyvaulturi": "https://kv-vault.vault.azure.net/",
"keyname": "diskencryptionkey",
"keyversion": "1"
}
}
}
}az storage account create \ --name mystorageaccount \ --resource-group myResourceGroup \ --location eastus \ --sku Standard_GRS \ --kind StorageV2 \ --https-only true \ --min-tls-version 1.2
Refer to the exhibit.
{
"properties": {
"encryption": {
"services": {
"blob": {
"enabled": true
},
"file": {
"enabled": true
}
},
"keySource": "Microsoft.Storage"
}
}
}Refer to the exhibit.
{
"type": "Microsoft.Sql/servers/databases/securityAlertPolicies",
"apiVersion": "2023-08-01-preview",
"properties": {
"state": "Enabled",
"emailAccountAdmins": true,
"emailAddresses": ["admin@contoso.com"],
"disabledAlerts": [],
"retentionDays": 30
}
}Refer to the exhibit.
```json
{
"properties": {
"encryption": {
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "MyDiskEncryptionKey",
"keyversion": "",
"keyvaulturi": "https://mykeyvault.vault.azure.net/"
}
}
}
}
```Refer to the exhibit.
```json
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2023-01-01",
"properties": {
"minimumTlsVersion": "TLS1_2",
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Deny",
"ipRules": [],
"virtualNetworkRules": []
},
"supportsHttpsTrafficOnly": true
}
}
```Refer to the exhibit. ``` PS Azure:\> Get-AzSqlDatabaseAdvancedThreatProtectionSetting -ResourceGroupName RG1 -ServerName sqlsrv1 -DatabaseName db1 ResourceGroupName : RG1 ServerName : sqlsrv1 DatabaseName : db1 State : Disabled ```
{
"properties": {
"encryption": {
"services": {
"blob": {
"enabled": true
},
"file": {
"enabled": true
}
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "MyCMK",
"keyversion": "1",
"keyvaulturi": "https://mykeyvault.vault.azure.net/"
}
}
}
}SELECT
DatabaseName,
ProtectionLevel,
KeyStoreProviderName,
KeyPath
FROM sys.column_master_keys;{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2023-01-01",
"name": "mystorageaccount",
"location": "[resourceGroup().location]",
"sku": {
"name": "Standard_GRS"
},
"kind": "StorageV2",
"properties": {
"supportsHttpsTrafficOnly": true,
"encryption": {
"keySource": "Microsoft.Storage"
}
}
}
]
}Refer to the exhibit.
{
"properties": {
"encryption": {
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyvaulturi": "https://myvault.vault.azure.net/keys/mykey",
"keyname": "mykey",
"keyversion": "1.0"
},
"services": {
"blob": {
"enabled": true
},
"file": {
"enabled": true
}
}
},
"networkAcls": {
"defaultAction": "Deny"
}
}
}Refer to the exhibit.
$storageAccount = Get-AzStorageAccount -ResourceGroupName "RG1" -Name "storagedata1"
$ctx = $storageAccount.Context
Get-AzStorageBlob -Container "data" -Context $ctx | Where-Object {$_.BlobType -eq "BlockBlob" -and $_.AccessTier -eq "Cool"} | Set-AzStorageBlobAccessTier -AccessTier "Hot" -PassThruRefer to the exhibit. AzureDiagnostics | where ResourceProvider == "MICROSOFT.STORAGE" | where OperationName == "GetBlob" | where ObjectKey endswith ".pdf" | where StatusCode == 403 | summarize Count = count() by CallerIPAddress, UserAgentHeader | top 10 by Count desc
{
"properties": {
"encryption": {
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyvaulturi": "https://mykeyvault.vault.azure.net/",
"keyname": "myencryptionkey",
"keyversion": "1234567890abcdef"
}
}
}
}{
"properties": {
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Deny",
"ipRules": [
{
"action": "Allow",
"value": "203.0.113.0/24"
}
],
"virtualNetworkRules": []
}
}
}{
"properties": {
"encryption": {
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyvaulturi": "https://mykeyvault.vault.azure.net/",
"keyname": "mykey",
"keyversion": ""
}
},
"identity": {
"type": "SystemAssigned"
}
}
}Refer to the exhibit.
{
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Storage/storageAccounts"
},
{
"field": "Microsoft.Storage/storageAccounts/networkAcls.defaultAction",
"equals": "Deny"
}
]
},
"then": {
"effect": "deny"
}
}Refer to the exhibit.
{
"properties": {
"encryption": {
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "MyCMK",
"keyversion": "",
"keyvaulturi": "https://mykeyvault.vault.azure.net/keys/MyCMK"
},
"infrastructureEncryption": "Enabled"
}
}
}Refer to the exhibit. $config = New-AzStorageAccountManagementPolicyFilter -PrefixMatch 'logs' -BlobType 'blockBlob' $action = Add-AzStorageAccountManagementPolicyAction -BaseBlobAction Delete -DaysAfterModificationGreaterThan 30 $rule = New-AzStorageAccountManagementPolicyRule -Name 'DeleteLogs' -Action $action -Filter $config -Enabled $true Set-AzStorageAccountManagementPolicy -ResourceGroupName 'rg1' -StorageAccountName 'st1' -Rule $rule
{
"properties": {
"encryption": {
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "MyKey",
"keyversion": "c3910b4a7a924e6e8f9a1b2c3d4e5f6g",
"keyvaulturi": "https://myvault.vault.azure.net/keys/MyKey/"
}
}
}
}{
"properties": {
"encryption": {
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "MyDiskEncryptionKey",
"keyversion": "a1b2c3d4e5f6...",
"keyvaulturi": "https://mykeyvault.vault.azure.net/"
}
}
}
}{
"properties": {
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.diskEncryptionSet.id",
"exists": "false"
}
]
},
"then": {
"effect": "deny"
}
}
}
}Refer to the exhibit.
{
"properties": {
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Storage/storageAccounts"
},
{
"field": "Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly",
"equals": "false"
}
]
},
"then": {
"effect": "deny"
}
}
}
}