Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsAZ-500TopicsSecure identity and access
Free · No Signup RequiredMicrosoft · AZ-500

AZ-500 Secure identity and access Practice Questions

20+ practice questions focused on Secure identity and access — one of the most tested topics on the Microsoft Azure Security Engineer Associate AZ-500 exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start Secure identity and access Practice

Exam Domains

Secure identity and accessSecure compute, storage, and databasesSecure Azure using Microsoft Defender for Cloud and Microsoft SentinelManage identity and accessSecure networkingAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample Secure identity and access Questions

Practice all 20+ →
1.

Your organization uses Microsoft Entra ID for identity management. You need to ensure that users can sign in using a one-time passcode sent to their mobile device, without requiring any additional app or software installation. Which authentication method should you enable?

A.One-time passcode (OTP)
B.Microsoft Authenticator app
C.FIDO2 security keys
D.Certificate-based authentication

Explanation: Option A is correct because the one-time passcode (OTP) authentication method in Microsoft Entra ID allows users to sign in with a temporary code sent via SMS to their mobile device, requiring no additional app or software installation. This method is specifically designed for scenarios where users cannot or should not install the Microsoft Authenticator app, such as for guest users or in bring-your-own-device (BYOD) environments. The OTP is generated by Entra ID and delivered over the mobile network, satisfying the requirement of no extra software.

2.

Your company has a Microsoft Entra ID tenant and uses Azure AD Application Proxy to publish on-premises web apps. Users report that they are prompted for their password every time they access the app, even though they selected 'Keep me signed in'. You need to improve the sign-in experience without compromising security. What should you configure?

A.Configure conditional access policies to require device compliance
B.Enable Seamless Single Sign-On (SSO) for the domain
C.Enable B2B collaboration for the app
D.Set 'Session lifetime' to 'Permanent' in sign-in frequency

Explanation: Seamless Single Sign-On (SSO) for the domain integrates with Azure AD Application Proxy to automatically authenticate users against on-premises Active Directory without prompting for credentials. This eliminates repeated password prompts while maintaining security by leveraging Kerberos delegation and the user's existing domain session.

3.

Your organization is implementing a zero-trust security model using Microsoft Entra ID. You need to ensure that all access requests to sensitive applications are evaluated in real-time based on user behavior and device posture before granting access. Which Microsoft Entra ID feature should you use?

A.Privileged Identity Management (PIM) with approval workflow
B.Conditional Access with session controls
C.Continuous Access Evaluation (CAE)
D.Identity Protection with sign-in risk policy

Explanation: Continuous Access Evaluation (CAE) is the correct feature because it enforces real-time access revocation based on critical events such as user behavior changes (e.g., account disablement, password change) and device posture shifts (e.g., device non-compliance). Unlike periodic token validation, CAE uses a near-real-time event-driven model via the Microsoft Entra ID event service and OAuth 2.0 token claims to immediately block access to sensitive applications when risk is detected.

4.

You are configuring a conditional access policy to block access from untrusted locations. The policy should apply to all cloud apps except Microsoft Entra ID Administration. How should you configure the policy?

A.Include 'All cloud apps' and set 'Block access'
B.Include 'Select apps' and choose all apps except admin
C.Include 'All cloud apps' and exclude 'Microsoft Entra ID Administration'
D.Include 'All cloud apps' and exclude 'Office 365'

Explanation: Option C is correct because the requirement is to block access from untrusted locations for all cloud apps except Microsoft Entra ID Administration. In Conditional Access, you include 'All cloud apps' to cover every app, then explicitly exclude 'Microsoft Entra ID Administration' to exempt it from the block. This ensures the policy applies broadly while honoring the exclusion.

5.

Your company uses Microsoft Entra ID Governance features for access reviews. You need to ensure that guest users who do not sign in for 90 days are automatically removed from access to a critical application. The removal should happen without manual intervention. What should you configure?

A.Use an Azure Automation runbook to disable users after 90 days
B.Enable 'Inactive users' policy in Identity Protection
C.Configure an access review with 'Auto-apply results' enabled
D.Create a dynamic group based on sign-in activity

Explanation: Option C is correct because configuring an access review with 'Auto-apply results' enabled in Microsoft Entra ID Governance allows you to automatically remove guest users who have not signed in for 90 days from the critical application's access. The access review can be set to evaluate sign-in activity and, upon completion, automatically apply the results (e.g., remove access) without manual intervention, fulfilling the requirement for automated removal.

+15 more Secure identity and access questions available

Practice all Secure identity and access questions

How to master Secure identity and access for AZ-500

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of Secure identity and access. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

Secure identity and access questions on the AZ-500 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many AZ-500 Secure identity and access questions are on the real exam?

The exact number varies per candidate. Secure identity and access is tested as part of the Microsoft Azure Security Engineer Associate AZ-500 blueprint. Practicing with targeted Secure identity and access questions ensures you can handle any format or difficulty that appears.

Are these AZ-500 Secure identity and access practice questions free?

Yes. Courseiva provides free AZ-500 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is Secure identity and access one of the harder AZ-500 topics?

Difficulty is subjective, but Secure identity and access is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full Secure identity and access practice session with instant scoring and detailed explanations.

Start Secure identity and access Practice →

Topic Info

Topic

Secure identity and access

Exam

AZ-500

Questions available

20+