Practice set
Microsoft Azure Security Engineer Associate AZ-500 questions
Question 1mediummultiple choice
Full question →A DevOps team wants Defender for Cloud to identify secrets exposed in GitHub repositories. What should be configured?
Question 2hardmulti select
Full question →A public web application should be protected from OWASP-style attacks and network-layer DDoS attacks. Which two Azure services are most relevant?
Question 3hardmultiple choice
Full question →A Sentinel scheduled rule runs every 5 minutes and looks back 1 hour. Analysts see repeated alerts for the same event. Which change best prevents duplicate detections without missing late-arriving logs?
Question 4hardmultiple choice
Full question →A SOC analyst needs a Sentinel query that detects multiple failed sign-ins followed by a successful sign-in for the same user. Which table is the best primary source?
Question 5hardmultiple choice
Full question →A Sentinel watchlist contains high-value administrator accounts. Which KQL pattern best uses it in a detection rule?
Question 6hardmultiple choice
Full question →A SOC wants a Sentinel rule to include account, host, and IP entities so analysts can pivot during investigation. What should be configured in the analytics rule?
Question 7mediummultiple choice
Full question →A storage account contains legal evidence that must not be modified or deleted for seven years. Which feature should be configured?
Question 8mediummultiple choice
Full question →A team wants Sentinel incidents to automatically assign to the Tier 2 queue when severity is High and the product name is Microsoft Defender for Endpoint. What should they configure?
Question 9mediummultiple choice
Full question →A storage account should be reachable only from a specific subnet over the Microsoft backbone, while keeping the public endpoint firewall restricted. Which feature should be used?
Question 10mediummulti select
Full question →A team enables Microsoft Defender for Storage. Which two threats can the plan help detect?
Question 11hardmultiple choice
Full question →A team wants Sentinel to ingest firewall logs from an appliance that emits Common Event Format over Syslog. Which connector pattern is most appropriate?
Question 12hardmulti select
Full question →A storage account contains regulated records. Which two features help protect against accidental or malicious deletion?
Question 13mediummultiple choice
Full question →A team wants to automatically deploy Defender for Cloud settings across new subscriptions under a management group. Which Azure capability should they use?
Question 14mediummultiple choice
Full question →An organization wants to export Defender for Cloud recommendations and alerts into a central Log Analytics workspace for retention and hunting. Which feature should they use?
Question 15hardmulti select
Full question →A team wants to deploy Sentinel content consistently across workspaces. Which two approaches are appropriate?
Question 16hardmulti select
Full question →A SQL workload needs to protect sensitive column values from database administrators who should not see plaintext. Which two features may be relevant depending on the query requirement?
Question 17mediummulti select
Full question →A Sentinel detection should enrich alerts with business-critical asset context. Which two mechanisms are appropriate?
Question 18mediummultiple choice
Full question →A company enables Azure Disk Encryption (ADE) on Windows virtual machines using a key encryption key (KEK) stored in Azure Key Vault. They want the KEK to be automatically rotated every 30 days to meet compliance requirements. Which Azure Key Vault feature should they enable?
Question 19hardmultiple choice
Full question →A company uses Azure Key Vault to store secrets for their applications. They want to ensure that an application hosted on an Azure virtual machine can access secrets from only a specific Key Vault, and that all traffic between the VM and Key Vault remains within the Azure network and does not traverse the public internet. Which configuration should they implement?
Question 20hardmultiple choice
Full question →A company has an Azure Storage account with infrastructure encryption enabled. They configure the storage account to use customer-managed keys (CMK) stored in Azure Key Vault for encryption at rest. Despite this configuration, newly uploaded blobs are still encrypted with Microsoft-managed keys. What is the most likely cause?
Question 21easymultiple choice
Full question →A company deploys a public-facing web application behind Azure Application Gateway. They want to enable the Web Application Firewall (WAF) to protect against SQL injection and cross-site scripting attacks. During the initial testing phase, they want to identify malicious requests without blocking them, to tune the WAF rules before enabling full protection. Which WAF mode should they configure?
Question 22hardmultiple choice
Full question →A company has Azure AD Conditional Access policies that require multi-factor authentication (MFA) for all users accessing sensitive cloud apps. The security team wants to extend this protection by monitoring and controlling user activities within those applications (e.g., preventing data exfiltration during a session). Which Conditional Access session control should they implement?
Question 23mediummultiple choice
Full question →A company stores sensitive data in Azure Blob Storage. They want to encrypt the data at rest using customer-managed keys (CMK) stored in Azure Key Vault. Additionally, they want the key to be automatically rotated every 90 days without manual intervention. Which configuration should they implement?
Question 24mediummultiple choice
Full question →