Back to Microsoft Azure Security Engineer Associate AZ-500 questions

Scenario-based practice

Drag and Drop Matching Questions

Practise Microsoft Azure Security Engineer Associate AZ-500 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

10
scenario questions
AZ-500
exam code
Microsoft
vendor

Scenario guide

How to approach drag and drop matching questions

Matching questions give you two columns — concepts, commands, or protocols on the left, and their definitions or use-cases on the right. You drag each left item to its correct match. These appear on most certification exams and punish superficial memorisation.

Quick answer

Drag and Drop Matching Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related AZ-500 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1mediummatching
Full question →

Match each Azure Key Vault feature to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Recover deleted vaults and objects within retention period

Prevents permanent deletion until retention period ends

Periodically replace cryptographic keys

Grant permissions to users, groups, or applications

Use Azure RBAC to manage access to vaults

Question 2mediummatching
Full question →

Match each Azure security feature to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Just-in-time privileged access and role activation

Unified security management and threat protection

Safeguard cryptographic keys and secrets

Classify and protect documents and emails

Managed, cloud-based network security service

Question 3mediummatching
Full question →

Match each Azure policy effect to its behavior.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Prevents resource creation or update that violates policy

Creates a warning event in activity log but allows request

Adds additional fields to the resource during creation or update

Adds, updates, or removes properties on a resource

Policy rule is ignored (used for testing)

Question 4mediummatching
Full question →

Match each Azure Security Center tier to its capabilities.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Continuous assessment and security recommendations

Advanced threat protection for hybrid workloads

Just-in-time VM access, file integrity monitoring

Vulnerability assessment and threat detection

Detect unusual access patterns and threats

Question 5mediummatching
Full question →

Match each Azure Sentinel feature to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Ingest logs from various sources

Define conditions to generate alerts

Visualize data with interactive dashboards

Group related alerts for investigation

Automate response actions using Logic Apps

Question 6mediummatching
Full question →

Match each Azure RBAC role to its typical permission scope.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Full access to all resources including delegation

Create and manage resources but cannot grant access

View resources only

Manage user access to Azure resources

Manage security policies and view security alerts

Question 7mediummatching
Full question →

Match each Azure network security component to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Filters traffic at subnet or NIC level

Groups VMs by application workload for rule application

Protects against distributed denial-of-service attacks

Secure RDP/SSH access to VMs without public IP

Extends VNet identity to Azure services over optimized route

Question 8mediummatching
Full question →

Match each Azure AD Conditional Access component to its role.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Context such as user, location, device, and risk

Criteria like user group, app, or sign-in risk

Require MFA, compliant device, or approved app

Limit user session within apps (e.g., app enforced restrictions)

Define trusted IP ranges or countries

Question 9mediummatching
Full question →

Match each Azure AD authentication method to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Syncs password hashes from on-prem to Azure AD

Validates passwords on-prem without storing hashes in cloud

Redirects authentication to on-prem identity provider

Requires second form of verification

Uses client certificates for authentication

Question 10mediummatching
Full question →

Match each Azure encryption concept to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Data is encrypted when stored on disk

Data is encrypted during network transmission

Azure encrypts data before writing to storage

Data encrypted by client before sending to Azure

Encrypts OS and data disks using BitLocker/DM-Crypt

These AZ-500 practice questions are part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style AZ-500 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.