Ready for another challenge? This next free AZ-500 practice test features a new set of questions designed to strengthen your understanding of Azure security principles. Use it to refine your exam strategy and identify areas for further review as you move closer to certification.
0 of 20 Questions completed
Questions:
You have already completed the quiz before. Hence you can not start it again.
You must sign in or sign up to start the quiz.
You must first complete the following:
Test complete. Results are being recorded.
0 of 20 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0 )
Earned Point(s): 0 of 0 , (0 ) 0 Essay(s) Pending (Possible Point(s): 0 )
Question 1 of 20
Which of the following tools can be used to encrypt the data disk in the Azure portal? (Choose two.)
Question 2 of 20
Which of the following services doesn’t work with the Confidential disk encryption solution for virtual machines? (Choose two.)
Question 3 of 20
An enterprise wants to enable host-based encryption for its Azure virtual machines to ensure that all data stored on the VM host, including temporary disks and cached data, is encrypted. They use Azure Standard HDDs and plan to automate VM creation using Azure PowerShell. Which of the following statements are true about enabling encryption at the host for this scenario? (Choose two.)
Question 4 of 20
John is setting up Azure API Management to protect critical Web/HTTP APIs inside a Virtual Network (VNet) using internal mode. In which of the following scenarios should he use a single API Management instance, configured in internal VNet mode, combined with an Application Gateway as a frontend?
Question 5 of 20
An organization wants to ensure secure and seamless access to the Azure API Management Developer Portal by leveraging Azure Active Directory (Azure AD) for authentication. Which of the following statements accurately reflects the behavior and security implications of enabling Azure AD as an identity provider for the Developer Portal?
Question 6 of 20
Which rate-limiting strategy prevents abuse and protects APIs from excessive traffic or denial-of-service(DoS) attacks?
Question 7 of 20
Built-in roles have AssignableScopes set to ______________, indicating that the role is available for assignment in all scopes. (Fill in the blank.)
Question 8 of 20
What is the maximum number of custom Azure RBAC roles created per Azure Active Directory (AAD) directory?
Question 9 of 20
You’re working on assigning a custom role to a group of financial auditors in your company. Which string in a PowerShell command allows you to specify the data operations that are excluded from the allowed DataActions?
Question 10 of 20
Which Azure feature should you use to regularly monitor custom Azure AD role assignments and ensure users and groups maintain appropriate access levels?
Question 11 of 20
How does Microsoft Entra Permissions Management identify users with excessive access and help enforce least-privilege principles?
Question 12 of 20
You’re enforcing the principle of least privilege by assessing the permissions assigned to user roles within your company’s Azure portal. Which Microsoft Entra Management metric helps determine the risks associated with unused permissions across identities, while also aiding in refining access controls that align with Azure best practices?
Question 13 of 20
You are configuring role settings for a privileged Azure resource using Microsoft Entra Privileged Identity Management (PIM). Which configuration ensures that eligible users must receive approval from designated approvers before they can activate the role?
Question 14 of 20
You must grant a developer temporary access to the Contributor role on a subscription for exactly two weeks, ensuring that the access is automatically revoked after that period and that the developer activates the role only when work is required. When configuring the assignment in Microsoft Entra Privileged Identity Management (PIM), which option meets these requirements?
Question 15 of 20
You are configuring access reviews on a tenant level for Microsoft 365 guests who have been inactive for 100 days. Which access review stage allows all reviewers to evaluate an access permission simultaneously?
Question 16 of 20
In OAuth permission grants, when a client uses the client_credentials grant type to request an access token from Azure AD, which of the following elements is not part of the request?
Question 17 of 20
Which of the following authentication methods are available for the Azure AD application proxy to provide remote access and SSO capabilities? (Choose two).
Question 18 of 20
In Azure AD, when registering an application, user consent is required. After the service principal is created, which of the following events indicates that the application registration and initial authentication process is complete?
Question 19 of 20
You are setting up an Azure DevOps pipeline to monitor app registration’s secrets expiry. Where should you store the secret ID and client ID before configuring the DevOps pipeline?
Question 20 of 20
In the context of app registration permission scopes, what best defines effective permissions when an application makes a request on behalf of a user?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Current
Correct
Incorrect
