Microsoft
Amazon
CompTIA
Salesforce
Cisco®
SAP
PMI
ISC
ISACA
VMware
HP
Palo Alto Networks
EC-Council
LPI
Google
Fortinet
All Vendors
  2. Home
  3. Exam List
  4. Microsoft
  5. AZ-500

Microsoft Azure Security Technologies
AZ-500 Exam

Your company recently created an Azure subscription.

You have been tasked with making sure that a specified user is able to implement Azure AD Privileged Identity Management (PIM).

Which of the following is the role you should assign to the user?

  1. The Global administrator role.
  2. The Security administrator role.
  3. The Password administrator role.
  4. The Compliance administrator role.

Answer(s): A

Explanation:

To start using PIM in your directory, you must first enable PIM.
1. Sign in to the Azure portal as a Global Administrator of your directory.

You must be a Global Administrator with an organizational account (for example, @yourdomain.com), not a Microsoft account (for example, @outlook.com), to enable PIM for a directory.

Scenario: Technical requirements include: Enable Azure AD Privileged Identity Management (PIM) for contoso.com


Reference:

https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-getting-started



You need to meet the identity and access requirements for Group1.
What should you do?

  1. Add a membership rule to Group1.
  2. Delete Group1. Create a new group named Group1 that has a membership type of Office 365. Add users and devices to the group.
  3. Modify the membership rule of Group1.
  4. Change the membership type of Group1 to Assigned. Create two groups that have dynamic memberships. Add the new groups to Group1.

Answer(s): D

Explanation:

When you create dynamic groups, they can either contain users or devices. Hence here we need to create two separate dynamic groups and assign those groups to an Assigned group.

Incorrect Answers:
A, C: You can create a dynamic group for devices or users, but you can't create a rule that contains both users and devices.

Scenario:
Litware identifies the following identity and access requirements: All San Francisco users and their devices must be members of Group1.
The tenant currently contains this group:


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal



You need to meet the identity and access requirements for Group1.
What should you do?

  1. Add a membership rule to Group1.
  2. Delete Group1. Create a new group named Group1 that has a membership type of Office 365. Add users and devices to the group.
  3. Modify the membership rule of Group1.
  4. Change the membership type of Group1 to Assigned. Create two groups that have dynamic memberships. Add the new groups to Group1.

Answer(s): D

Explanation:

When you create dynamic groups, they can either contain users or devices. Hence here we need to create two separate dynamic groups and assign those groups to an Assigned group.

Incorrect Answers:
A, C: You can create a dynamic group for devices or users, but you can't create a rule that contains both users and devices.

Scenario:
Litware identifies the following identity and access requirements: All San Francisco users and their devices must be members of Group1.
The tenant currently contains this group:


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal



Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.

You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.

Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced.

Solution: You recommend the use of pass-through authentication and seamless SSO with password hash synchronization.

Does the solution meet the goal?

  1. Yes
  2. No

Answer(s): B

Explanation:

For pass-through authentication, you need one or more (we recommend three) lightweight agents installed on existing servers. These agents must have access to your on-premises Active Directory Domain Services, including your on-premises AD domain controllers. They need outbound access to the Internet and access to your domain controllers. For this reason, it's not supported to deploy the agents in a perimeter network.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta




seagal
I just passed (310-025) SCJP test yesterday. Your guide is right on the money and almost covers every question word for word. Great work !
- Edmonton
Upvote


Illya
I passed my exam today with a score of 964. This was a difficult test but the preparation guide was very good. I would not have passed without the materials. Thank you very much for giving me the opportunity to better my life.
- Alberta
Upvote


Jackson
Exam syo-101 Exam I passed my exam today with no problem whatsoever. I just wanted to say a sincere thank you for the outstanding study guide. You guys are a phenomenal help when it comes to study assistance. Thanks and definitely expect to see me again.
- MJ
Upvote


CJ
Exam 1Z0-040: 1Z0-040 passed!!! I have passed my exam 59/60. You people are the boom. Thanks for the exam questions. They were so real!!
- UNITED STATES
Upvote


Oshrit
Dear Support, I passed (as you expected) the Sun Solaris Admin I (310-011) at first trial. Thank you so much.
- Israel
Upvote


Lee W.
Just thought I would let you know I took the CCDA test on Tuesday, like I planned and scored a 902!"
- China
Upvote


Micheal C.
I have used your Exams for preparation for 70-290, 70-291, 70-292, 70-296, 70-298, 70- 299, 70-300, 70-305, 70-310, 70-315, 70-316,70-320. I also passed all those on the first round. I'm currently preparing for the CCNA.
- ON
Upvote


kris J.
Now my dream has come true. I thank you a million times for the best study guides that you provided to a poor kid like me....I got it. Finally MCSE. Best regards,
- GERMANY
Upvote


Jason
I passed my CCNA exam yesterday. I would like to make some comments. "Excellent Study Guide, Excellent Support Service, Excellent Examination Web Site" Best Regards
- UNITED STATES
Upvote


Micheal
Thanks for your study guides, i have passed it. All questions in your material, we study this only 2 days. Thanks very very much!!!!!
- UNITED STATES
Upvote

Read more ...