Free Preparation Discussions
MENU
Microsoft AZ-500 Exam Questions
- Topic 1: Secure Identity and Access: This topic equips Microsoft Security Engineers with the skills to manage security controls for identity and access. It covers the effective use of Microsoft Entra for application access management, emphasizing best practices to protect credentials and manage permissions.
- Topic 2: Secure Networking: This section focuses on planning and implementing security for virtual networks, ensuring private and public access to Azure resources is well-protected. Microsoft Security Engineers learn to design secure network infrastructures and implement measures like Azure Firewall and network security groups.
- Topic 3: Secure Compute, Storage, and Databases: Microsoft Security Engineers will learn advanced security techniques for Azure compute resources, secure storage configurations, and protecting Azure SQL Database and Managed Instances. The topic emphasizes encryption, access controls, and security monitoring, ensuring all critical compute and data layers in Azure are resilient against potential threats.
- Topic 4: Secure Azure Using Microsoft Defender for Cloud and Microsoft Sentinel: This topic trains Microsoft Security Engineers to enforce cloud governance policies, manage security posture via Microsoft Defender for Cloud, and configure threat protection and security monitoring using Sentinel. By mastering these tools, engineers enhance proactive threat management and ensure automation of key security tasks across the Azure environment.
Free Microsoft AZ-500 Exam Actual Questions
Note: Premium Questions for AZ-500 were last updated On Mar. 08, 2026 (see below)
You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.
You need to use automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry.
What should you create?
https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal
You have an Azure subscription that contains a virtual network named VNet1 VNet1 contains a single subnet. The subscription contains a virtual machine named VM1 that is connected to VNet1.
You plan to deploy an Azure SQL managed instance named SQL1.
You need to ensure that VM1 can access SQL1.
Which three components should you create? Each correct answer presents pan of the solution.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains an Azure key vault. The role assignments for the key vault are shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Answer is as image below.
You have an Azure subscription that contains an Azure SQL Database logic server named SQL! and an Azure virtual machine named VM1. VM1 uses a private IP address only.
The Firewall and virtual networks settings for SQL1 are shown in the following exhibit.
You need to ensure that VM1 can connect to SQL1. The solution must use the principle of least privilege. What should you do?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have an Azure Subscription named Sub1.
You have an Azure Storage account named Sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in Sa1 by using several shared access
signatures (SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to Sa1.
Solution: You generate new SASs.
Does this meet the goal?
Instead you should create a new stored access policy.
To revoke a stored access policy, you can either delete it, or rename it by changing the signed identifier.
Changing the signed identifier breaks the associations between any existing signatures and the stored access policy. Deleting or renaming the stored access policy immediately affects all of the shared access signatures associated with it.
https://docs.microsoft.com/en-us/rest/api/storageservices/Establishing-a-Stored-Access-Policy
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Emilio
3 days agoXuan
10 days agoOdelia
23 days agoSalena
1 month agoValentine
1 month agoAngelica
2 months agoLynna
2 months agoIzetta
2 months agoArlette
2 months agoJin
3 months agoLaquita
3 months agoHildegarde
3 months agoNenita
3 months agoLeslie
3 months agoVanna
4 months agoTina
4 months agoKeshia
4 months agoMarsha
5 months agoLawana
5 months agoMammie
5 months agoMaybelle
5 months agoBrent
6 months agoKristel
6 months agoanderson
6 months agoBlossom
6 months agoTheodora
6 months agoMi
8 months agoLaurel
9 months agoGretchen
11 months agoAfton
1 year agoCharlie
1 year agoDevorah
1 year agoBrice
1 year agoAlbina
1 year agoQueenie
1 year agoLou
1 year agoMarylin
1 year agoSylvie
1 year agoValentin
1 year agoTwana
1 year agoIzetta
1 year agoGianna
1 year agoReena
1 year agoRenato
1 year agoNicholle
1 year agoGennie
1 year agoRory
1 year agoJohnna
1 year agoSabina
2 years agoDorothy
2 years agoApolonia
2 years agoGenevieve
2 years agoLucille
2 years agoFarrah
2 years agoRamonita
2 years agoGilbert
2 years agoKenny
2 years ago