Free az-500 Exam Dumps

Question 51

- (Exam Topic 4)
You have an Azure SQL Database server named SQL1.
You plan to turn on Advanced Threat Protection for SQL1 to detect all threat detection types. Which action will Advanced Threat Protection detect as a threat?

A. A user updates more than 50 percent of the records in a table.
B. A user attempts to sign as SELECT * from table1.
C. A user is added to the db_owner database role.
D. A user deletes more than 100 records from the same table.

Correct Answer:B
Advanced Threat Protection can detect potential SQL injections: This alert is triggered when an active exploit happens against an identified application vulnerability to SQL injection. This means the attacker is trying to inject malicious SQL statements using the vulnerable application code or stored procedures.
References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-threat-detection-overview

Question 52

- (Exam Topic 4)
You have an Azure subscription that contains an Azure key vault named Vault1. On January 1, 2019, Vault1 stores the following secrets.
AZ-500 dumps exhibit
Which can each secret be used by an application? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Solution:
Box 1: Never Password1 is disabled.
Box 2: Only between March 1, 2019 and May 1, Password2:

Reference:
https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/set-azurekeyvaultsecretattribute

Does this meet the goal?

A. Yes
B. No

Correct Answer:A

Question 53

- (Exam Topic 4)
You have an Azure Storage account named storage1 that has a container named container1. You need to prevent the blobs in container1 from being modified. What should you do?

A. From container1, change the access level.
B. From container1 add an access policy.
C. From container1, modify the Access Control (1AM) settings.
D. From storage1 , enable soft delete for blobs.

Correct Answer:B
References:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage?tabs=azure-portal

Question 54

- (Exam Topic 4)
You have an Azure subscription that contains the following resources:
• An Azure key vault
• An Azure SQL database named Database1
• Two Azure App Service web apps named AppSrv1 and AppSrv2 that are configured to use system-assigned managed identities and access Database1
You need to implement an encryption solution for Database1 that meets the following requirements:
• The data in a column named Discount in Database1 must be encrypted so that only AppSrv1 can decrypt the data.
• AppSrv1 and AppSrv2 must be authorized by using managed identities to obtain cryptographic keys. How should you configure the encryption settings fa Database1 To answer, select the appropriate options in
the answer area.
NOTE: Each correct selection is worth one point
AZ-500 dumps exhibit
Solution:
Text Description automatically generated with medium confidence
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/always-encrypted-azure-key-vault-configure?tabs=az

Does this meet the goal?

A. Yes
B. No

Correct Answer:A

Question 55

- (Exam Topic 4)
You have an Azure subscription that contains an app named App1. App1 has the app registration shown in the following table.
AZ-500 dumps exhibit
You need to ensure that App1 can read all user calendars and create appointments. The solution must use the principle of least privilege.
What should you do?

A. Add a new Delegated API permission for Microsoft.Graph Calendars.ReadWrite.
B. Add a new Application API permission for Microsoft.Graph Calendars.ReadWrite.
C. Select Grant admin consent.
D. Add a new Delegated API permission for Microsoft.Graph Calendars.ReadWrite.Shared.

Correct Answer:A
Reference:
https://docs.microsoft.com/en-us/graph/permissions-reference#calendars-permissions