AZ-500: Manage Identity and Access in Azure Microsoft Quiz Answers

Get AZ-500: Manage Identity and Access in Azure Microsoft Quiz Answers

Explore how identity is the starting point for all security within your company. Learn to authenticate and authorize users and apps with Azure Active Directory.

This learning path helps prepare you for Exam AZ-500: Microsoft Azure Security Technologies.


  • None

Enroll on Microsoft

Module 1: Secure Azure solutions with Azure Active Directory

Explore how to securely configure and administer your Azure Active Directory instance.

Learning objectives:

By the end of this module, you will be able to:

  • Configure Azure AD and Azure AD Domain Services for security
  • Create users and groups that enable secure usage of your tenant
  • Use MFA to protect user’s identities
  • Configure passwordless security options


  • None

Quiz 1: Knowledge check

Q1. Your organization is considering multifactor authentication in Azure. Your manager asks about secondary verification methods. Which of the following options could serve as secondary verification method?

  • Automated phone call.
  • Emailed link to verification website.
  • Microsoft account verification code.

Q2. Your organization has implemented multifactor authentication in Azure. Your goal is to provide a status report by user account. Which of the following values could be used to provide a valid MFA status?

  • Enrolled
  • Enforced
  • Required

Q3. Which of the following options can be used when configuring multifactor authentication in Azure?

  • Block a user if stolen password is suspected.
  • Configure IP addresses outside the company intranet that should be blocked.
  • One time bypass for a user that is locked out.

Q4. When configuring Azure AD roles, which of the following roles would allow the user to manage all the groups in a tenant and would be able to assign other admin roles?

  • Global administrator
  • Password administrator
  • Security administrator

Q5. Which of the following methods enable you to automatically add or remove users to security groups or Microsoft 365 groups, so you don’t always have to do it manually?

  • Automatic add
  • Dynamic user
  • Microsoft 365 user

Module 2: Implement Hybrid identity

Explore how to deploy and configure Azure AD Connect to create a hybrid identity solution for your company.

Learning objectives:

By the end of this module, you will be able to:

  • Deploy Azure AD Connect
  • Pick and configure that best authentication option for your security needs
  • Configure password writeback


  • None

Quiz 1: Knowledge check

Q1. The IT helpdesk wants to reduce password reset support tickets. You suggest having users sign-in to both on-premises and cloud-based applications using the same password. Your organization does not plan on using Azure AD Identity Protection, so which feature would be easiest to implement given the requirements?

  • Federation
  • Pass-through authentication
  • Password hash synchronization

Q2. Which tool can you use to synchronize Azure AD passwords with on-premises Active Directory?

  • Azure AD Connect
  • Active Directory Federation Services
  • Password writeback

Q3. Azure AD supports which of the following security protocols?

  • Kerberos
  • OAuth
  • OpenID Connect

Q4. Which of the following is an authentication option that integrates with Azure Active Directory, requiring you to use several differing methods, like your phone, to confirm your identity?

  • FIDO2 security keys
  • Microsoft Authenticator app
  • Azure Active Directory Multi-Factor Authentication

Module 3: Deploy Azure AD identity protection

Protect identities in Azure AD using Conditional Access, MFA, access reviews, and other capabilities.

Learning objectives:

By the end of this module, you will be able to:

  • Deploy and configure Identity Protection
  • Configure MFA for users, groups, and applications
  • Create Conditional Access policies to ensure your security
  • Create and follow an access review process


  • None

Quiz 1: Knowledge check

Q1. The compliance auditors wants to ensure as employees change jobs or leave the company that their privileges are also changed or revoked. They are especially concerned about the Administrator group. To address their concerns. you implement which of the following?

  • Access reviews
  • Azure time-based policies
  • JIT virtual machine access

Q2. Identity Protection has reported that a user’s credentials have been leaked. According to policy, the user’s password must be reset. Which Azure AD role can reset the password?

  • Global Administrator
  • Security Administrator
  • Security Operator

Q3. Identity Protection identifies risks in which of the following classifications?

  • Specific IP address
  • Atypical travel
  • Unregistered device

Q4. You have implemented Identity Protection and are reviewing the Risky users report. For each reported event you can choose any of the following actions?

  • Confirm user compromise
  • Delete the risk event
  • Dismiss user account

Q5. Conditional Access can be used to enable which of the actions listed below?

  • Block or grant access from specific time of day.
  • Designate privileged user accounts.
  • Require multifactor authentication.

Q6. Which licensing plan supports Identity Protection?

  • Azure Active Directory Free
  • Azure Active Directory Premium P1
  • Azure Active Directory Premium P2

Module 4: Configure Azure AD privileged identity management

Ensure that your privileged identities have extra protection and are accessed only with the least amount of access needed to do the job.

Learning objectives:

By the end of this module, you’ll be able to:

  • Describe Zero Trust and how it impacts security
  • Configure and deploy roles using Privileged Identity Management (PIM)
  • Evaluate the usefulness of each PIM setting as it relates to your security goals


  • None

Quiz 1: Knowledge check

Q1. To enable Azure AD PIM for your directory, what Azure AD Role do you need to enable PIM?

  • Office 365 Admin
  • Co-Administrator
  • Global Admin

Q2. A company has implemented Azure AD PIM. There’s a need to ensure a new hire’s request elevation before they make any changes in Azure, what should you do?

  • Activate the new hire.
  • Assign the new hire the Eligible role membership type.
  • Include the new hire in an access review.

Q3. Azure AD PIM is used to manage which of the following roles?

  • Azure privileged users
  • Azure resource groups
  • Azure AD roles

Q4. An organization has enabled Azure AD PIM. The senior IT manager wants the role set up so no action is required, what should you do?

  • Give the manager JIT access to the role.
  • Make the manager Permanent Active in the role.
  • Make the manager Assigned to a role.

Module 5: Design an enterprise governance strategy

Learn to use RBAC and Azure Policy to limit access to your Azure solutions, and determine which method is right for your security goals.

Learning objectives:

By the end of this module, you will be able to:

  • Explain the shared responsibility model and how it impacts your security configuration
  • Create Azure policies to protect your solutions
  • Configure and deploy access to services using RBAC


  • None

Quiz 1: Knowledge check

Q1. The company hires a new administrator and needs to create a new Azure AD user account for them. The new hire must be able to: – Read/write resource deployments they are responsible for. – Read Azure AD access permissions They should not be able to view Azure subscription information. What should be configured to make this work?

  • Assign the user the Contributor role at the resource group level.
  • Assign the user the Owner role at the resource level.
  • Assign the user the Global Administrator role.

Q2. Which of the following would be good example of when to use a resource lock?

  • An ExpressRoute circuit with connectivity back to your on-premises network.
  • A virtual machine used to test occasional application builds.
  • A storage account used to store images processed in a development environment.

Q3. A company has three virtual machines (VM1, VM2, and VM3) in a resource group. The Helpdesk hires a new employee. The new employee must be able to modify the settings on VM3, but not on VM1 and VM2. Your solution must minimize administrative overhead. What should be set up?

  • Assign the user to the Contributor role on the resource group.
  • Assign the user to the Contributor role on VM3.
  • Move VM3 to a new resource group and assign the user to the Contributor role on VM3.

Q4. This is a need to target policies and review spend budgets across several subscriptions you manage. What should be created for the subscriptions?

  • A billing group
  • A management group
  • A nested resource group

Q5. A manager asks for an explanation of how Azure uses resource groups. Which of the following capabilities is a feature of how Azure uses resource groups?

  • Resources can be in multiple resource group.
  • Resources can be moved from one resource group to another resource group.
  • Resource groups can be nested.

I hope this AZ-500: Manage Identity and Access in Azure Microsoft Quiz Answers would be useful for you to learn something new from this problem. If it helped you then don’t forget to bookmark our site for more Coding Solutions.

This Problem is intended for audiences of all experiences who are interested in learning about Data Science in a business context; there are no prerequisites.

Keep Learning!

More Coding Solutions >>

LeetCode Solutions

Hacker Rank Solutions

CodeChef Solutions

Leave a Reply

Your email address will not be published. Required fields are marked *