Microsoft SC-500

In recent years, many people choose to take Microsoft SC-500 certification exam which can make you get the Microsoft certificate that is the passport to get a better job and get promotions.

How to prepare for Microsoft SC-500 exam and get the certificate? Please refer to Microsoft SC-500 exam questions and answers on ITCertTest.

ITCertTest is a good website that provides all candidates with the latest IT certification exam materials. ITCertTest will provide you with the exam questions and verified answers that reflect the actual exam. The Microsoft SC-500 exam dumps are developed by experienced IT Professionals. 99.9% of hit rate. Guarantee you success in your SC-500 exam with our exam materials.

Furthermore, we are constantly updating our SC-500 exam materials. We will provide our customers with the latest and the most accurate exam questions and answers that cover a comprehensive knowledge point, which will help you easy prepare for SC-500 exam and successfully pass your exam. You just need to spend you 20-30 hours on studying the exam dumps.

ITCertTest provides you not only with the best materials and also with excellent service. If you buy ITCertTest questions and answers, free update for one year is guaranteed. You fail, after you use our Microsoft SC-500 dumps, 100% guarantee to FULL REFUND. You just need to send the scanning copy of your examination report card to us. After confirming, we will refund you.

What's more, before you buy, you can try to use our free demo. We provide you some of Microsoft SC-500 exam questions and answers and you can download it for your reference.

ITCertTest is no doubt your best choice. Using the Microsoft SC-500 training dumps can let you improve the efficiency of your studying so that it can help you save much more time.

Quick and easy: just two steps to finish your order. We will send your products to your mailbox by email, and then you can check your email and download the attachment.

Microsoft Implementing End-to-End Security Controls for Cloud and AI Workloads Sample Questions:

1. A company wants to continuously assess cloud resources for security weaknesses and regulatory compliance issues. Which Microsoft security service provides this capability?

A) Microsoft Defender for Cloud
B) Azure Container Registry
C) Azure Backup
D) Azure Front Door

2. Case Study 2 - Fabrikam, Inc.
Overview
Fabrikam, Inc. is a consulting company. The company has a main office in New York City and branch offices in Amsterdam and Singapore.
Existing Environment. Network environment
The on-premises network contains a datacenter in each office.
Existing Environment. Cloud environment
Fabrikam has two Azure subscriptions named Sub1 and Sub2 and a Microsoft 365 subscription that includes Microsoft 365 E5 licenses.
All the subscriptions are linked to a Microsoft Entra tenant named fabrikam.com that contains the identities shown in the following table.

The tenant contains the groups shown in the following table.

All devices are enrolled in Microsoft Intune.
Existing Environment. Sub1 Resources
Sub1 contains a resource group named RG1 that contains the resources shown in the following table.

SQLServer1 uses Microsoft SQL Server authentication.
Sub1 has an Azure Web Application Firewall (WAF) named WAF1 that has the following types of rule sets:
- Bot Manager 1.1
- Azure-managed Default Rule Set (DRS)
Sub1 has the following compliance standards assigned in Microsoft Defender for Cloud:
- NIST SP 800-53 Rev. 4
- Microsoft cloud security benchmark (MCSB)
- System and Organization Controls (SOC) 2 Type 2
Existing Environment. Sub2 Resources
Sub2 contains a resource group named RG2.
Planned Changes and Requirements. Planned Changes
Fabrikam plans to implement the following changes:
- Deploy the following key vaults to RG1:
* AKV2 in the West Europe Azure region
* AKV3 in the Central US Azure region
* AKV4 in the East US Azure region
- Deploy the following key vaults to RG2:
* AKV5 in the East US region
- Configure VM1 to read data from storage1.
- Create function apps that have the following hosting plans:
* Fa1: Flex Consumption hosting plan
* Fa2: Consumption hosting plan
* Fa3: Dedicated hosting plan
- For WAF1, implement rate limiting rules based on the request
location.
- Enable the NIST SP 800-53 Rev. 5 compliance standard in Defender for
Cloud.
- Create a new storage account named storage2 that supports Azure Table storage.
- Enforce multifactor authentication (MFA) when database administrators access SQLdb1.
- Implement ExpressRoute circuits to the on-premises network as shown
in the following table.

- For RG1, create a new Privileged Identity Management (PIM) eligible role assignment that assigns the Contributor role to supported groups.
Planned Changes and Requirements. Technical Requirements
Fabrikam has the following technical requirements:
- If VM1 is deleted, the permissions for VM1 must be removed
automatically.
- The AKS1 managed identity must only be able to pull images from
Registry1.
- The ID1 managed identity must be able to push images to and pull
images from Registry1.
- All the data in the storage accounts must be encrypted by using
Fabrikam-managed keys.
- All outbound traffic from the function apps to the on-premises
network must use ExpressRoute circuits.
- ExpressRoute connectivity between the on-premises network and the
Azure environment must be encrypted by using Layer 2 or Layer 3
encryption.
You need to implement the function apps to meet the technical requirements. Which apps should you include in the implementation?

A) Fa1, Fa2, and Fa3
B) Fa1 and Fa3 only
C) Fa2 and Fa3 only
D) Fa1 and Fa2 only

3. You have an Azure Logic Apps Consumption workflow that uses a Request trigger. All supported authentication methods are enabled on the Request trigger.
You need to ensure that the endpoint accepts only OAuth-based requests. The solution must minimize costs.
What should you do?

A) Enable Secure Inputs and enable Secure Outputs for the Request trigger.
B) Use OAuth 2.0 authorization.
C) Deploy Azure API Management.
D) Disable shared access signature (SAS) authentication for the Request trigger.

4. You have an Azure virtual network that contains 100 virtual machines and an Azure Firewall instance named FW1.
All the traffic from the virtual machines is routed through FW1.
You need to ensure that FW1 allows access to only a URL of updates.contoso.com and blocks all other outbound traffic.
What should you use?

A) an inbound NAT rule
B) an outbound NAT rule
C) a network rule
D) an application rule

5. Drag and Drop Question
You have a Microsoft Entra tenant.
You need to implement passwordless authentication. The solution must meet the following requirements:
- Users can sign in without a password by using a mobile device.
- New users that sign in for the first time must use a helpdesk-issued
sign-in method that expires.
Which authentication method should you enable for each requirement? To answer, drag the appropriate methods to the correct requirements. Each method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Solutions: