AZ-500 Exam Question 31
You have a Microsoft Entra tenant named contoso.com.
You collaborate with a partner organization that has a Microsoft Entra tenant named fabrikam.com. Fabrikam.
com has multi-factor authentication (MFA) enabled for all users.
Contoso.com has the Cross-tenant access settings configured as shown in the Cross-tenant access settings exhibit. (Click the Cross-tenant access settings:

Contoso.com has the External collaboration settings configured as shown in the External collaboration settings exhibit. (Click the External collaboration settings tab.)

You create a Conditional Access policy that has the following settings:
* Name: CAPolicy1
* Assignments
o Guest or external users: B2B collaboration guest users
o Target resources
# Include: All cloud apps o Access controls
# Grant access
# Require device to be marked as compliant
# Require multi-factor authentication
# Enable policy: On
For each of the following statements, select Yes if the statement is true, otherwise select No.
NOTE: Each correct section is worth one point.

You collaborate with a partner organization that has a Microsoft Entra tenant named fabrikam.com. Fabrikam.
com has multi-factor authentication (MFA) enabled for all users.
Contoso.com has the Cross-tenant access settings configured as shown in the Cross-tenant access settings exhibit. (Click the Cross-tenant access settings:

Contoso.com has the External collaboration settings configured as shown in the External collaboration settings exhibit. (Click the External collaboration settings tab.)

You create a Conditional Access policy that has the following settings:
* Name: CAPolicy1
* Assignments
o Guest or external users: B2B collaboration guest users
o Target resources
# Include: All cloud apps o Access controls
# Grant access
# Require device to be marked as compliant
# Require multi-factor authentication
# Enable policy: On
For each of the following statements, select Yes if the statement is true, otherwise select No.
NOTE: Each correct section is worth one point.

AZ-500 Exam Question 32
You have an Azure subscription that uses Microsoft Defender for Cloud.
Defender for Cloud has the security alerts shown in the following exhibit.


Defender for Cloud has the security alerts shown in the following exhibit.


AZ-500 Exam Question 33
You are configuring just in time (JIT) VM access to a set of Azure virtual machines.
You need to grant users PowerShell access to the virtual machine by using JIT VM access.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You need to grant users PowerShell access to the virtual machine by using JIT VM access.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

AZ-500 Exam Question 34
You network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. The tenant contains the users shown in the following table.

The tenant contains the groups shown in the following table.

You configure a multi-factor authentication (MFA) registration policy that and the following settings:
* Assignments:
* Include: Group1
* Exclude Group2
Controls: Require Azure MFA registration
Enforce Policy: On
For each of the following statements, select Yes if the statement is true. Otherwise, select No.


The tenant contains the groups shown in the following table.

You configure a multi-factor authentication (MFA) registration policy that and the following settings:
* Assignments:
* Include: Group1
* Exclude Group2
Controls: Require Azure MFA registration
Enforce Policy: On
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

AZ-500 Exam Question 35
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create a policy initiative and assignments that are scoped to resource groups.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create a policy initiative and assignments that are scoped to resource groups.
Does this meet the goal?







