Skip to main content
Cybersecurity ⭐ Premium ⭐ Featured

Microsoft Azure Security Technologies (AZ-500)

By Webmaster Certland English 📝 340 questions ❤️ 0 likes

Practice exam for AZ-500. Covers identity and access security, network security, compute/storage/database security, and Microsoft Defender for Cloud and Sentinel.

⭐ Premium Updated Mar 2026

Unlock all 340 Microsoft Azure Security Technologies (AZ-500) questions

Full simulation · Detailed explanations · Unlimited attempts

  • 340 questions — ~5 full-length simulations
  • Detailed explanations — why each answer is right or wrong
  • Unlimited attempts — retake as many times as needed
  • Smart Practice + Focus Mode + no ads
340
Questions
All certifications
from $4.90/mo
⭐ Get Premium — $4.90/mo ▶ Try 5 questions free

Sample Questions — Microsoft Azure Security Technologies (AZ-500)

5 free sample questions from this practice exam. Correct answers are highlighted.

1. A company assigns a developer the Contributor role on a resource group. The developer needs to grant a colleague read access to a storage account within that resource group. The colleague reports that the developer cannot complete this task. What is the reason?

A The Contributor role only grants read access to storage accounts.
B The Contributor role does not include permission to create role assignments. ✓ Correct
C Role assignments can only be created at the subscription scope, not resource group scope.
D The colleague must be removed from all other roles before a new role can be assigned.

2. A team member has the Contributor role on a subscription. A manager needs this team member to also be able to deploy resources but not modify existing role assignments. Which statement best describes whether the current role meets these requirements?

A The Contributor role meets both requirements: it allows deploying resources and does not include role assignment permissions. ✓ Correct
B The Reader role should be used instead, as it prevents modification of role assignments.
C The Owner role is required to deploy resources to a subscription.
D The User Access Administrator role should be assigned alongside Reader to allow deployments.

3. A security team needs to allow web servers in a subnet to receive HTTP traffic from the internet but block all other inbound traffic. The web servers are tagged with an Application Security Group called 'asg-webservers'. Which NSG rule configuration correctly restricts inbound traffic to only port 80 from the internet to these servers?

A Create an inbound NSG rule: Source=Any, Destination=asg-webservers, DestinationPort=80, Protocol=TCP, Action=Allow, Priority=100. Add a second rule: Source=Any, Destination=Any, DestinationPort=Any, Action=Deny, Priority=4096. ✓ Correct
B Create an inbound NSG rule: Source=VirtualNetwork, Destination=asg-webservers, DestinationPort=80, Protocol=TCP, Action=Allow, Priority=100.
C Create an inbound NSG rule: Source=Any, Destination=Subnet, DestinationPort=80, Protocol=TCP, Action=Allow, Priority=100. Add a deny-all rule at priority 4096.
D Create a single inbound NSG rule: Source=Any, Destination=asg-webservers, DestinationPort=Any, Protocol=Any, Action=Allow, Priority=100.

4. A company has multiple virtual networks across different Azure subscriptions and regions. The security team needs to enforce a consistent set of network security rules across all VNets, overriding rules set by individual VNet owners. Which Azure service and feature should they use?

A Azure Policy with a custom policy definition targeting NSG rules across all subscriptions
B Azure Virtual Network Manager with Security Admin Rules applied to a network group spanning all VNets ✓ Correct
C Azure Firewall Manager with a global firewall policy assigned to all hub VNets
D NSG Flow Logs centralized in a Log Analytics workspace with alert rules

5. A company is implementing Azure Front Door with WAF to protect multiple web applications. Each application has different WAF requirements: App A needs strict OWASP protection, App B needs bot protection only, App C needs both. How should WAF policies be structured?

A Create a single WAF policy with all managed rule sets enabled and use exclusions on each application's route to disable non-applicable rules
B Create three separate Front Door profiles, one per application, each with its own WAF policy containing only the required rule sets
C Create three separate WAF policies (OWASP only, BotManager only, OWASP+BotManager) and associate each policy with the corresponding application's Front Door route or endpoint ✓ Correct
D Create one WAF policy with OWASP and BotManager enabled and use WAF exclusions to disable OWASP rules specifically for App B

Want to test yourself for real?

Create a free account and run our exam simulation engine.

Free No credit card
  • Simulation engine
  • Up to 10 questions per attempt
  • Score & basic stats
Create free account Already have an account? Sign in
Best
Premium Premium
  • All 340 questions
  • Detailed explanations
  • Smart Practice + Focus Mode
⭐ Get Premium

Information

Questions 340
Time 2h
Difficulty Medium
Minimum Score 70.00%
▶ Try 5 questions — no account needed ⭐ Unlock all questions — Premium 🤍 Like

💰 ROI

Official exam $165.00
CertLand $4.90/mo
Prepare for $165 for less than a coffee/mo

Study Guides & Articles

Free

How to Pass Microsoft Azure Security Technologies (AZ-500) in 2026: Complete Study Guide

Complete study guide for the AZ-500 Azure Security Technologies exam. Domain breakdown, key concepts for Entra ID, network security, Defender for Cloud, Microsoft Sentinel, and a 6-week study plan.
⭐ Premium

AZ-500 Deep Dive: Microsoft Entra PIM, Defender for Cloud, and Microsoft Sentinel

Advanced AZ-500 deep dive: Entra PIM activation flows, access reviews, Conditional Access named locations, auth strength, Defender for Cloud enhanced security plans, and Microsoft Sentinel analytics rule types with automation.
⭐ Premium

AZ-500 Exam Traps: Entra PIM, Key Vault Access, and Network Security

Avoid the most dangerous AZ-500 exam traps: Key Vault access policies vs RBAC, soft-delete vs purge protection, Managed HSM vs Key Vault Premium, NSG vs Azure Firewall, JIT VM access plan requirements, and Conditional Access vs Identity Protection.

Related Exams

⭐ Premium

ISACA CISA — Certified Information Systems Auditor

340 questions · English
⭐ Premium

Cisco CyberOps Associate (200-201 CBROPS)

340 questions · English
⭐ Premium

ISACA CISM (Certified Information Security Manager)

340 questions · English
⭐ Premium

ISC2 Certified in Cybersecurity (CC)

340 questions · English

Discussion

No comments yet. Be the first to start the discussion!

Sign in to join the discussion.