Microsoft Azure Security Technologies

Here you have the best Microsoft AZ-500 practice exam questions

  • You have 505 total questions across 101 pages (5 per page)
  • These questions were last updated on February 7, 2026
  • This site is not affiliated with or endorsed by Microsoft.
Question 1 of 505
Your company recently created an Azure subscription.
You have been tasked with making sure that a specified user is able to implement Azure AD Privileged Identity Management (PIM).
Which of the following is the role you should assign to the user?
Suggested Answer: A

The Global administrator role is required to enable and manage Azure AD Privileged Identity Management (PIM). This role has the highest level of privilege in Azure AD and allows a user to configure, manage, and implement PIM settings and assignments. This role gives the necessary permissions to perform all administrative functions, including those related to PIM.

Community votes

No votes yet

Question 2 of 505
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.
You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.
Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced.
Solution: You recommend the use of pass-through authentication and seamless SSO with password hash synchronization.
Does the solution meet the goal?
Suggested Answer: A

The recommended use of pass-through authentication and seamless Single Sign-On (SSO) with password hash synchronization does meet the goal of ensuring that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant. Pass-through authentication ensures that user sign-ins are validated directly against the on-premises Active Directory, thereby enforcing on-premises password policies and account restrictions. Seamless SSO improves user experience by allowing users to automatically sign in when they are on their corporate devices connected to the corporate network. Password hash synchronization can provide redundancy and support for features like Azure AD Identity Protection without the need for additional infrastructure components, thereby reducing the number of necessary servers.

Community votes

No votes yet

Question 3 of 505
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.
You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.
Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced.
Solution: You recommend the use of federation with Active Directory Federation Services (AD FS).
Does the solution meet the goal?
Suggested Answer: B

Federation with Active Directory Federation Services (AD FS) requires multiple servers for setup and maintenance, including AD FS servers and Web Application Proxy (WAP) servers. This solution does not satisfy the requirement of reducing the number of necessary servers. Additionally, AD FS handles authentication externally, which may complicate enforcement of password policies and user logon limitations directly in Azure AD. Therefore, this solution does not meet the goal of integrating Active Directory and the Azure AD tenant while maintaining password policies, user logon limitations, and minimizing the number of servers required.

Community votes

No votes yet

Question 4 of 505
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.
You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.
Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced.
Solution: You recommend the use of password hash synchronization and seamless SSO.
Does the solution meet the goal?
Suggested Answer: B

The solution does not meet the goal because password hash synchronization and seamless Single Sign-On (SSO) do not fully enforce the password policies and user logon limitations from the on-premises Active Directory. Although password hash synchronization can enforce password complexity and expiration policies to some extent, it does not support specific logon limitations like time-based logons or other advanced restrictions. To ensure full enforcement of these policies, pass-through authentication (PTA) would be required, as it allows for real-time validation of users' passwords against the on-premises Active Directory. Therefore, recommending only password hash synchronization and seamless SSO is not sufficient for the stated requirements.

Community votes

No votes yet

Question 5 of 505
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.
After syncing all on-premises identities to Azure AD, you are informed that users with a givenName attribute starting with LAB should not be allowed to sync to
Azure AD.
Which of the following actions should you take?
Suggested Answer: A

To prevent users with a givenName attribute starting with LAB from syncing to Azure AD, you should use the Synchronization Rules Editor to create an attribute-based filtering rule. This tool allows you to create custom synchronization criteria based on specific attributes of the users, which fits the requirement stated in the question.

Community votes

No votes yet

About the Microsoft AZ-500 Certification Exam

About the Exam

The Microsoft AZ-500 (Microsoft Azure Security Technologies) validates your knowledge and skills. Passing demonstrates proficiency and can boost your career prospects in the field.

How to Prepare

Work through all 505 practice questions across 101 pages. Focus on understanding the reasoning behind each answer rather than memorizing responses to be ready for any variation on the real exam.

Why Practice Exams?

Practice exams help you familiarize yourself with the question format, manage your time, and reduce anxiety on the test day. Our AZ-500 questions are regularly updated to reflect the latest exam objectives.