Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You administer an Azure Container Registry (ACR) named contosoacr that holds several image repositories, including one named dev. An on-premises build server must be able to pull images from the dev repository only and must not be able to list or access any other repositories in the registry. You also want to issue short-lived credentials that are independent of Azure Active Directory. What should you do?

  • Create a scope map that grants content/read on the dev repository, generate an ACR token associated with the scope map, and supply the token's password to the build server.

  • Enable anonymous pull on contosoacr and use an Azure Storage firewall rule to restrict access to the dev repository path.

  • Enable the admin user for contosoacr and share the admin username and password with the build server.

  • Assign the built-in Azure role AcrPull to the build server's service principal at the registry scope.

Microsoft Azure Security Engineer Associate AZ-500
Secure compute, storage, and databases
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot