Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You administer an Azure storage account that hosts several Azure Files SMB shares. All employees sign in to their Windows 10 computers by using on-premises Active Directory accounts that are synchronized to Microsoft Entra ID. The security team insists that users must map the shares with their existing Kerberos credentials and that no storage account keys or SAS tokens are to be distributed. Which configuration meets these requirements?

  • Create stored-access-policy SAS tokens for each share and distribute the SAS URIs to users.

  • Enable a private endpoint for the storage account and disable all public network access.

  • Regenerate and deploy the two storage account access keys to users every 90 days by using a Group Policy script.

  • Enable Microsoft Entra Kerberos authentication for Azure Files without deploying Azure AD Domain Services.

Microsoft Azure Security Engineer Associate AZ-500
Secure compute, storage, and databases
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot