Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You manage an existing route-based VPN gateway that uses the VpnGw2 SKU and currently provides a site-to-site connection to your on-premises datacenter. The security team asks you to add point-to-site (P2S) remote access so that users authenticate with Azure Active Directory and perform multifactor authentication (MFA). In addition, the SSTP tunneling protocol must not be allowed. Which action should you perform on the VPN gateway to meet these requirements?

  • Configure Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) with user certificates and enforce MFA through Conditional Access.

  • Replace the route-based gateway with a policy-based VPN gateway and enable IKEv1 for P2S connections.

  • Enable the OpenVPN protocol on the existing VpnGw2 gateway and configure Azure AD as the P2S authentication method.

  • Downgrade the gateway to the Basic SKU and configure RADIUS authentication for P2S users.

Microsoft Azure Security Engineer Associate AZ-500
Secure networking
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot