Microsoft Certified: Cloud and AI Security Engineer Associate
Last Update Jun 19, 2026
Total Questions : 68
To help you prepare for the SC-500 Microsoft exam, we are offering free SC-500 Microsoft exam questions. All you need to do is sign up, provide your details, and prepare with the free SC-500 practice questions. Once you have done that, you will have access to the entire pool of Microsoft Certified: Cloud and AI Security Engineer Associate SC-500 test questions which will help you better prepare for the exam. Additionally, you can also find a range of Microsoft Certified: Cloud and AI Security Engineer Associate resources online to help you better understand the topics covered on the exam, such as Microsoft Certified: Cloud and AI Security Engineer Associate SC-500 video tutorials, blogs, study guides, and more. Additionally, you can also practice with realistic Microsoft SC-500 exam simulations and get feedback on your progress. Finally, you can also share your progress with friends and family and get encouragement and support from them.
You have an Azure virtual network named VNet1 that contains an Azure Bastion Subnet. VNet1 contains a subnet named Subnet1 Subnet1 contains multiple virtual machines.
You plan to deploy Azure Bastion to provide secure RDP access to the virtual machines on Subnet1. You associate a network security group (NSG) named NSG1 to Azure Bastion Subnet.
You need to configure rules for NSG1. The solution must meet the following requirements:
•Allow required inbound access to Azure Bastion from the internet.
•Allow user access to the virtual machines by using Azure Bastion.
Which TCP ports should you allow for the NSG1 rules? To answer, drag the appropriate ports to the correct rules. Each port may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the following servers:
•200 virtual machines that run either Windows Server or Ubuntu Server
•50 Azure Arc enabled servers
You use Azure Policy to manage compliance across all the servers.
You need to enforce an organization-specific security baseline. The solution must meet the following requirements:
•Customize a built-in security baseline.
•Ensure that configuration changes to the servers are enforced automatically after the security baseline is deployed.
♦Minimize administrative effort.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure management group named MG1 that contains two subscriptions named Sub1 and Sub? Both subscriptions are linked to a Microsoft Entra tenant that contains a security group named Group!
You need to ensure that the members of Group1 can assign roles to the resources in Sub1 and Sub2. The solution must follow the principle of least privilege.
Which role should you assign to Group1?
You use Microsoft Security Copilot.
Security Copilot contributors currently create custom plugins for their own sessions and manage organization-wide custom plugins.
You need to prevent the contributors from managing the organization-wide custom plugins. The solution must NOT affect the contributors ' ability to create custom plugins for their own sessions.
What should you select in the Plugin settings?
TESTED 19 Jun 2026
