👤 Identity and Access Security - AZ-500 Practice Questions

Secure identities with conditional access, PIM, identity protection, and authentication methods.

7Questions Available
1Exam Domains

Practice Identity Security Questions Now

Start a timed practice session focusing on Identity and Access Security topics from the AZ-500 question bank.

Start AZ-500 Practice Quiz →

AZ-500 Identity Security Question Bank (7 Questions)

Browse all 7 practice questions covering Identity and Access Security for the AZ-500 certification exam. Answers are intentionally hidden on this page so you can self-test first before checking results in quiz mode.

  1. Question 1Secure identity and access

    A Conditional Access policy must block access to all cloud apps when a user's sign-in risk is classified as High. Which condition and control combination achieves this?

    ACondition: User risk = High; Control: Require MFA
    BCondition: Sign-in risk = High; Control: Block access
    CCondition: Device compliance = Unknown; Control: Block access
    DCondition: Sign-in risk = Medium; Control: Require password change

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-500 Quiz
  2. Question 2Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel

    A Sentinel analytics rule detects brute-force login attempts. The rule creates incidents. The SOC team wants to enrich incidents with user risk information from Azure AD Identity Protection. Which integration accomplishes this?

    ASentinel Microsoft Entra ID data connector ingesting Identity Protection alerts
    BSentinel Logic App querying Identity Protection API per incident
    CDefender for Identity connector
    DAzure Monitor diagnostic settings for Identity Protection

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-500 Quiz
  3. Question 3Secure identity and access

    Azure AD Identity Protection generates a user risk detection: 'Anomalous Token'. What does this detection typically indicate?

    AThe user's password has been changed
    BA token was replayed from an unusual location, suggesting token theft
    CMFA registration was completed from a new device
    DThe user's account was disabled

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-500 Quiz
  4. Question 4Secure identity and access

    An Azure AD Premium P2 feature provides risk-based access policies. If a sign-in risk is 'Medium', which Conditional Access control is typically appropriate for initial remediation?

    ABlock access completely
    BRequire MFA to complete the sign-in
    CRequire password change
    DRequire device enrollment in Intune

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-500 Quiz
  5. Question 5Secure identity and access

    An administrator wants to require MFA when users access Azure portal from locations not in the corporate IP range. Which Conditional Access component defines the corporate IP addresses?

    ATrusted device
    BNamed location
    CTrusted IP in MFA settings
    DService tag

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-500 Quiz
  6. Question 6Secure identity and access

    A Conditional Access policy must allow access for users on compliant devices but enforce MFA for users on non-compliant devices. Which configuration achieves this with one policy?

    ATwo separate policies: one for compliant, one for non-compliant
    BOne policy with grant control: Require MFA OR Require compliant device
    COne policy with grant control: Require MFA AND Require compliant device
    DNamed location exclusion for compliant device IP ranges

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-500 Quiz
  7. Question 7Secure identity and access

    An Azure AD B2B guest user needs to access a resource. The guest's home tenant enforces MFA. The resource tenant's Conditional Access policy also requires MFA. How is MFA satisfied?

    AGuest must complete MFA twice — once for home tenant and once for resource tenant
    BHome tenant MFA satisfies the resource tenant policy via MFA claims in the token
    CResource tenant MFA policy does not apply to B2B guests
    DGuest must use a managed device to satisfy both policies

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start AZ-500 Quiz

Key Identity Security Concepts for AZ-500

conditional accesspimidentity protectionmfapasswordlessauthentication methodssign-in riskuser risk

AZ-500 Identity Security Exam Tips

Identity and Access Security questions in AZ-500 are typically scenario-based. Focus on identity protection, platform hardening, data security, and security operations. Priority concepts: conditional access, pim, identity protection, mfa, passwordless, authentication methods.

What AZ-500 Expects

  • Anchor your answer in choose controls that reduce exposure while preserving least-privilege access.
  • Identity Security scenarios for AZ-500 are frequently mapped to Domain 1 (25-30%), so read the objective carefully before picking controls or architecture.
  • Expect multi-topic scenarios where Identity Security interacts with identity, networking, governance, or monitoring patterns rather than appearing as an isolated question.
  • When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Associate) and vendor best practices.

High-Value Identity Security Concepts

  • Know the core Identity Security building blocks cold: conditional access, pim, identity protection, mfa.
  • Review the edge-case features and limits for passwordless, authentication methods; these details are commonly used to differentiate answer choices.
  • Practice service-integration reasoning: how Identity Security pairs with Zero Trust, Compliance in real deployment patterns.
  • For AZ-500, explain why the chosen Identity Security design meets reliability, security, and cost expectations better than the alternatives.

Common AZ-500 Traps

  • Watch for identity controls that are too broad for the requested scope.
  • Questions in Manage Identity and Access often include distractors that look correct for Identity Security but violate least-privilege, compliance, or availability requirements.
  • Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
  • If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

  • Can you compare at least two Identity Security implementation paths and justify which one best fits the scenario?
  • Can you map the chosen answer back to Manage Identity and Access (25-30%) outcomes for AZ-500?
  • Can you explain security and access boundaries for Identity Security without relying on default-open assumptions?
  • Can you describe how Identity Security integrates with Zero Trust and Compliance during failure, scaling, and monitoring events?

Exam Domains Covering Identity Security

Domain 1Manage Identity and Access25-30%

Related Resources

🎯 Free AZ-500 Mock Exam Zero Trust Questions Compliance Questions

More AZ-500 Study Resources

← AZ-500 Study Hub30-Day Study PlanFull Practice Exam