ExamTopics Logo
Mail Us[email protected]
Menu
Apics Discussions
exam questions

Exam CSCP All Questions

View all questions & answers for the CSCP exam
Go to Exam

Exam SC-100 topic 4 question 19 discussion

Actual exam question from APICS's CSCP
Question #: 19
Topic #: 1
[All CSCP Questions]

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.

The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.

You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.

Which security control should you recommend?

  • A. adaptive application controls in Defender for Cloud
  • B. app protection policies in Microsoft Endpoint Manager
  • C. OAuth app policies in Microsoft Defender for Cloud Apps
  • D. Azure Active Directory (Azure AD) Conditional Access App Control policies
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by sfok at Jan. 7, 2023, 11:14 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
purek77
Highly Voted 2 years, 1 month ago
Actually there seems no correct answer here. Requirement is clear "the application must be blocked automatically until an administrator authorizes the application", but looking at Adaptative Application controls details: No enforcement options are currently available. Adaptive application controls are intended to provide security alerts if any application runs other than the ones you've defined as safe. Source - https://learn.microsoft.com/en-us/azure/defender-for-cloud/adaptive-application-controls#are-there-any-options-to-enforce-the-application-controls
upvoted 5 times
nieprotetkniteeetr
2 years, 1 month ago
The best of this is A.
upvoted 3 times
...
Aunehwet79
2 years ago
Agree none of these are fully correct - this question appears three times in this questions list and the other comments refer to A as the best as well
upvoted 2 times
Ramye
1 year, 1 month ago
yes - same questions - 5x actually Question#23 Under Topic 2 Question#46 Under Topic 2 Question#1 Under Topic 4 Question#26 under Topic 4
upvoted 1 times
...
...
...
gical
Most Recent 1 month, 3 weeks ago
Selected Answer: A
Using Adaptive application controls can help simplify the process of configuring and maintaining application policies. By using Adaptive application controls, you can: -Block attempts to run potentially malicious applications. -Receive alerts when adaptive application control blocks an application https://learn.microsoft.com/en-us/training/modules/create-implement-application-allowlists-adaptive-application-control/2-describe-controls
upvoted 1 times
...
Gats_28
2 months, 4 weeks ago
Selected Answer: A
I'll go with A
upvoted 2 times
...
dc864d4
3 months, 2 weeks ago
Now controlled through intune app policies
upvoted 1 times
...
sherifhamed
1 year, 5 months ago
Selected Answer: A
A. Adaptive application controls in Defender for Cloud Adaptive application controls, often referred to as application whitelisting, allow you to specify which applications are authorized to run on your virtual machines and block all others. If an unauthorized application attempts to run, it will be blocked until an administrator authorizes it. This control provides a strong layer of security against unapproved or malicious applications. The other options (B, C, and D) are not primarily designed for controlling which applications can run on Windows Server 2019 virtual machines in your Azure subscription
upvoted 4 times
...
Xavier_Alonso
1 year, 5 months ago
A is the answer. How to block intentional or unintentional deletion of backup data? https://learn.microsoft.com/en-us/azure/backup/protect-backups-from-ransomware-faq#how-to-block-intentional-or-unintentional-deletion-of--backup-data
upvoted 1 times
...
ServerBrain
1 year, 6 months ago
Selected Answer: C
https://learn.microsoft.com/en-us/defender-cloud-apps/app-permission-policy
upvoted 2 times
...
zellck
1 year, 9 months ago
Selected Answer: A
A is the answer. https://learn.microsoft.com/en-us/azure/defender-for-cloud/adaptive-application-controls Adaptive application controls are an intelligent and automated solution for defining allowlists of known-safe applications for your machines. Often, organizations have collections of machines that routinely run the same processes. Microsoft Defender for Cloud uses machine learning to analyze the applications running on your machines and create a list of the known-safe software. Allowlists are based on your specific Azure workloads, and you can further customize the recommendations using the following instructions. When you've enabled and configured adaptive application controls, you'll get security alerts if any application runs other than the ones you've defined as safe.
upvoted 4 times
...
Gurulee
1 year, 11 months ago
Selected Answer: A
Although none of the options can block the app, A is the best choice. The correct solution should be Windows Defender Application Control and AppLocker.
upvoted 4 times
...
AMDf
2 years, 1 month ago
Selected Answer: A
Correct
upvoted 3 times
...
sfok
2 years, 1 month ago
A is correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago