Exam AZ-400 topic 3 question 18 discussion

https://docs.microsoft.com/en-us/azure/security-center/features-paas C and E

Answer: B & C I know, it's weird to agree with the solution provided by exam topics. But why do I agree? 1) create a Keyvault and a VM 2) go to each resource, and search for "security" in the left pane 3) view the security recommendations. Also, note the blue banner on top stating: "Visit Security Center to manage security across your virtual networks, data, apps, and more"

I go for C and E

Microsoft Defender for Cloud has Defender For Servers and Defender for Containers Defender for Servers -> scans the Ubuntu server Defender for Containers has implicit an Vulnerability assessment for Azure as a feature. https://learn.microsoft.com/en-us/azure/defender-for-cloud/agentless-vulnerability-assessment-azure In the docs it states: This feature supports scanning of images in the Azure Container Registry (ACR) only. Images that are stored in other container registries should be imported into ACR for coverage. Learn how to import container images to a container registry.

https://learn.microsoft.com/en-us/security/benchmark/azure/security-control-vulnerability-management Follow recommendations from Azure Security Center on performing vulnerability assessments on your Azure virtual machines, container images, and SQL servers.

As per https://learn.microsoft.com/en-us/azure/defender-for-cloud/support-matrix-defender-for-cloud

C and E

As per : https://learn.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-vm The Vulnerability scanning is only available for virtual machines, Azure SQL databases and ACR images, so the right answer should be C, E

On exam 2023-09-06, selected C and E Score 933

should be C and E

Correct answer is C&E

B,C and E. The question was poorly worded and there are 3 possible options. Azure Security Center will always look for vulnerabilities in VM (Windows/Linux) and Azure key vault. There is a particular issue regarding the Azure Security Center performing vulnerability assessments on the Azure Container Registry or on images hosted there. In fact, the search for vulnerabilities will occur in the Azure Container Registry as a whole, that is, in the service itself, in the images, in the cluster, nodes and Kubernetes pods.

CE is the answer. https://learn.microsoft.com/en-us/security/benchmark/azure/security-control-vulnerability-management#51-run-automated-vulnerability-scanning-tools Follow recommendations from Azure Security Center on performing vulnerability assessments on your Azure virtual machines, container images, and SQL servers.

From chatGPT In Azure Security Center, you can receive vulnerability assessments for various resources. Some of the resources for which you can receive vulnerability assessments include: Virtual Machines, Azure App Service,Azure Kubernetes Service (AKS), Azure SQL Database, Azure Functions, Azure Container Registry and Azure Storage accounts. So Answer is C&E

correct answers C & E

C,E https://learn.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-defender-vulnerability-management https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure

From ChatGPT: C. the Azure virtual machines that run the latest version of Ubuntu E. The Windows Server 2019 container images hosted in the Azure Container Registry. Azure Security Center provides vulnerability assessment for a range of resources, including virtual machines, containers, and container registries.