ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 2 question 5 discussion

Actual exam question from Microsoft's SC-100
Question #: 5
Topic #: 2
[All SC-100 Questions]

You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You have an Amazon Web Services (AWS) implementation.
You plan to extend the Azure security strategy to the AWS implementation. The solution will NOT use Azure Arc.
Which three services can you use to provide security for the AWS resources? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Microsoft Defender for Containers
  • B. Microsoft Defender for servers
  • C. Azure Active Directory (Azure AD) Conditional Access
  • D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
  • E. Azure Policy
Show Suggested Answer Hide Answer
Suggested Answer: ACD 🗳️
by Alex_Burlachenko at Aug. 30, 2022, 6:42 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
zts
Highly Voted 2 years, 5 months ago
Selected Answer: ACE
I would go for ACE. That being said, this link covers Azure Policy Extension in hardening Kubernetes data plane. https://docs.microsoft.com/en-us/azure/defender-for-cloud/supported-machines-endpoint-solutions-clouds-containers?tabs=aws-eks
upvoted 23 times
[Removed]
2 years, 5 months ago
Not B (servers require Arc). Not D: PIM is more of the kind nice-to-have.
upvoted 2 times
Fal991l
1 year, 11 months ago
No, Microsoft Defender for servers does not require Azure Arc to extend protection to hybrid cloud workloads, including servers running on AWS. Azure Arc is a separate Azure service that enables you to manage servers, Kubernetes clusters, and applications on-premises, at the edge, and in multi-cloud environments from a single control plane. It provides a centralized management experience and enables you to apply policies, update servers, and deploy applications across your hybrid cloud environment. However, if you want to use Azure Arc to manage your servers running on AWS, you can do so by using the Azure Arc enabled servers feature. This feature allows you to onboard your AWS instances to Azure Arc and manage them through the Azure portal or Azure APIs. In this case, you can also use Microsoft Defender for servers to extend protection to those AWS instances.
upvoted 3 times
wsrudmen
12 months ago
False, it's required: https://learn.microsoft.com/fr-fr/azure/defender-for-cloud/plan-defender-for-servers
upvoted 4 times
...
...
mynk29
2 years, 1 month ago
PIM is privilege identity management.. I wouldn’t say its nice to have..its a must
upvoted 3 times
Raven84
1 year, 2 months ago
its only a security feature if you use 4-eyes principle. JIT access is no security feature if u can give roles by urself
upvoted 1 times
...
jasscomp
1 year, 4 months ago
Yes, it's a must for protecting identity but not the answer for this requirement.
upvoted 2 times
...
...
...
...
Jajee
Highly Voted 2 years ago
E can not be an answer, because in-order to apply Azure Policy on AWS based resources, you must need to use Azure Arc, which can not be the case based on requirements. So, ACD can be the possible answers.
upvoted 17 times
...
lam_15
Most Recent 1 week, 2 days ago
Selected Answer: ABE
A. Microsoft Defender for Containers B. Microsoft Defender for servers E. Azure Policy
upvoted 1 times
...
sweetykaur
2 weeks, 5 days ago
Selected Answer: ABE
To provide security for the AWS resources while extending your Azure security strategy, you can use the following three services: A. Microsoft Defender for Containers: Provides security monitoring for containerized environments, including those hosted on AWS. B. Microsoft Defender for servers: Provides advanced threat protection for servers, whether they are hosted on Azure, AWS, or on-premises. E. Azure Policy: Helps manage and enforce compliance by creating and applying policies across your resources, including those in AWS. These services ensure a comprehensive security approach that extends to your AWS implementation.
upvoted 1 times
...
zpack
3 weeks ago
Selected Answer: ACD
DfS can be onboarded using MDE, there's a feature called direct onboarding, although experience will be limited. Will go to ACD as don't think the question is with feature in mind.
upvoted 1 times
...
Jawa
1 month, 1 week ago
Selected Answer: ACD
ACD is the answer
upvoted 2 times
...
jvallespin
6 months, 4 weeks ago
Selected Answer: ACD
ACD - Without Arc, you cannot onboard VMs from AWS to Defender for cloud for servers so you cannot use it for increase security. Without Arc, you cannot apply Azure Policies to any AWS resources (With Arc only to EC2 Instances). PIM and Conditional Access are linked, if you assume that you can use one (because of AWS SSO integration), the other one as well. Defender for containers can be used without Arc to onboard the EKS Clusters.
upvoted 2 times
...
crutester
7 months, 2 weeks ago
Selected Answer: ACD
from ChatGPT No, Azure Policy cannot directly manage or enforce policies on AWS resources without Azure Arc. Azure Policy is designed to work natively within the Azure ecosystem, and to extend its governance capabilities to other cloud environments like AWS, Azure Arc is required. How Azure Policy Works with Azure Arc: Azure Arc for Servers: By connecting your AWS virtual machines to Azure Arc, they become Azure resources. You can then apply Azure Policy to these AWS VMs as if they were native Azure VMs. Azure Arc for Kubernetes: Similarly, you can connect your Kubernetes clusters running on AWS to Azure Arc. This allows you to apply Azure Policy to manage and enforce compliance on these Kubernetes clusters. Azure Arc for Data Services: This allows managing SQL Servers and other data services running on AWS using Azure Policy through Azure Arc.
upvoted 2 times
...
bxlin
9 months ago
Selected Answer: ACD
Microsoft Defender for Server: requires Arc in AWS Azure Policy for Kubernetes: requires Arc in AWS
upvoted 4 times
...
JHJ44
10 months, 2 weeks ago
Selected Answer: ABC
Microsoft Defender for Containers (Option A): This service provides runtime protection for containers, including threat detection, vulnerability assessment, and security recommendations. It helps secure containerized workloads running in AWS by identifying and mitigating risks. Microsoft Defender for Servers (Option B): This service offers endpoint protection for servers, including real-time threat detection, behavioral analysis, and automated response. By deploying it to your AWS instances, you can monitor and protect against malicious activities. Azure Active Directory (Azure AD) Conditional Access (Option C): Azure AD Conditional Access allows you to define policies that control access to your AWS resources based on conditions such as user location, device health, and risk level. You can enforce multi-factor authentication (MFA) or restr
upvoted 2 times
...
PierreTang
1 year ago
Selected Answer: ACD
E Kubernetes data plane hardening, but based on doc, "To deploy the Azure Policy for Kubernetes to specified clusters: From the recommendations page, search for the relevant recommendation: .... AWS and On-premises - "Azure Arc-enabled Kubernetes clusters should have the Azure policy extension for Kubernetes extension installed"." https://learn.microsoft.com/en-us/azure/defender-for-cloud/kubernetes-workload-protections#deploy-azure-policy-for-kubernetes-on-existing-clusters
upvoted 2 times
...
Jonny_Cage
1 year, 1 month ago
For designing security for Azure landing zones and looking to implement preventive controls to increase the secure score, the two options that would be most relevant are: A. Azure Web Application Firewall (WAF) - It provides centralized protection of your web applications from common exploits and vulnerabilities. B. Azure Active Directory (Azure AD) Privileged Identity Management (PIM) - It manages, controls, and monitors access within Azure AD, Azure, and other Microsoft Online Services.
upvoted 1 times
...
Jonny_Cage
1 year, 1 month ago
For extending Azure security strategies to AWS resources without using Azure Arc, the three services you can use are: B. Microsoft Defender for servers C. Azure Active Directory (Azure AD) Conditional Access D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
upvoted 2 times
Jonny_Cage
1 year, 1 month ago
These services can provide security for AWS resources by offering protection for servers (Defender), managing access based on conditions (Conditional Access), and controlling and monitoring privileged access (PIM).
upvoted 2 times
...
...
Cleggs
1 year, 1 month ago
Selected Answer: ACD
MDS and Azure Policy both require arc.
upvoted 2 times
joshuactz
1 year ago
No, Defender for Servers can work by just installing the Log analytics Agent - Azure Arc is not necessary. So imo the answer is BCD.
upvoted 2 times
...
...
ayadmawla
1 year, 1 month ago
Selected Answer: ACE
ACE seems right as per the following: https://learn.microsoft.com/en-us/defender-cloud-apps/protect-aws Policy / Sign-in / containers
upvoted 2 times
...
Murtuza
1 year, 1 month ago
Microsoft Entra ID offers several capabilities for direct integration with AWS: SSO across legacy, traditional, and modern authentication solutions. MFA, including integration with several third-party solutions from Microsoft Intelligent Security Association (MISA) partners. Powerful Conditional Access features for strong authentication and strict governance. Microsoft Entra ID uses Conditional Access policies and risk-based assessments to authenticate and authorize user access to the AWS Management Console and AWS resources. Large-scale threat detection and automated response. Microsoft Entra ID processes over 30 billion authentication requests per day, along with trillions of signals about threats worldwide. Privileged Access Management (PAM) to enable Just-In-Time (JIT) provisioning to specific resources.
upvoted 2 times
...
Murtuza
1 year, 1 month ago
Selected Answer: ACE
A, C, E are correct choices
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago