ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 2 question 5 discussion

Actual exam question from Microsoft's SC-100
Question #: 5
Topic #: 2
[All SC-100 Questions]

You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You have an Amazon Web Services (AWS) implementation.
You plan to extend the Azure security strategy to the AWS implementation. The solution will NOT use Azure Arc.
Which three services can you use to provide security for the AWS resources? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Microsoft Defender for Containers
  • B. Microsoft Defender for servers
  • C. Azure Active Directory (Azure AD) Conditional Access
  • D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
  • E. Azure Policy
Show Suggested Answer Hide Answer
Suggested Answer: ACD 🗳️
by Alex_Burlachenko at Aug. 30, 2022, 6:42 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
zts
Highly Voted 2 years, 4 months ago
Selected Answer: ACE
I would go for ACE. That being said, this link covers Azure Policy Extension in hardening Kubernetes data plane. https://docs.microsoft.com/en-us/azure/defender-for-cloud/supported-machines-endpoint-solutions-clouds-containers?tabs=aws-eks
upvoted 21 times
[Removed]
2 years, 4 months ago
Not B (servers require Arc). Not D: PIM is more of the kind nice-to-have.
upvoted 2 times
Fal991l
1 year, 10 months ago
No, Microsoft Defender for servers does not require Azure Arc to extend protection to hybrid cloud workloads, including servers running on AWS. Azure Arc is a separate Azure service that enables you to manage servers, Kubernetes clusters, and applications on-premises, at the edge, and in multi-cloud environments from a single control plane. It provides a centralized management experience and enables you to apply policies, update servers, and deploy applications across your hybrid cloud environment. However, if you want to use Azure Arc to manage your servers running on AWS, you can do so by using the Azure Arc enabled servers feature. This feature allows you to onboard your AWS instances to Azure Arc and manage them through the Azure portal or Azure APIs. In this case, you can also use Microsoft Defender for servers to extend protection to those AWS instances.
upvoted 3 times
wsrudmen
10 months, 2 weeks ago
False, it's required: https://learn.microsoft.com/fr-fr/azure/defender-for-cloud/plan-defender-for-servers
upvoted 3 times
...
...
mynk29
1 year, 11 months ago
PIM is privilege identity management.. I wouldn’t say its nice to have..its a must
upvoted 3 times
Raven84
1 year ago
its only a security feature if you use 4-eyes principle. JIT access is no security feature if u can give roles by urself
upvoted 1 times
...
jasscomp
1 year, 3 months ago
Yes, it's a must for protecting identity but not the answer for this requirement.
upvoted 2 times
...
...
...
...
Jajee
Highly Voted 1 year, 11 months ago
E can not be an answer, because in-order to apply Azure Policy on AWS based resources, you must need to use Azure Arc, which can not be the case based on requirements. So, ACD can be the possible answers.
upvoted 16 times
...
Jawa
Most Recent 1 day, 16 hours ago
Selected Answer: ACD
ACD is the answer
upvoted 1 times
...
jvallespin
5 months, 2 weeks ago
Selected Answer: ACD
ACD - Without Arc, you cannot onboard VMs from AWS to Defender for cloud for servers so you cannot use it for increase security. Without Arc, you cannot apply Azure Policies to any AWS resources (With Arc only to EC2 Instances). PIM and Conditional Access are linked, if you assume that you can use one (because of AWS SSO integration), the other one as well. Defender for containers can be used without Arc to onboard the EKS Clusters.
upvoted 2 times
...
crutester
6 months, 1 week ago
Selected Answer: ACD
from ChatGPT No, Azure Policy cannot directly manage or enforce policies on AWS resources without Azure Arc. Azure Policy is designed to work natively within the Azure ecosystem, and to extend its governance capabilities to other cloud environments like AWS, Azure Arc is required. How Azure Policy Works with Azure Arc: Azure Arc for Servers: By connecting your AWS virtual machines to Azure Arc, they become Azure resources. You can then apply Azure Policy to these AWS VMs as if they were native Azure VMs. Azure Arc for Kubernetes: Similarly, you can connect your Kubernetes clusters running on AWS to Azure Arc. This allows you to apply Azure Policy to manage and enforce compliance on these Kubernetes clusters. Azure Arc for Data Services: This allows managing SQL Servers and other data services running on AWS using Azure Policy through Azure Arc.
upvoted 2 times
...
bxlin
7 months, 2 weeks ago
Selected Answer: ACD
Microsoft Defender for Server: requires Arc in AWS Azure Policy for Kubernetes: requires Arc in AWS
upvoted 4 times
...
JHJ44
9 months, 1 week ago
Selected Answer: ABC
Microsoft Defender for Containers (Option A): This service provides runtime protection for containers, including threat detection, vulnerability assessment, and security recommendations. It helps secure containerized workloads running in AWS by identifying and mitigating risks. Microsoft Defender for Servers (Option B): This service offers endpoint protection for servers, including real-time threat detection, behavioral analysis, and automated response. By deploying it to your AWS instances, you can monitor and protect against malicious activities. Azure Active Directory (Azure AD) Conditional Access (Option C): Azure AD Conditional Access allows you to define policies that control access to your AWS resources based on conditions such as user location, device health, and risk level. You can enforce multi-factor authentication (MFA) or restr
upvoted 2 times
...
PierreTang
10 months, 3 weeks ago
Selected Answer: ACD
E Kubernetes data plane hardening, but based on doc, "To deploy the Azure Policy for Kubernetes to specified clusters: From the recommendations page, search for the relevant recommendation: .... AWS and On-premises - "Azure Arc-enabled Kubernetes clusters should have the Azure policy extension for Kubernetes extension installed"." https://learn.microsoft.com/en-us/azure/defender-for-cloud/kubernetes-workload-protections#deploy-azure-policy-for-kubernetes-on-existing-clusters
upvoted 2 times
...
Jonny_Cage
11 months, 3 weeks ago
For designing security for Azure landing zones and looking to implement preventive controls to increase the secure score, the two options that would be most relevant are: A. Azure Web Application Firewall (WAF) - It provides centralized protection of your web applications from common exploits and vulnerabilities. B. Azure Active Directory (Azure AD) Privileged Identity Management (PIM) - It manages, controls, and monitors access within Azure AD, Azure, and other Microsoft Online Services.
upvoted 1 times
...
Jonny_Cage
11 months, 3 weeks ago
For extending Azure security strategies to AWS resources without using Azure Arc, the three services you can use are: B. Microsoft Defender for servers C. Azure Active Directory (Azure AD) Conditional Access D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
upvoted 2 times
Jonny_Cage
11 months, 3 weeks ago
These services can provide security for AWS resources by offering protection for servers (Defender), managing access based on conditions (Conditional Access), and controlling and monitoring privileged access (PIM).
upvoted 2 times
...
...
Cleggs
12 months ago
Selected Answer: ACD
MDS and Azure Policy both require arc.
upvoted 2 times
joshuactz
10 months, 4 weeks ago
No, Defender for Servers can work by just installing the Log analytics Agent - Azure Arc is not necessary. So imo the answer is BCD.
upvoted 2 times
...
...
ayadmawla
1 year ago
Selected Answer: ACE
ACE seems right as per the following: https://learn.microsoft.com/en-us/defender-cloud-apps/protect-aws Policy / Sign-in / containers
upvoted 2 times
...
Murtuza
1 year ago
Microsoft Entra ID offers several capabilities for direct integration with AWS: SSO across legacy, traditional, and modern authentication solutions. MFA, including integration with several third-party solutions from Microsoft Intelligent Security Association (MISA) partners. Powerful Conditional Access features for strong authentication and strict governance. Microsoft Entra ID uses Conditional Access policies and risk-based assessments to authenticate and authorize user access to the AWS Management Console and AWS resources. Large-scale threat detection and automated response. Microsoft Entra ID processes over 30 billion authentication requests per day, along with trillions of signals about threats worldwide. Privileged Access Management (PAM) to enable Just-In-Time (JIT) provisioning to specific resources.
upvoted 2 times
...
Murtuza
1 year ago
Selected Answer: ACE
A, C, E are correct choices
upvoted 2 times
...
Murtuza
1 year ago
E: Kubernetes data plane hardening. For a bundle of recommendations to protect the workloads of your Kubernetes containers, install the Azure Policy for Kubernetes. You can also auto deploy this component as explained in enable auto provisioning of agents and extensions. With the add-on on your AKS cluster, every request to the Kubernetes API server will be monitored against the predefined set of best practices before being persisted to the cluster. You can then configure to enforce the best practices and mandate them for future workloads.
upvoted 1 times
...
juanpe147
1 year, 1 month ago
ACD, Policy requires Axure Policy
upvoted 1 times
...
Bondaexam
1 year, 1 month ago
C. Azure Active Directory (Azure AD) Conditional Access Most VotedMost Voted D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM) Most Voted E. Azure Policy Most Voted Both MS Defender for servers and containers need Arc - you could simply google it and it would pull into MS documentation.
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago