ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 2 question 7 discussion

Actual exam question from Microsoft's SC-100
Question #: 7
Topic #: 2
[All SC-100 Questions]

HOTSPOT -
Your company has a multi-cloud environment that contains a Microsoft 365 subscription, an Azure subscription, and Amazon Web Services (AWS) implementation.
You need to recommend a security posture management solution for the following components:
✑ Azure IoT Edge devices

AWS EC2 instances -

Which services should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Microsoft Defender for IoT
Microsoft Defender for IoT is a unified security solution for identifying IoT and OT devices, vulnerabilities, and threats and managing them through a central interface.
Azure IoT Edge provides powerful capabilities to manage and perform business workflows at the edge. The key part that IoT Edge plays in IoT environments make it particularly attractive for malicious actors.
Defender for IoT azureiotsecurity provides a comprehensive security solution for your IoT Edge devices. Defender for IoT module collects, aggregates and analyzes raw security data from your Operating System and container system into actionable security recommendations and alerts.
Box 2: Microsoft Defender for Cloud and Azure Arc
Microsoft Defender for Cloud provides the following features in the CSPM (Cloud Security Posture Management) category in the multi-cloud scenario for AWS.
Take into account that some of them require Defender plan to be enabled (such as Regulatory Compliance):
* Detection of security misconfigurations
* Single view showing Security Center recommendations and AWS Security Hub findings
* Incorporation of AWS resources into Security Center's secure score calculations
* Regulatory compliance assessments of AWS resources
Security Center uses Azure Arc to deploy the Log Analytics agent to AWS instances.
Incorrect:
AWS EC2 Microsoft Defender for Cloud Apps
Amazon Web Services is an IaaS provider that enables your organization to host and manage their entire workloads in the cloud. Along with the benefits of leveraging infrastructure in the cloud, your organization's most critical assets may be exposed to threats. Exposed assets include storage instances with potentially sensitive information, compute resources that operate some of your most critical applications, ports, and virtual private networks that enable access to your organization.
Connecting AWS to Defender for Cloud Apps helps you secure your assets and detect potential threats by monitoring administrative and sign-in activities, notifying on possible brute force attacks, malicious use of a privileged user account, unusual deletions of VMs, and publicly exposed storage buckets.
Reference:
https://docs.microsoft.com/en-us/azure/defender-for-iot/device-builders/security-edge-architecture https://samilamppu.com/2021/11/04/multi-cloud-security-posture-management-in-microsoft-defender-for-cloud/
by Alex_Burlachenko at Aug. 30, 2022, 6:46 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
PlumpyTumbler
Highly Voted 1 year, 10 months ago
Good answer, bad references Defender for IoT https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/architecture EC2 instances need Defender for Cloud by way of Arc https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings https://docs.microsoft.com/en-us/azure/azure-arc/servers/overview#supported-cloud-operations
upvoted 22 times
zts
1 year, 10 months ago
We should still be thankful with examtopic researchers for their efforts, and least such examples makes us to validate our review and correct those mistakes :D)
upvoted 18 times
hb0011
1 year, 9 months ago
So this means the answer has to be Defender for IoT and Azure Arc only.
upvoted 2 times
...
...
...
Baz10
Highly Voted 2 months, 4 weeks ago
On Exam 8 Apr 2024 scored 764 answered as solution.
upvoted 6 times
...
ayadmawla
Most Recent 6 months ago
AWS accounts should have Azure Arc auto provisioning enabled For full visibility of the security content from Microsoft Defender for servers, EC2 instances should be connected to Azure Arc. To ensure that all eligible EC2 instances automatically receive Azure Arc, enable auto-provisioning from Defender for Cloud at the AWS account level. https://learn.microsoft.com/en-us/azure/defender-for-cloud/recommendations-reference-aws
upvoted 1 times
...
Arockia
6 months ago
For Question 1: Azure IoT Edge devices, the recommended security posture management solution is: e. Microsoft Defender for IoT: Microsoft Defender for IoT is designed specifically for securing IoT devices and provides advanced threat protection, vulnerability management, and continuous monitoring for IoT environments. It helps protect Azure IoT Edge devices by detecting and responding to security threats. For Question 2: AWS EC2 instances, the recommended security posture management solution is: f. Microsoft Defender for Endpoint only: Microsoft Defender for Endpoint (formerly known as Microsoft Defender ATP) is a comprehensive endpoint security solution that provides protection against various threats, including malware, advanced attacks, and vulnerabilities. While Azure Arc can be used to manage and monitor AWS resources, Microsoft Defender for Endpoint is the appropriate choice for securing the EC2 instances.
upvoted 2 times
...
Ramye
6 months, 1 week ago
Any idea, why Microsoft XDR references don’t include Defender for IoT/OT. Below is what I see mostly The component services that are part of the Microsoft Defender XDR stack are: Microsoft Defender for Identity Microsoft Defender for Office 365 Microsoft Defender for Cloud Apps Microsoft Defender for Endpoint
upvoted 1 times
...
Murtuza
6 months, 1 week ago
1. Microsoft Defender for IoT 2. Microsoft Defender for Cloud and Azure Arc
upvoted 1 times
...
zellck
1 year, 1 month ago
1. Microsoft Defender for IoT 2. Microsoft Defender for Cloud and Azure Arc https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/overview Microsoft Defender for IoT is a unified security solution built specifically to identify IoT and OT devices, vulnerabilities, and threats. Use Defender for IoT to secure your entire IoT/OT environment, including existing devices that may not have built-in security agents. https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings With cloud workloads commonly spanning multiple cloud platforms, cloud security services must do the same. Microsoft Defender for Cloud protects workloads in Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), GitHub and Azure DevOps (ADO). To enable the Defender for Servers plan, you'll need: - Azure Arc for servers installed on your EC2 instances.
upvoted 5 times
calotta1
10 months, 2 weeks ago
You are right about Azure Arc, but once the AWS connector is configured on MDC, and auto-provisioning enabled, Azure Arc will install on the EC2 instances. "We recommend that you use the auto-provisioning process to install Azure Arc on all of your existing and future EC2 instances"
upvoted 1 times
...
...
GeVanDerBe
1 year, 2 months ago
You need to recommend a security posture management solution. with that for AWS EC2 MDC only. https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings. --> Provide an agentless connection.
upvoted 1 times
GeVanDerBe
1 year, 2 months ago
wrong response. Forget my comment above!
upvoted 1 times
...
...
AJ2021
1 year, 4 months ago
correct
upvoted 1 times
...
SAMSH
1 year, 9 months ago
was in 20Sep2020 exam
upvoted 5 times
AzureJobsTillRetire
1 year, 4 months ago
I think he meant that he took the exam on 20 Sept 2022. Thank him for taking the time to verify that this question was in exam. Not many people do that. I was one of those lazy people as well. sorry for those see this comment...
upvoted 6 times
PeteNZ
1 year, 4 months ago
This exam wasn't even out then. Dude posts this everywhere.
upvoted 2 times
...
...
Pete_4779
1 year, 8 months ago
Did you get it right? What was your score?
upvoted 1 times
...
JakeCallham
1 year, 9 months ago
Dude stop this nonsense
upvoted 30 times
...
...
tester18128075
1 year, 10 months ago
correct
upvoted 3 times
...
JMuller
1 year, 10 months ago
correct
upvoted 1 times
...
Alex_Burlachenko
1 year, 10 months ago
correct
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago