You have an Azure subscription that has Microsoft Defender for Cloud enabled. You need to enforce ISO 27001:2013 standards for the subscription. The solution must ensure that noncompliant resources are remediated automatically. What should you use?
A.
Azure Policy
B.
Azure Blueprints
C.
the regulatory compliance dashboard in Defender for Cloud
Azure Blueprints is excellent for deploying a consistent set of resources, policies, and role assignments, but it does not continuously enforce compliance or provide automatic remediation on its own.
Azure Policy provides the ongoing enforcement and remediation capabilities needed to ensure that resources remain compliant with ISO 27001:2013 standards.
Therefore, while Azure Blueprints can be used to initially deploy the necessary compliance infrastructure, Azure Policy is the tool that ensures continuous compliance and automatic remediation.
I would go with Blueprint because it contains Policies, and RBAC and customised configuration. Once Blueprint is used it maintains its link to configuration to ensure automated compliance.
See the table here: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/manage/azure-management-guide/operational-compliance?tabs=UpdateManagement%2CAzurePolicy%2CAzureBlueprints
See the differences here: https://k21academy.com/az-305/azure-rbac-vs-azure-policies-vs-azure-blueprints/
You are going beyond the requirements, whilst policy and RBAC etc can be part of Blue prints. All that is needed here in the most simplistic form is Azure policy.
A is the answer.
https://learn.microsoft.com/en-us/azure/governance/policy/overview
Azure Policy helps to enforce organizational standards and to assess compliance at-scale. Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill down to the per-resource, per-policy granularity. It also helps to bring your resources to compliance through bulk remediation for existing resources and automatic remediation for new resources.
blueprint contains policy as a child item , I think key here automatic resolution which happens when deployifnotexists effect is added in the policy; so will go with policy to honor the details present in the question
deployifnotexist to be enabled in Azure Policy. Source: https://learn.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources?tabs=azure-portal
Azure Policy, unfortunatly at the moment of this writting Blueprints are in preview and thus should not be used in production (this will change in the future as it is a good solution).
This section is not available anymore. Please use the main Exam Page.SC-100 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
HardcodedCloud
Highly Voted 2 years, 7 months agocrutester
Highly Voted 9 months, 3 weeks agoNoexperience
Most Recent 7 months, 2 weeks agoayadmawla
1 year, 2 months agomacka2005
9 months, 3 weeks agosehlohomoletsane
1 year, 2 months agoedurakhan
1 year, 11 months agozellck
1 year, 11 months agoOCHT
2 years, 1 month agoGurulee
2 years, 1 month agoKrishnaSK1
2 years, 2 months agoRocky83
2 years, 3 months agoGeVanDerBe
1 year, 12 months agoTJ001
2 years, 4 months agoSec_Arch_Chn
2 years, 5 months agotechtest848
2 years, 5 months agoSelloLed
2 years, 6 months agoKamal_SriLanka
2 years, 6 months agoJCkD4Ni3L
2 years, 7 months ago