ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 2 question 16 discussion

Actual exam question from Microsoft's SC-100
Question #: 16
Topic #: 2
[All SC-100 Questions]

HOTSPOT -
You open Microsoft Defender for Cloud as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Azure Web Application Firewall (WAF)
Restrict unauthorized network access control: 1 resource out of 11 needs to be addresses.
Restrict unauthorized network access - Azure offers a suite of tools designed to ensure accesses across your network meet the highest security standards.
Use these recommendations to manage Defender for Cloud's adaptive network hardening settings, ensure you've configured Azure Private Link for all relevant
PaaS services, enable Azure Firewall on your virtual networks, and more.
Note: Azure Web Application Firewall (WAF) is an optional addition to Azure Application Gateway.
Azure WAF protects inbound traffic to the web workloads, and the Azure Firewall inspects inbound traffic for the other applications. The Azure Firewall will cover outbound flows from both workload types.
Incorrect:
Not network security groups (NSGs).
Box 2: Microsoft Defender for servers
Enable endpoint protection - Defender for Cloud checks your organization's endpoints for active threat detection and response solutions such as Microsoft
Defender for Endpoint or any of the major solutions shown in this list.
When an Endpoint Detection and Response (EDR) solution isn't found, you can use these recommendations to deploy Microsoft Defender for Endpoint (included as part of Microsoft Defender for servers).
Incorrect:
Not Microsoft Defender for Resource Manager:
Microsoft Defender for Resource Manager does not handle endpoint protection.
Microsoft Defender for Resource Manager automatically monitors the resource management operations in your organization, whether they're performed through the Azure portal, Azure REST APIs, Azure CLI, or other Azure programmatic clients. Defender for Cloud runs advanced security analytics to detect threats and alerts you about suspicious activity.
Reference:
https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls
by Alex_Burlachenko at Aug. 30, 2022, 6:56 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
HardcodedCloud
Highly Voted 2 years, 4 months ago
Selection 1: NSG Selection 2: Microsoft Defender for servers
upvoted 98 times
...
[Removed]
Highly Voted 2 years, 5 months ago
NSGs: https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/security-control-restrict-unauthorized-network-access/ba-p/1593833
upvoted 22 times
...
junglejoy
Most Recent 6 months, 4 weeks ago
Selection 1: NSG - https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/security-control-restrict-unauthorized-network-access/ba-p/1593833 Selection 2: Defender for servers
upvoted 3 times
...
ayadmawla
11 months, 1 week ago
For those choosing NSG, you should actually look at the options given in the recommendation under Network Security and you will see clearly that it DOES NOT EXIST. The recommendations are for a Firewall, WAF, etc but not NSG which is applicable at the level of a VNET and not a subscription which may or may not have any vnets.
upvoted 2 times
Mnguyen0503
9 months, 2 weeks ago
Incorrect. WAF is a layer-7 appliance. It doesn't care about network (layer 3), only application protocols (HTTP, HTTPS, etc).
upvoted 1 times
...
wsrudmen
11 months ago
No you're wrong Expand the menu and you can see: Internet-facing virtual machines should be protected with network security groups All network ports should be restricted on NSG associated to your VM etc. There's no WAF and CA item in the list...
upvoted 4 times
...
...
harimurti20
1 year, 1 month ago
NSG:Unautorised Network access can be prevented by NSG Microsoft Defender for Server
upvoted 2 times
...
smanzana
1 year, 3 months ago
Box1: NSG Box2: Microsoft Defender for servers
upvoted 2 times
...
slobav
1 year, 4 months ago
Selection 1: NSG Selection 2: Microsoft Defender for servers Explanation: Question 85 https://www.youtube.com/watch?v=_DvisTemjGQ&list=PLQ2ktTy9rklhzzkSEZvDZT4QSIVUQZD-Y&index=6
upvoted 2 times
...
calotta1
1 year, 5 months ago
I'd have selected WAF but i can see it is under "Protect applications against DDoS attacks" recommendations. NSG is the right for 1st box and MDfS is correct. REF: https://learn.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls?branch=main#security-controls-and-their-recommendations
upvoted 3 times
...
bmulvIT
1 year, 8 months ago
Question in the exam today 19/05/2023
upvoted 7 times
JpTheCloudGuy
1 year, 6 months ago
What were your selections?
upvoted 1 times
...
allinict
1 year ago
please if you dont have the right answers do not type anything.
upvoted 1 times
poesklap
11 months, 1 week ago
That was not very nice
upvoted 3 times
...
...
...
zellck
1 year, 8 months ago
1. NSG 2. Microsoft Defender for servers https://learn.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls#security-controls-and-their-recommendations
upvoted 4 times
...
Ajdlfasudfo0
1 year, 11 months ago
NSG + MDfS
upvoted 1 times
...
steve_gatsby
1 year, 11 months ago
WAF is incorrect as it only affects level 7 layer of HTTP protocol
upvoted 3 times
...
ad77
2 years ago
1. nsg - ref. 4, https://learn.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls?branch=main#how-your-secure-score-is-calculated 2.. defender for endpoint ref 2. https://learn.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls?branch=main#how-your-secure-score-is-calculated
upvoted 2 times
ad77
2 years ago
2.. defender for server
upvoted 1 times
...
...
nieprotetkniteeetr
2 years ago
NSG https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/security-control-restrict-unauthorized-network-access/ba-p/1593833
upvoted 3 times
...
Rocky83
2 years ago
NSG and M$ Defender for Servers
upvoted 2 times
...
Hullstar
2 years ago
1 and 2, just checked my live environment and NSG is at the top of the list
upvoted 1 times
Hullstar
2 years ago
sorry: 1-NSG, 2:MDS
upvoted 1 times
...
...
purek77
2 years ago
Quick analysis of https://learn.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls tells us that - Restrict unauthorized network access = Virtual networks should be protected by Azure Firewall - Enable endpoint protection = Defender for Cloud checks your organization’s endpoints for active threat detection and response solutions such as [list], [list] shows Defender for Servers and/or Defender for Containers. Therefore answers are: - Azure Web Application Firewall (WAF) - Microsoft Defender for Servers
upvoted 1 times
purek77
2 years ago
Well, after rethinking it should be NSG and MDfS
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago