HOTSPOT - You need to recommend a solution to meet the compliance requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
for second one it sould be update assignement:
https://learn.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage#update-assignment-with-exclusion
The question is about what you can use to enforce compliance to regulatory standards not to remediate non-compliance - A Blueprint is Correct. Azure Blueprints are used to enforce standards.
Not correct in my opinion: "Fabrikam wants to automatically remediate the virtual machines in Sub1 to be compliant with the HIPAA HITRUST standard."
MS says: Remediation is accomplished through remediation tasks that deploy the deployIfNotExists template or the modify operations of the assigned policy
Defender Workflow Automation is described as follows:
This feature can trigger consumption Logic Apps on security alerts, recommendations, and changes to regulatory compliance.
https://learn.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation
From my point of view, Workflow Automation offers the best set of possibilities to enforce compliance.
Also: Blueprint is still in PREVIEW and will be replaced in the future.
For connectivity from App Service web apps to virtual machines, use:
Private endpoints: This provides a private IP address for the App Service web app within the virtual network, enabling secure connectivity to virtual machines.
For connectivity from virtual machines to App Service web apps, use:
Service endpoints: This secures your Azure service resources to only your virtual network by extending your virtual network private address space and the identity of your VNet to the Azure services over a direct connection.
Seems like the following answers fit given https://learn.microsoft.com/en-us/azure/governance/policy/samples/hipaa-hitrust-9-2:
1 - Blueprint
2 - Update Azure Policy
1. Blueprint
2. Update an Azure policy assignment
https://learn.microsoft.com/en-us/azure/governance/blueprints/overview#blueprint-definition
Policy Assignment
- Allows assignment of a policy or initiative to the subscription the blueprint is assigned to. The policy or initiative must be within the scope of the blueprint definition location. If the policy or initiative has parameters, these parameters are assigned at creation of the blueprint or during blueprint assignment.
https://learn.microsoft.com/en-us/azure/governance/policy/concepts/exemption-structure#policy-assignment-id
The Azure Policy exemptions feature is used to exempt a resource hierarchy or an individual resource from evaluation of initiatives or definitions.
Excluded scopes
The scope of the assignment includes all child resource containers and child resources. If a child resource container or child resource shouldn't have the definition applied, each can be excluded from evaluation by setting notScopes. This property is an array to enable excluding one or more resource containers or resources from evaluation. notScopes can be added or updated after creation of the initial assignment.
So second one should be "update assignement"
"Workflow Automation" for enforcing regulatory standard, it uses Logic App which can enforce compliance to the standard by reverting back a change.
Second one should be update a policy assignment.
Answer is "Managed Identity" to enforce compliance to existing environment resources
Other one is "Update a policy assignment"
Tricky question but we need to know policies are already in place in their environment according to given background.
I think "Update a policy assignment" is the correct answer for second question. There is no exemption component in policy definition - https://docs.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure, while it is in policy assignment - https://docs.microsoft.com/en-us/azure/governance/policy/concepts/assignment-structure
I believe “To enforce compliance…” is “A managed identity”, based on the info at this link: https://docs.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources
The second answer looks correct to me.
good catch, there will be an initiative assigne with remediation tasks and apply if not exist that can run on MI,
the blueprint will only assign the policy or initiative, not really enforce it
upvoted 3 times
...
...
This section is not available anymore. Please use the main Exam Page.SC-100 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
krzys0
Highly Voted 2 years, 7 months agoTheMCT
Highly Voted 2 years, 7 months agoAunehwet79
2 years, 3 months agoToschu
2 years agoTomRoute66
Most Recent 6 months, 2 weeks agoJonny_Cage
1 year, 2 months agoslobav
1 year, 6 months agoKrissB
1 year, 7 months agohydrillo
1 year, 10 months agozellck
1 year, 11 months agozellck
1 year, 10 months agoSsasid
2 years, 2 months agoGoGetIt786786
2 years, 2 months agoksksilva2022
2 years, 5 months agobottom_feeder
2 years, 7 months agoSkippyTheMagnificent
2 years, 7 months agoblopfr
2 years, 5 months ago