Exam SC-100 topic 7 question 1 discussion

The requirement is to identify EC2 instances which are noncompliant with secure score recommendations. Secure Score = Defender for Cloud.

Defender for Cloud Microsoft Sentinel https://learn.microsoft.com/en-us/azure/sentinel/connect-aws?tabs=s3

This line "Defender for Servers is one of the enhanced security features available in Microsoft Defender for Cloud." is making me think twice to choose the correct answer between Defender for Cloud and Defeder for servers. Any clarifications?

Microsoft Defender for Cloud provides "Cloud Security Posture Management" (CSPM), providing a security analysis of all the resources in your cloud estates

Box1: Defender for Cloud Box2: Microsoft Sentinel https://www.youtube.com/watch?v=r-P-2lGzPFQ&list=PLQ2ktTy9rklhzzkSEZvDZT4QSIVUQZD-Y&index=9 Question 108

secure score recommendations are in Defender for Cloud. I'm going with Defender for Cloud and Sentinel.

In the exam 29.05.2023

1. Defender for Cloud 2. Microsoft Sentinel https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings With cloud workloads commonly spanning multiple cloud platforms, cloud security services must do the same. Microsoft Defender for Cloud protects workloads in Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), GitHub and Azure DevOps (ADO). https://learn.microsoft.com/en-us/azure/sentinel/connect-aws?tabs=s3 Use the Amazon Web Services (AWS) connectors to pull AWS service logs into Microsoft Sentinel. These connectors work by granting Microsoft Sentinel access to your AWS resource logs. Setting up the connector establishes a trust relationship between Amazon Web Services and Microsoft Sentinel. This is accomplished on AWS by creating a role that gives permission to Microsoft Sentinel to access your AWS logs.

For requirement: “ Notify security administrators at Fabrikam if any AWS EC2 instances are noncompliant with secure score recommendations” >> Even though Defender for servers is a prerequisite to get secure score and recommendations in Defender for Cloud, I lean towards where we get recommendations: “ Native cloud connector (recommended) - Provides an agentless connection to your AWS account that you can extend with Defender for Cloud's Defender plans to secure your AWS resources: Cloud Security Posture Management (CSPM) assesses your AWS resources according to AWS-specific security recommendations and reflects your security posture in your secure score. ”

For box1, it is Microsoft Defender for servers. Microsoft Defender for servers is part of Microsoft Defender for Cloud. This answer is more specific and should be chosen over the general Microsoft Defender for Cloud. If the option is not available, we can choose Defender for Cloud as well.

Box 1 is Microsoft Defender for Cloud https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-how-to-connect-aws-machines-to-microsoft-defender/ba-p/3251096

Defender for cloud for EC2 https://learn.microsoft.com/en-us/azure/defender-for-cloud/recommendations-reference-aws

You can't view a secure score in Defender for servers. You configure defender for servers so that you can receive logs for AWS.You review a secure score in defender for cloud.

MDC and Sentinel

For AWS EC2 its Defender for cloud https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings

Answer is correct.

https://docs.microsoft.com/en-us/azure/sentinel/connect-aws?tabs=s3 Use the Amazon Web Services (AWS) connectors to pull AWS service logs into Microsoft Sentinel. These connectors work by granting Microsoft Sentinel access to your AWS resource logs. Setting up the connector establishes a trust relationship between Amazon Web Services and Microsoft Sentinel. This is accomplished on AWS by creating a role that gives permission to Microsoft Sentinel to access your AWS logs.