ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 4 question 82 discussion

Actual exam question from Microsoft's AZ-500
Question #: 82
Topic #: 4
[All AZ-500 Questions]

You have the Azure resources shown in the following table.

You need to meet the following requirements:
✑ Internet-facing virtual machines must be protected by using network security groups (NSGs).
✑ All the virtual machines must have disk encryption enabled.
What is the minimum number of security policies that you should create in Microsoft Defender for Cloud?

  • A. 1
  • B. 2
  • C. 3
  • D. 4
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by charlesr1700 at Sept. 8, 2022, 9:10 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Jimmy500
9 months, 1 week ago
Hi guys , I think here answer should be one. In the condition it asks how many security policies that you should create in defender for cloud. If you guys go to defender for cloud->Environment Settings->Security Policies and press on create we can see we can add inside one Security Policy of Defender for cloud multiple policies. Here we need to add 2 different policy inside one Security Policy of Defender for Cloud. That is why I would go with A - one. BR
upvoted 2 times
Hot_156
2 months, 1 week ago
It is hard to tell because 1 would oversimplify and reduce flexibility for future scales but it is true that 1 could be the option as well! I hope they can be more precise in the exam
upvoted 1 times
...
...
ITFranz
10 months, 2 weeks ago
VM1 is attached to RG1, and RG1 is attached to subscription 1 VM2 is attached to RG2, and RG2 is attached to subscription 1 NSGs can only be applied at the subnet or VM level. the question is poorly posed or is missing info ? https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
upvoted 1 times
xRiot007
9 months ago
The question is ok. You can apply policies at the upper levels, like the sub or MG. In this case, we need 2 policies at the sub level
upvoted 2 times
...
...
Strive_for_greatness_kc
1 year, 3 months ago
C.2 One policy for Disk Encryption applied at the sub level One policy apply at the level for the VMs
upvoted 2 times
...
wardy1983
1 year, 5 months ago
just apply it to the scope to the subscription or management group
upvoted 1 times
...
TheProfessor
1 year, 6 months ago
Selected Answer: B
Why 3 is the answer?
upvoted 1 times
...
heatfan900
1 year, 8 months ago
They are saying to filter traffic out via NSG. NSGs can only be applied at the subnet or VM level. In this example there are no subnets listed so the there will be to be rule set against each vnic of each VM. Those two policies along with the disk encryption policy give a total of 3.
upvoted 2 times
ITFranz
1 year, 5 months ago
A resource can only exist in a single Resource Group which means a single Virtual Network cannot be added to multiple Resource Groups but it does not need to be.
upvoted 1 times
...
...
ServerBrain
1 year, 10 months ago
Selected Answer: B
The explanation in the answer is indicating 2 policies, why then 3 is the suggested answer..
upvoted 2 times
...
zellck
1 year, 11 months ago
Selected Answer: B
B is the answer. https://learn.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept#what-is-a-security-policy An Azure Policy definition, created in Azure Policy, is a rule about specific security conditions that you want controlled. Built in definitions include things like controlling what type of resources can be deployed or enforcing the use of tags on all resources. You can also create your own custom policy definitions.
upvoted 4 times
zellck
1 year, 11 months ago
https://learn.microsoft.com/en-us/azure/governance/policy/overview#overview Azure Policy evaluates resources and actions in Azure by comparing the properties of those resources to business rules. These business rules, described in JSON format, are known as policy definitions. To simplify management, several business rules can be grouped together to form a policy initiative (sometimes called a policySet). Once your business rules have been formed, the policy definition or initiative is assigned to any scope of resources that Azure supports, such as management groups, subscriptions, resource groups, or individual resources.
upvoted 2 times
...
...
majstor86
2 years, 1 month ago
Selected Answer: B
B: 2 security policies
upvoted 3 times
...
AAAAAks
2 years, 2 months ago
why question says to create policy in "Defender for cloud" ?
upvoted 1 times
chikorita
2 years, 2 months ago
haha.......weird
upvoted 1 times
...
zellck
1 year, 11 months ago
https://learn.microsoft.com/en-us/azure/defender-for-cloud/tutorial-security-policy You can edit Azure security policies through Defender for Cloud, Azure Policy, via REST API or using PowerShell.
upvoted 1 times
...
...
LazLol74
2 years, 5 months ago
Selected Answer: B
"B" for sure
upvoted 1 times
...
Diodx
2 years, 5 months ago
Selected Answer: B
I'd Say B
upvoted 1 times
...
wsrudmen
2 years, 6 months ago
Selected Answer: B
B correct answer
upvoted 1 times
...
chamka
2 years, 6 months ago
Selected Answer: B
Minimum security policy required should be 2 only.
upvoted 1 times
...
Kelly8023
2 years, 6 months ago
Vote B
upvoted 1 times
...
Mea988
2 years, 7 months ago
Selected Answer: B
B, just apply it to the scope to the subscription or management group
upvoted 3 times
...
kerberos999
2 years, 7 months ago
Why I should need a policy for each VM? They're in the same scope (Management1) I would say that right answer is B
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago