ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 5 question 4 discussion

Actual exam question from Microsoft's SC-200
Question #: 4
Topic #: 5
[All SC-200 Questions]

HOTSPOT
-

You have an Azure DevOps organization that contains an Azure Repos repository named Repo1 and is onboarded to Microsoft Defender for DevOps.

You create infrastructure as code (IaC) files and store them in Repo1. The IaC files are formatted as Bicep files and Helm charts.

You need to configure Defender for DevOps to identify misconfigurations in the IaC files.

Which scanning tool should you use for each type of files? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by renrenren at March 8, 2024, 7:07 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
certinfra
Highly Voted 1 year, 5 months ago
Correct https://learn.microsoft.com/en-us/azure/defender-for-cloud/iac-vulnerabilities#view-details-and-remediation-information-for-applied-iac-rules
upvoted 5 times
...
sapphire
Most Recent 9 months, 1 week ago
Correct Template Analyzer runs rules on Azure Resource Manager templates (ARM templates) and Bicep templates. Terrascan runs rules on ARM templates and templates for CloudFormation, Docker, Helm, Kubernetes, Kustomize, and Terraform. Chekov runs rules on ARM templates and templates for CloudFormation, Docker, Helm, Kubernetes, Kustomize, and Terraform. https://learn.microsoft.com/en-us/azure/defender-for-cloud/iac-vulnerabilities#view-details-and-remediation-information-for-applied-iac-rules
upvoted 3 times
...
g_man_rap
1 year ago
Bicep files: Bicep is a domain-specific language (DSL) for deploying Azure resources declaratively. It simplifies the authoring experience of ARM (Azure Resource Manager) templates. Template Analyzer is specifically designed to analyze ARM templates for potential issues and best practices. Since Bicep files transpile to ARM templates, the Template Analyzer is the appropriate tool to use for Bicep files. Helm charts: Helm is a package manager for Kubernetes that helps you define, install, and upgrade Kubernetes applications. Terrascan is a security-focused tool that helps to identify security issues in Infrastructure as Code (IaC) across various platforms, including Kubernetes, which makes it suitable for scanning Helm charts.
upvoted 3 times
...
smanzana
1 year ago
Correct
upvoted 2 times
...
renrenren
1 year, 5 months ago
I think correct. https://github.com/Azure/template-analyzer https://runterrascan.io/docs/usage/command_line_mode/#scanning-a-helm-chart
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel