Exam SC-200 All Questions

View all questions & answers for the SC-200 exam

Exam SC-200 topic 2 question 2 discussion

Actual exam question from Microsoft's SC-200

Question #: 2
Topic #: 2

You receive an alert from Azure Defender for Key Vault.
You discover that the alert is generated from multiple suspicious IP addresses.
You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must minimize the impact on legitimate users.
What should you do first?

A. Modify the access control settings for the key vault.
B. Enable the Key Vault firewall.
C. Create an application security group.
D. Modify the access policy for the key vault.

Show Suggested Answer

Suggested Answer: B 🗳️

by teehex at May 21, 2021, 2:31 p.m.

Comments

Submit Cancel

teehex

Highly Voted 4 years ago

The given answer is correct. You create firewall rules and adds trusted range to ensure Key Vault can only be accessed from those trusted IP addresses while you are doing investigation.

upvoted 29 times

ture

3 years, 9 months ago

Yes! It makes sense. Good strategy

upvoted 2 times

...

ubt

2 years, 7 months ago

Shouldn't the firewall already be turned on? There fore why would a solution be to Turn the Firewall on??? This can't be the correct answer

upvoted 2 times

daiablo

2 years ago

By default the network configuration allows access from all networks. "Turned on" is possibly not the correct phrasing, but you should configure to only allow from a list and specify the IPs/CIDR ranges

upvoted 2 times

...

AnonymousJhb

3 years, 1 month ago

Think of access policies as management of users / accounts with their restrictive permissions. Think of the firewall as managment of networks, cidrs, ips based type resources.

upvoted 7 times

...

cw3364903

Highly Voted 2 years, 10 months ago

Selected Answer: B

B is the best answer possible here...why was the firewall not on in the first place ha!

upvoted 9 times

uday1985

2 years ago

was the firewall configured to allow specific IPs to access the Vault? dont think so! Firewalls are enabled by default! but when it was configured to prevent access from specific IPs

upvoted 1 times

...

Nikki0222

Most Recent 7 months ago

B correct

upvoted 1 times

...

chepeerick

1 year, 7 months ago

correct

upvoted 1 times

...

danb67

1 year, 7 months ago

By default, when you create a new key vault, the Azure Key Vault firewall is disabled. All applications and Azure services can access the key vault and send requests to the key vault. So answer is correct.

upvoted 1 times

...

jamclash

1 year, 8 months ago

in exam 9/20/23

upvoted 2 times

...

tatendazw

1 year, 11 months ago

Correct https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-key-vault-introduction#step-2-respond-accordingly

upvoted 1 times

...

RobertDuval

2 years, 1 month ago

In Exam today (21 April 2023)

upvoted 4 times

...

Metasploit

2 years, 7 months ago

Selected Answer: B

According to reference the answer is correct: B Enable Key Vault Firewall. If the traffic came from an unrecognized IP Address: Enable the Azure Key Vault firewall as described in Configure Azure Key Vault firewalls and virtual networks. Configure the firewall with trusted resources and virtual networks. If the source of the alert was an unauthorized application or suspicious user: Open the key vault's access policy settings. Remove the corresponding security principal, or restrict the operations the security principal can perform. If the source of the alert has an Azure Active Directory role in your tenant: Contact your administrator. Determine whether there's a need to reduce or revoke Azure Active Directory permissions.

upvoted 4 times

...