ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 2 question 5 discussion

Actual exam question from Microsoft's SC-100
Question #: 5
Topic #: 2
[All SC-100 Questions]

You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You have an Amazon Web Services (AWS) implementation.
You plan to extend the Azure security strategy to the AWS implementation. The solution will NOT use Azure Arc.
Which three services can you use to provide security for the AWS resources? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Microsoft Defender for Containers
  • B. Microsoft Defender for servers
  • C. Azure Active Directory (Azure AD) Conditional Access
  • D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
  • E. Azure Policy
Show Suggested Answer Hide Answer
Suggested Answer: ACD 🗳️
by Alex_Burlachenko at Aug. 30, 2022, 6:42 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
zts
Highly Voted 2 years, 8 months ago
Selected Answer: ACE
I would go for ACE. That being said, this link covers Azure Policy Extension in hardening Kubernetes data plane. https://docs.microsoft.com/en-us/azure/defender-for-cloud/supported-machines-endpoint-solutions-clouds-containers?tabs=aws-eks
upvoted 23 times
[Removed]
2 years, 8 months ago
Not B (servers require Arc). Not D: PIM is more of the kind nice-to-have.
upvoted 2 times
Fal991l
2 years, 1 month ago
No, Microsoft Defender for servers does not require Azure Arc to extend protection to hybrid cloud workloads, including servers running on AWS. Azure Arc is a separate Azure service that enables you to manage servers, Kubernetes clusters, and applications on-premises, at the edge, and in multi-cloud environments from a single control plane. It provides a centralized management experience and enables you to apply policies, update servers, and deploy applications across your hybrid cloud environment. However, if you want to use Azure Arc to manage your servers running on AWS, you can do so by using the Azure Arc enabled servers feature. This feature allows you to onboard your AWS instances to Azure Arc and manage them through the Azure portal or Azure APIs. In this case, you can also use Microsoft Defender for servers to extend protection to those AWS instances.
upvoted 3 times
Gagi79
4 days, 9 hours ago
Not true. Here are prerequisites for using Defender to p[protect VMs on AWS - https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws#defender-for-servers
upvoted 1 times
...
wsrudmen
1 year, 2 months ago
False, it's required: https://learn.microsoft.com/fr-fr/azure/defender-for-cloud/plan-defender-for-servers
upvoted 4 times
...
...
mynk29
2 years, 3 months ago
PIM is privilege identity management.. I wouldn’t say its nice to have..its a must
upvoted 3 times
Raven84
1 year, 4 months ago
its only a security feature if you use 4-eyes principle. JIT access is no security feature if u can give roles by urself
upvoted 1 times
...
jasscomp
1 year, 7 months ago
Yes, it's a must for protecting identity but not the answer for this requirement.
upvoted 2 times
...
...
...
...
Jajee
Highly Voted 2 years, 3 months ago
E can not be an answer, because in-order to apply Azure Policy on AWS based resources, you must need to use Azure Arc, which can not be the case based on requirements. So, ACD can be the possible answers.
upvoted 17 times
...
424ede1
Most Recent 1 month, 2 weeks ago
Selected Answer: ACD
DFC supports containers and servers for AWS, but Defender for Servers requires Arc Conditional access and PIM are supported as part of IAM for the authentication process. https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws
upvoted 2 times
...
Ali96
2 months, 2 weeks ago
Selected Answer: ACE
A. Microsoft Defender for Containers C. Azure Active Directory (Azure AD) Conditional Access E. Azure Policy
upvoted 1 times
...
lam_15
2 months, 3 weeks ago
Selected Answer: ABE
A. Microsoft Defender for Containers B. Microsoft Defender for servers E. Azure Policy
upvoted 2 times
...
sweetykaur
3 months ago
Selected Answer: ABE
To provide security for the AWS resources while extending your Azure security strategy, you can use the following three services: A. Microsoft Defender for Containers: Provides security monitoring for containerized environments, including those hosted on AWS. B. Microsoft Defender for servers: Provides advanced threat protection for servers, whether they are hosted on Azure, AWS, or on-premises. E. Azure Policy: Helps manage and enforce compliance by creating and applying policies across your resources, including those in AWS. These services ensure a comprehensive security approach that extends to your AWS implementation.
upvoted 2 times
...
zpack
3 months ago
Selected Answer: ACD
DfS can be onboarded using MDE, there's a feature called direct onboarding, although experience will be limited. Will go to ACD as don't think the question is with feature in mind.
upvoted 1 times
...
Jawa
3 months, 4 weeks ago
Selected Answer: ACD
ACD is the answer
upvoted 2 times
...
jvallespin
9 months, 2 weeks ago
Selected Answer: ACD
ACD - Without Arc, you cannot onboard VMs from AWS to Defender for cloud for servers so you cannot use it for increase security. Without Arc, you cannot apply Azure Policies to any AWS resources (With Arc only to EC2 Instances). PIM and Conditional Access are linked, if you assume that you can use one (because of AWS SSO integration), the other one as well. Defender for containers can be used without Arc to onboard the EKS Clusters.
upvoted 2 times
...
crutester
10 months ago
Selected Answer: ACD
from ChatGPT No, Azure Policy cannot directly manage or enforce policies on AWS resources without Azure Arc. Azure Policy is designed to work natively within the Azure ecosystem, and to extend its governance capabilities to other cloud environments like AWS, Azure Arc is required. How Azure Policy Works with Azure Arc: Azure Arc for Servers: By connecting your AWS virtual machines to Azure Arc, they become Azure resources. You can then apply Azure Policy to these AWS VMs as if they were native Azure VMs. Azure Arc for Kubernetes: Similarly, you can connect your Kubernetes clusters running on AWS to Azure Arc. This allows you to apply Azure Policy to manage and enforce compliance on these Kubernetes clusters. Azure Arc for Data Services: This allows managing SQL Servers and other data services running on AWS using Azure Policy through Azure Arc.
upvoted 2 times
...
bxlin
11 months, 2 weeks ago
Selected Answer: ACD
Microsoft Defender for Server: requires Arc in AWS Azure Policy for Kubernetes: requires Arc in AWS
upvoted 4 times
...
JHJ44
1 year ago
Selected Answer: ABC
Microsoft Defender for Containers (Option A): This service provides runtime protection for containers, including threat detection, vulnerability assessment, and security recommendations. It helps secure containerized workloads running in AWS by identifying and mitigating risks. Microsoft Defender for Servers (Option B): This service offers endpoint protection for servers, including real-time threat detection, behavioral analysis, and automated response. By deploying it to your AWS instances, you can monitor and protect against malicious activities. Azure Active Directory (Azure AD) Conditional Access (Option C): Azure AD Conditional Access allows you to define policies that control access to your AWS resources based on conditions such as user location, device health, and risk level. You can enforce multi-factor authentication (MFA) or restr
upvoted 3 times
...
PierreTang
1 year, 2 months ago
Selected Answer: ACD
E Kubernetes data plane hardening, but based on doc, "To deploy the Azure Policy for Kubernetes to specified clusters: From the recommendations page, search for the relevant recommendation: .... AWS and On-premises - "Azure Arc-enabled Kubernetes clusters should have the Azure policy extension for Kubernetes extension installed"." https://learn.microsoft.com/en-us/azure/defender-for-cloud/kubernetes-workload-protections#deploy-azure-policy-for-kubernetes-on-existing-clusters
upvoted 2 times
...
Jonny_Cage
1 year, 3 months ago
For designing security for Azure landing zones and looking to implement preventive controls to increase the secure score, the two options that would be most relevant are: A. Azure Web Application Firewall (WAF) - It provides centralized protection of your web applications from common exploits and vulnerabilities. B. Azure Active Directory (Azure AD) Privileged Identity Management (PIM) - It manages, controls, and monitors access within Azure AD, Azure, and other Microsoft Online Services.
upvoted 1 times
...
Jonny_Cage
1 year, 3 months ago
For extending Azure security strategies to AWS resources without using Azure Arc, the three services you can use are: B. Microsoft Defender for servers C. Azure Active Directory (Azure AD) Conditional Access D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
upvoted 2 times
Jonny_Cage
1 year, 3 months ago
These services can provide security for AWS resources by offering protection for servers (Defender), managing access based on conditions (Conditional Access), and controlling and monitoring privileged access (PIM).
upvoted 2 times
...
...
Cleggs
1 year, 3 months ago
Selected Answer: ACD
MDS and Azure Policy both require arc.
upvoted 2 times
joshuactz
1 year, 2 months ago
No, Defender for Servers can work by just installing the Log analytics Agent - Azure Arc is not necessary. So imo the answer is BCD.
upvoted 2 times
...
...
ayadmawla
1 year, 4 months ago
Selected Answer: ACE
ACE seems right as per the following: https://learn.microsoft.com/en-us/defender-cloud-apps/protect-aws Policy / Sign-in / containers
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago