ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 2 question 18 discussion

Actual exam question from Microsoft's SC-100
Question #: 18
Topic #: 2
[All SC-100 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You are evaluating the Azure Security Benchmark V3 report.
In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.
You need to recommend configurations to increase the score of the Secure management ports controls.
Solution: You recommend enabling adaptive network hardening.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Alex_Burlachenko at Aug. 30, 2022, 6:57 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
yf
Highly Voted 2 years, 8 months ago
Selected Answer: B
https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls lists "Adaptive network hardening" for "Restrict unauthorized network access" and not for "Secure management ports"
upvoted 37 times
Jacquesvz
2 years, 4 months ago
Agreed: only 3 controls you can implement for Management Ports = 1.) Internet facing vm's should be protected with NSG's 2.) Management ports should be closed on your vm's 3.) Management ports on VM's should be protected with JIT Logon to Defender for Cloud and have a look under "General/Recommendations".
upvoted 7 times
...
...
PlumpyTumbler
Highly Voted 2 years, 8 months ago
Selected Answer: A
Keep in mind the instructions "Some question sets might have more than one correct solution" and familiarize yourself with the Azure Security Benchmark V3 report. Two correct answers are JIT and Adaptive Network Hardening. JIT: https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-privileged-access#pa-2-avoid-standing-access-for-user-accounts-and-permissions Adaptive Network Hardening: https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-7-simplify-network-security-configuration
upvoted 10 times
Learing
2 years, 6 months ago
Correct about instructions, but adaptive network hardening is in different category: https://learn.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls#security-controls-and-their-recommendations
upvoted 6 times
Jacquesvz
2 years, 4 months ago
100%. Adaptive network hardening is to address "Restrict Unauthorized Network Access", and not management ports.
upvoted 2 times
...
...
...
emartiy
Most Recent 11 months ago
Selected Answer: B
To enhance the Secure management ports controls and increase your score, consider the following recommendations: Enable Just-In-Time (JIT) VM Access: JIT allows you to open management ports (like RDP and SSH) only when needed, reducing exposure. When a request is made, JIT dynamically opens the port for a specified time window, then closes it afterward1. Protect Internet-Facing Virtual Machines with Network Security Groups (NSGs): Restrict access to VMs by configuring NSGs to allow only necessary traffic. Avoid exposing VMs directly to the internet unless required (e.g., for specific use cases like development environments)1. Close Management Ports on Virtual Machines: Ensure that management ports (such as 3389 for RDP and 22 for SSH) are closed when not actively needed. Open them only during maintenance or management tasks
upvoted 1 times
...
Murtuza
1 year, 4 months ago
Selected Answer: B
You recommend enabling just-in-time (JIT) VM access on all virtual machines.
upvoted 1 times
...
Arjanussie
1 year, 5 months ago
adaptive network hardening is part of Restrict unauthorized network access NOT part of secure management port - just logon in your tenant and you will see
upvoted 1 times
...
cyber_sa
1 year, 7 months ago
Selected Answer: B
got this in exam 6oct23. passed with 896 marks. I answered B
upvoted 6 times
...
Ario
1 year, 10 months ago
this is very tricky question , Adaptive network hardening potentially can improve the security but require additional configuration and JIT is one of those , i would vote for B
upvoted 2 times
...
zellck
2 years ago
Selected Answer: B
B is the answer. https://learn.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls#security-controls-and-their-recommendations - Internet-facing virtual machines should be protected with network security groups - Management ports of virtual machines should be protected with just-in-time network access control - Management ports should be closed on your virtual machines
upvoted 2 times
...
WRITER00347
2 years ago
B. No Enabling adaptive network hardening in Microsoft Defender for Cloud can help improve the security posture of your network by providing recommendations for network security group (NSG) rules. However, it does not directly impact the score of the Secure management ports controls in the Azure Security Benchmark V3 report. To increase the score for the Secure management ports controls, you should focus on implementing recommendations specific to securing management ports, such as restricting access to management ports, enabling just-in-time VM access, and using Azure Bastion for secure access to your virtual machines.
upvoted 1 times
...
Ajdlfasudfo0
2 years, 3 months ago
Selected Answer: B
No, https://learn.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls#security-controls-and-their-recommendations "Secure management ports - Brute force attacks often target management ports. Use these recommendations to reduce your exposure with tools like just-in-time VM access and network security groups."
upvoted 1 times
...
ad77
2 years, 4 months ago
Selected Answer: B
Brute force attacks often target management ports. Use these recommendations to reduce your exposure with tools like just-in-time VM access and network security groups.
upvoted 1 times
...
Hullstar
2 years, 4 months ago
In my live environment it does not list and Adaptive Network Hardening is not there.
upvoted 2 times
...
TJ001
2 years, 4 months ago
JIT make sense when we talk about management ports I will stick with B
upvoted 2 times
...
examtopics_100
2 years, 4 months ago
No: Applicable remediations: Internet-facing virtual machines should be protected with network security groups - Management ports of virtual machines should be protected with just-in-time network access control - Management ports should be closed on your virtual machines
upvoted 4 times
...
sunilkms
2 years, 5 months ago
Selected Answer: B
The answer is clearly B the ask is to gain the potential 8 points which you will only get by doing the recommendation in the Secure management ports, whereas adaptive network hardening comes under "Restrict unauthorized network access" and potential max point you can gain is 4.
upvoted 3 times
...
hamshoo
2 years, 6 months ago
https://learn.microsoft.com/en-us/azure/defender-for-cloud/recommendations-reference
upvoted 1 times
...
dija123
2 years, 6 months ago
Selected Answer: B
Secure management ports : - Internet-facing virtual machines should be protected with network security groups - Management ports of virtual machines should be protected with just-in-time network access control - Management ports should be closed on your virtual machines
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel