Microsoft Cybersecurity Architect Expert SC-100
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
As a Microsoft Cybersecurity Architect, you are designing a comprehensive security and compliance strategy for a cloud-native application hosted on Azure. The application leverages Azure Kubernetes Service (AKS) for container orchestration, Azure SQL Database for data storage, and Azure Storage for blob data. Your strategy must enforce security and compliance controls across these services, ensuring adherence to the Center for Internet Security (CIS) Azure Foundations benchmark. Additionally, the solution must provide real-time monitoring, alerting, and remediation capabilities to address any compliance deviations promptly. Which of the following approaches BEST meets these requirements? (Choose one option)
A
Develop custom Azure Policy definitions tailored specifically for AKS, Azure SQL Database, and Azure Storage to enforce encryption, network security configurations, and access controls, without integrating with any monitoring tools.
B
Assign built-in Azure Policy initiatives focused on compliance with the CIS Azure Foundations benchmark to the application's resource group, but do not implement any real-time monitoring or alerting mechanisms.
C
Utilize Azure Policy solely for auditing and reporting purposes to track compliance status over time, without enabling any automatic remediation or real-time alerting features.
D
Integrate Azure Policy with Azure Monitor and Azure Security Center to not only enforce compliance with the CIS Azure Foundations benchmark but also to enable real-time monitoring, alerting, and automated remediation of any security or compliance issues.