As a Microsoft Cybersecurity Architect, you are designing a solution for a healthcare organization that must comply with the Health Information Technology for Economic and Clinical Health (HITECH) Act. The organization processes electronic protected health information (ePHI) in Azure. You need to ensure the solution enforces security and privacy controls effectively. Which of the following approaches provides the BEST solution by integrating Azure Policy with other Azure services for real-time monitoring, alerting, and remediation of security and privacy issues related to ePHI? (Choose one option)

Simulated

Implement custom Azure Policy definitions to enforce specific security configurations for Azure services processing ePHI, focusing on encryption, network security, and access controls without integrating with other Azure services.

0.0%

Assign built-in Azure Policy initiatives to resource groups to ensure compliance with standards like HIPAA, but do not integrate with Azure Monitor or Azure Security Center for real-time capabilities.

50.0%

Use Azure Policy solely for auditing and reporting on data processing activities to demonstrate compliance with HITECH Act requirements, without enabling real-time monitoring or remediation.

0.0%

Integrate Azure Policy with Azure Monitor and Azure Security Center to enable comprehensive real-time monitoring, alerting, and automated remediation of security and privacy issues related to ePHI.

50.0%

Microsoft Cybersecurity Architect Expert SC-100

Comments

Get started today