Microsoft Cybersecurity Architect Expert SC-100
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
As a Microsoft Cybersecurity Architect, you are tasked with designing a solution for a healthcare organization that must comply with the Health Insurance Portability and Accountability Act (HIPAA) for processing protected health information (PHI). The solution must enforce security controls in the organization's Azure environment to ensure HIPAA compliance. Consider the following requirements: cost-effectiveness, scalability, and the ability to automatically remediate non-compliant resources. Which of the following approaches would BEST meet these requirements? (Choose one option)
Explanation:
Option B is the best approach because it leverages built-in Azure Policy initiatives to enforce HIPAA security rules comprehensively across the organization's resource groups. This method is cost-effective and scalable, as it utilizes Microsoft's pre-defined compliance standards. Integrating with Azure Monitor enhances the solution by providing alerts on non-compliance, ensuring timely remediation. While options A, C, and D address specific aspects of HIPAA compliance, they either lack automation (A), focus narrowly on network security (C), or prioritize remediation over comprehensive policy enforcement (D).