Microsoft Cybersecurity Architect Expert SC-100

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Assign built-in Azure Policy initiatives to the organization's resource groups to enforce HIPAA security rules, such as access control and audit logging, and integrate with Azure Monitor for alerts on non-compliance.

Option B is the best approach because it leverages built-in Azure Policy initiatives to enforce HIPAA security rules comprehensively across the organization's resource groups. This method is cost-effective and scalable, as it utilizes Microsoft's pre-defined compliance standards. Integrating with Azure Monitor enhances the solution by providing alerts on non-compliance, ensuring timely remediation. While options A, C, and D address specific aspects of HIPAA compliance, they either lack automation (A), focus narrowly on network security (C), or prioritize remediation over comprehensive policy enforcement (D).

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

As a Microsoft Cybersecurity Architect, you are tasked with designing a solution for a healthcare organization that must comply with the Health Insurance Portability and Accountability Act (HIPAA) for processing protected health information (PHI). The solution must enforce security controls in the organization's Azure environment to ensure HIPAA compliance. Consider the following requirements: cost-effectiveness, scalability, and the ability to automatically remediate non-compliant resources. Which of the following approaches would BEST meet these requirements? (Choose one option)

Simulated

Implement custom Azure Policy definitions to enforce encryption for PHI stored in Azure SQL Database and Azure Storage, and manually review compliance reports.

0.0%

Assign built-in Azure Policy initiatives to the organization's resource groups to enforce HIPAA security rules, such as access control and audit logging, and integrate with Azure Monitor for alerts on non-compliance.

100.0%

Deploy Azure Virtual Networks for all services processing PHI to ensure secure communication, and use Azure Security Center for vulnerability assessments.

Configure Azure Policy to automatically remediate non-compliant resources and use Azure Security Center for continuous monitoring and compliance reporting.