Microsoft Cybersecurity Architect Expert SC-100
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
As a Microsoft Cybersecurity Architect, you are tasked with designing a solution for a healthcare organization that must comply with the Health Insurance Portability and Accountability Act (HIPAA) for processing protected health information (PHI). The solution must enforce security controls in the organization's Azure environment to ensure HIPAA compliance. Consider the following requirements: cost-effectiveness, scalability, and the ability to automatically remediate non-compliant resources. Which of the following approaches would BEST meet these requirements? (Choose one option)
A
Implement custom Azure Policy definitions to enforce encryption for PHI stored in Azure SQL Database and Azure Storage, and manually review compliance reports.
B
Assign built-in Azure Policy initiatives to the organization's resource groups to enforce HIPAA security rules, such as access control and audit logging, and integrate with Azure Monitor for alerts on non-compliance.
C
Deploy Azure Virtual Networks for all services processing PHI to ensure secure communication, and use Azure Security Center for vulnerability assessments.
D
Configure Azure Policy to automatically remediate non-compliant resources and use Azure Security Center for continuous monitoring and compliance reporting.