AZ-500 · Question #586
AZ-500 Question #586: Real Exam Question with Answer & Explanation
The correct answer is B: an AWS CloudFormation stack. To integrate an Amazon Web Services (AWS) account with Microsoft Defender for Cloud, you can leverage Infrastructure as Code (IaC) solutions to deploy the necessary permissions within AWS.
Question
You have an Azure subscription and an Amazon Web Services (AWS) account named AWS1. You need to add AWS1 to Microsoft Defender for Cloud. Which two deployment methods can you use to configure Defender for Cloud access for AWS1? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Options
- AAws systems Manager Automation
- Ban AWS CloudFormation stack
- Can azure deployment stack
- Dan Azure Resource Manager (ARM) template
- Ea Terraform template
Explanation
To integrate an Amazon Web Services (AWS) account with Microsoft Defender for Cloud, you can leverage Infrastructure as Code (IaC) solutions to deploy the necessary permissions within AWS.
Common mistakes.
- A. AWS Systems Manager Automation is used for automating operational tasks within an AWS account and is not a direct deployment method for configuring cross-cloud access for an Azure service like Defender for Cloud.
- C. An Azure deployment stack is an Azure-native feature for managing Azure resources and their lifecycle, not for configuring access or deploying resources within a separate AWS account.
- D. An Azure Resource Manager (ARM) template is used for deploying and managing Azure resources, and it cannot directly deploy or configure resources like IAM roles within an AWS account.
Concept tested. Integrating AWS accounts with Defender for Cloud using IaC
Reference. https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-connect-aws
Community Discussion
No community discussion yet for this question.