AZ-801 Question #24: Real Exam Question with Answer & Explanation

Question

You have an Azure virtual machine named VM1 that runs Windows Server. You plan to deploy a new line-of-business (LOB) application to VM1. You need to ensure that the application can create child processes. What should you configure on VM1?

Options

• AMicrosoft Defender Credential Guard
• BMicrosoft Defender Application Control
• CMicrosoft Defender SmartScreen
• DExploit protection

Explanation

Exploit protection in Windows Server includes settings that control 'Child process creation,' which can be configured to allow or block child processes for specific applications or globally. This feature ensures that a line-of-business application can successfully create child processes if required for its functionality.

Common mistakes.

• A. Microsoft Defender Credential Guard protects NTLM password hashes and Kerberos Ticket Granting Tickets using virtualization-based security to prevent credential theft attacks, which is unrelated to allowing child process creation.
• B. Microsoft Defender Application Control (WDAC) is used to control which applications are allowed to run on a system based on customizable policies, but it does not specifically manage an allowed application's ability to create child processes.
• C. Microsoft Defender SmartScreen helps protect users from malicious websites and downloads by checking reputation, which has no bearing on an application's ability to create child processes.

Concept tested. Exploit protection child process control

Reference. learn.microsoft.com/microsoft-365/security/defender-endpoint/exploit-protection

No community discussion yet for this question.