SC-100 Question #178: Real Exam Question with Answer & Explanation

Question

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled. The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019. You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application. Which security control should you recommend?

Options

• Aapp registrations in Azure AD
• BAzure AD Conditional Access App Control policies
• Capp discovery anomaly detection policies in Microsoft Defender for Cloud Apps
• Dadaptive application controls in Defender for Cloud

Explanation

Adaptive application controls in Defender for Cloud use machine learning to generate VM-specific allowlists and block unauthorized applications, satisfying the requirement for automatic blocking pending administrator approval.

Common mistakes.

• A. App registrations in Azure AD are used to configure OAuth 2.0/OIDC authentication for applications integrating with Azure AD and cannot restrict or block OS-level executable processes on a virtual machine.
• B. Azure AD Conditional Access App Control applies inline session policies for browser-based access to cloud applications and does not have the ability to block Win32 processes or installers running on Windows Server.
• C. App discovery anomaly detection in Defender for Cloud Apps monitors network-level cloud application traffic for anomalies but does not interact with or enforce application execution policies at the VM operating system level.

Concept tested. Adaptive application controls for VM allowlisting in Defender for Cloud

Reference. https://learn.microsoft.com/en-us/azure/defender-for-cloud/adaptive-application-controls

No community discussion yet for this question.