SC-100 Question #256: Real Exam Question with Answer & Explanation

Question

You have an Azure subscription. You plan to deploy Azure App Services apps by using Azure DevOps. You need to recommend a solution to ensure that deployed apps maintain compliance with Microsoft cloud security benchmark (MCSB) recommendations. What should you include in the recommendation?

Options

• ADevOps security in Microsoft Defender for Cloud
• BMicrosoft Defender for App Service
• CAzure Policy
• Da branch policy in Azure DevOps

Explanation

{"question_number": 9, "correct_answer": "C", "explanation": "Azure Policy is the correct tool for ensuring deployed Azure App Services apps remain compliant with Microsoft Cloud Security Benchmark (MCSB) recommendations throughout their lifecycle. Azure Policy has built-in policy initiatives specifically mapped to the MCSB that can audit, enforce, and remediate non-compliant App Service configurations (e.g., HTTPS-only, TLS version, managed identity, diagnostic settings). Because these policies evaluate resources continuously and can be applied to the subscription or resource group, they ensure compliance is maintained even after initial deployment via Azure DevOps. DevOps security in Defender for Cloud (A) scans DevOps pipelines and code repositories for security issues but does not enforce post-deployment MCSB configuration compliance. Defender for App Service (B) provides runtime threat protection and anomaly detection, not configuration compliance enforcement. A branch policy in Azure DevOps (D) controls code review and PR requirements but has no visibility into deployed Azure resource configurations.", "generated_by": "claude-sonnet", "llm_judge_score": 4}

No community discussion yet for this question.