SC-100 Question #315: Real Exam Question with Answer & Explanation

Question

You have an Azure subscription. The subscription contains 200 virtual machines that run Windows Server 2022 and are protected by using Microsoft Defender for Servers Plan 1. You have an Amazon Web Services (AWS) subscription. To the AWS subscription, you plan to deploy 100 virtual machines that run Windows Server 2022. You need to recommend which agent to deploy to the virtual machines in the AWS subscription. The solution must meet the following requirements: - Provide consistent workload protection across all cloud platforms. - Minimize the number of agents deployed to each virtual machine. What should you recommend?

Options

• Athe log Analytics agent
• Bthe Azure Connected Machine agent
• Cthe Microsoft Defender for Endpoint agent
• Dthe Azure Monitor Agent

Explanation

{"question_number": 1, "correct_answer": "B", "explanation": "The Azure Connected Machine agent (Azure Arc agent) is the correct choice because it onboards non-Azure machines - such as AWS VMs - into Azure Arc, making them 'Arc-enabled servers.' Once onboarded via this single agent, Microsoft Defender for Servers Plan 1 can protect them with the same policies already applied to the Azure VMs, satisfying the 'consistent workload protection across all cloud platforms' requirement. It also minimizes the number of agents per machine because one Arc agent provides the necessary management and security plane connectivity, rather than deploying separate monitoring and security agents independently. Option A (Log Analytics agent) is legacy and being deprecated. Option C (MDE agent) handles endpoint detection but does not provide the multi-cloud Arc connectivity required for consistent Defender for Servers coverage. Option D (Azure Monitor Agent) is a telemetry/logging agent and does not fulfill the security workload protection requirement.", "generated_by": "claude-sonnet", "llm_judge_score": 4}

No community discussion yet for this question.