SC-100 Question #345: Real Exam Question with Answer & Explanation

Question

You have an Azure subscription. You have an on-premises datacenter. The datacenter contains 20 servers that run Windows Server. Each server is onboarded to Azure Arc and is protected by using Microsoft Defender for Servers Plan 1. You have a Microsoft 365 subscription. You need to recommend a solution to identify which servers have outdated hardware drivers or firmware. What should you include in the recommendation?

Options

• AChange all the servers to Microsoft Defender for Servers Plan 2.
• BAdd the Microsoft Intune Suite add-on.
• COnboard all the servers to Azure Update Manager.
• DAdd Microsoft Defender Vulnerability Management add-ons.

Explanation

{"question_number": 1, "question": "You have an Azure subscription. You have an on-premises datacenter. The datacenter contains 20 servers that run Windows Server. Each server is onboarded to Azure Arc and is protected by using Microsoft Defender for Servers Plan 1. You have a Microsoft 365 subscription. You need to recommend a solution to identify which servers have outdated hardware drivers or firmware. What should you include in the recommendation?", "correct_answer": "D", "explanation": "The correct answer is D - Add Microsoft Defender Vulnerability Management add-ons.\n\nMicrosoft Defender Vulnerability Management (MDVM) includes a specific capability called Hardware and Firmware assessment, which inventories and identifies outdated or vulnerable hardware drivers and firmware across endpoints and servers. This is the only solution among the choices that directly addresses hardware driver and firmware visibility.\n\nWhy D is correct:\nDefender for Servers Plan 1 integrates with Microsoft Defender for Endpoint (MDE) Plan 1, but does NOT include the full MDVM feature set. The MDVM add-on can be purchased separately and layered on top of Plan 1 to unlock premium capabilities including: hardware/firmware assessments, driver vulnerability scanning, certificate assessments, and browser extension assessments. Since the servers are Azure Arc-enabled, MDVM can reach them just as it would cloud-native VMs.\n\nWhy the other options are wrong:\n- A (Switch to Plan 2): Plan 2 does include MDVM, but this approach requires a full plan upgrade across all 20 servers, which is more expensive than just adding the MDVM add-on. More importantly, the question asks for a targeted recommendation, and D is the precise solution for this specific need.\n- B (Microsoft Intune Suite add-on): Intune manages device compliance and can push some updates, but it is not designed for Arc-enabled on-premises Windows Server workloads and does not provide hardware/firmware vulnerability assessment reporting.\n- C (Azure Update Manager): Azure Update Manager handles OS-level patch management (Windows Updates, hotfixes). It does not assess or report on hardware drivers or firmware versions - it operates at the OS patch level, not the hardware layer.\n\nKey concept: MDVM's hardware and firmware assessment is the purpose-built feature for identifying outdated drivers and firmware, and the MDVM add-on is the most targeted and cost-efficient way to add this capability without upgrading the entire Defender for Servers plan.", "generated_by": "claude-sonnet", "llm_judge_score": 3}

No community discussion yet for this question.