SC-100 Question #42: Real Exam Question with Answer & Explanation

Question

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report. In the Secure management ports controls, you discover that you have 0 out of a potential 8 points. You need to recommend configurations to increase the score of the Secure management ports controls. Solution: You recommend enabling adaptive network hardening. Does this meet the goal?

Options

• AYes
• BNo

Explanation

{"question_number": 4, "correct_answer": "B", "explanation": "The answer is No - the proposed solution does not meet the goal. The 'Secure management ports' control in Azure Security Benchmark V3 specifically measures whether virtual machines are protected against brute-force attacks on management ports (SSH port 22, RDP port 3389). The recommended control for this is Just-In-Time (JIT) VM access in Microsoft Defender for Cloud, which closes management ports by default and opens them only on authenticated, time-limited requests. Solutions that do not implement JIT VM access - such as simply enabling Defender plans or configuring NSG rules without JIT - will not satisfy the specific requirements of this control and will not increase the score.", "generated_by": "claude-sonnet", "llm_judge_score": 4}

No community discussion yet for this question.