SC-100 Question #79: Real Exam Question with Answer & Explanation

Question

Your company has a hybrid cloud infrastructure. Data and applications are moved regularly between cloud environments. The company's on-premises network is managed as shown in the following exhibit. You are designing security operations to support the hybrid cloud infrastructure. The solution must meet the following requirements: - Govern virtual machines and servers across multiple environments. - Enforce standards for all the resources across all the environments by using Azure Policy. Which two components should you recommend for the on-premises network? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Options

• AAzure VPN Gateway
• Bguest configuration in Azure Policy
• Con-premises data gateway
• DAzure Bastion
• EAzure Arc

Explanation

{"question_number": 7, "correct_answer": "B, E", "explanation": "Azure Arc (E) is essential for extending Azure management capabilities to on-premises servers and VMs. It registers non-Azure machines with Azure Resource Manager, enabling them to be governed like native Azure resources. Azure Policy guest configuration (B) - now called Azure Policy machine configuration - works in tandem with Azure Arc to audit and enforce configuration settings (security baselines, OS settings) on Arc-enabled on-premises servers. Together, these two components satisfy both requirements: Arc enables cross-environment governance and Policy enforcement on non-Azure machines. Azure VPN Gateway (A) provides network connectivity, not governance. On-premises data gateway (C) is used for Power BI and Logic Apps data connectivity. Azure Bastion (D) provides secure RDP/SSH access but does not contribute to policy enforcement or standards governance.", "generated_by": "claude-sonnet", "llm_judge_score": 4}

No community discussion yet for this question.