Learn how to enforce security policies in Azure by automatically installing custom security extensions on new virtual machines and triggering remediation tasks for non-compliant instances. Improve your Azure security with this step-by-step guide.
Question
You have an Azure subscription.
You need to create and deploy an Azure policy that meets the following requirements:
- When a new virtual machine is deployed, automatically install a custom security extension.
- Trigger an autogenerated remediation task for non-compliant virtual machines to install the extension.
What should you include in the policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Definition effect:
- Append
- DeployIfNotExists
- EnforceOPAConstraint
- EnforceRegoPolicy
- Modify
Assignment remediation task:
- A managed identity that has the Contributor role
- A managed identity that has the User Access Administrator role
- A service principal that has the Contributor role
- A service principal that has the User Access Administrator role
Answer
Definition effect: DeployIfNotExists
Assignment remediation task: A managed identity that has the Contributor role
Microsoft Certified Azure Security Engineer Associate AZ-500 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft Certified Azure Security Engineer Associate AZ-500 exam and earn Microsoft Certified Azure Security Engineer Associate AZ-500 certification.