Learn how to enforce security policies in Azure by automatically installing custom security extensions on new virtual machines and triggering remediation tasks for non-compliant instances. Improve your Azure security with this step-by-step guide.
Question
You have an Azure subscription.
You need to create and deploy an Azure policy that meets the following requirements:
- When a new virtual machine is deployed, automatically install a custom security extension.
- Trigger an autogenerated remediation task for non-compliant virtual machines to install the extension.
What should you include in the policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Definition effect:
- Append
- DeployIfNotExists
- EnforceOPAConstraint
- EnforceRegoPolicy
- Modify
Assignment remediation task:
- A managed identity that has the Contributor role
- A managed identity that has the User Access Administrator role
- A service principal that has the Contributor role
- A service principal that has the User Access Administrator role
Answer
Definition effect: DeployIfNotExists
Assignment remediation task: A managed identity that has the Contributor role
Reference
- Azure > Governance > Policy > Remediate non-compliant resources with Azure Policy
The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.
