Learn how to boost your security posture in Microsoft Defender for Cloud by implementing the right controls to restrict unauthorized network access and enable endpoint protection. Discover best practices to improve your secure score.
Table of Contents
Question
You open Microsoft Defender for Cloud as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
To increase the score for the Restrict unauthorized network access control, implement ________ .
- Azure Active Directory (Azure AD) Conditional Access policies
- Azure Web Application Firewall (WAF)
- network security groups (NSGs)
To increase the score for the Enable endpoint protection control, implement __________ .
- Microsoft Defender for Resource Manager
- Microsoft Defender for servers
- private endpoints
Answer
To increase the score for the Restrict unauthorized network access control, implement network security groups (NSGs).
.To increase the score for the Enable endpoint protection control, implement Microsoft Defender for servers .
Explanation
To increase the score for the “Restrict unauthorized network access” control, implement network security groups (NSGs).
Explanation: NSGs allow you to filter network traffic to and from Azure resources in a virtual network. You can define inbound and outbound security rules to allow or deny traffic based on factors like source and destination IP address, port, and protocol. Properly configured NSGs restrict unauthorized access to your virtual networks and subnets. Azure AD Conditional Access and WAF operate at higher levels than the network layer.
To increase the score for the “Enable endpoint protection” control, implement Microsoft Defender for servers.
Explanation: Microsoft Defender for servers provides threat detection and advanced defenses for your Windows and Linux machines. It integrates with Microsoft Defender for Cloud to monitor your servers for potential threats and vulnerabilities. Enabling Defender for servers ensures your endpoints have the latest antimalware protection. Microsoft Defender for Resource Manager governs access to management operations, while private endpoints are used for private access to Azure PaaS services, so those are not applicable to endpoint protection.
In summary, to improve those two security control scores in Microsoft Defender for Cloud, use NSGs to restrict unauthorized network access, and enable Microsoft Defender for servers to strengthen your endpoint protection. Taking these actions will boost your overall secure score and security posture.
Microsoft SC-100 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft SC-100 exam and earn Microsoft SC-100 certification.