CSCP Exam QuestionsBrowse all questions from this exam
Go to Exam

CSCP Exam - Question 36

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.

The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.

You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.

Which security control should you recommend?

Show Answer
Correct Answer: A

Adaptive application controls in Defender for Cloud help to specify which applications are authorized to run on your virtual machines, effectively creating a whitelist. This ensures that only authorized applications can run, while any unauthorized applications attempting to run are flagged, which can then be reviewed and authorized by an administrator. This control provides security by monitoring and limiting what software can be executed, aligning with the needed requirement to block unauthorized applications automatically until they are approved.

Discussion

11 comments
Sign in to comment
purek77
Jan 10, 2023

Actually there seems no correct answer here. Requirement is clear "the application must be blocked automatically until an administrator authorizes the application", but looking at Adaptative Application controls details: No enforcement options are currently available. Adaptive application controls are intended to provide security alerts if any application runs other than the ones you've defined as safe. Source - https://learn.microsoft.com/en-us/azure/defender-for-cloud/adaptive-application-controls#are-there-any-options-to-enforce-the-application-controls

nieprotetkniteeetr
Jan 15, 2023

The best of this is A.

Aunehwet79
Jan 30, 2023

Agree none of these are fully correct - this question appears three times in this questions list and the other comments refer to A as the best as well

Ramye
Jan 12, 2024

yes - same questions - 5x actually Question#23 Under Topic 2 Question#46 Under Topic 2 Question#1 Under Topic 4 Question#26 under Topic 4

Ramye
Jan 12, 2024

yes - same questions - 5x actually Question#23 Under Topic 2 Question#46 Under Topic 2 Question#1 Under Topic 4 Question#26 under Topic 4

GuruleeOption: A
Mar 13, 2023

Although none of the options can block the app, A is the best choice. The correct solution should be Windows Defender Application Control and AppLocker.

zellckOption: A
May 14, 2023

A is the answer. https://learn.microsoft.com/en-us/azure/defender-for-cloud/adaptive-application-controls Adaptive application controls are an intelligent and automated solution for defining allowlists of known-safe applications for your machines. Often, organizations have collections of machines that routinely run the same processes. Microsoft Defender for Cloud uses machine learning to analyze the applications running on your machines and create a list of the known-safe software. Allowlists are based on your specific Azure workloads, and you can further customize the recommendations using the following instructions. When you've enabled and configured adaptive application controls, you'll get security alerts if any application runs other than the ones you've defined as safe.

sherifhamedOption: A
Sep 18, 2023

A. Adaptive application controls in Defender for Cloud Adaptive application controls, often referred to as application whitelisting, allow you to specify which applications are authorized to run on your virtual machines and block all others. If an unauthorized application attempts to run, it will be blocked until an administrator authorizes it. This control provides a strong layer of security against unapproved or malicious applications. The other options (B, C, and D) are not primarily designed for controlling which applications can run on Windows Server 2019 virtual machines in your Azure subscription

AMDfOption: A
Jan 8, 2023

Correct

sfok
Jan 8, 2023

A is correct

ServerBrainOption: C
Aug 18, 2023

https://learn.microsoft.com/en-us/defender-cloud-apps/app-permission-policy

Gats_28Option: A
Nov 25, 2024

I'll go with A

Xavier_Alonso
Sep 1, 2023

A is the answer. How to block intentional or unintentional deletion of backup data? https://learn.microsoft.com/en-us/azure/backup/protect-backups-from-ransomware-faq#how-to-block-intentional-or-unintentional-deletion-of--backup-data

dc864d4
Nov 4, 2024

Now controlled through intune app policies

gicalOption: A
Jan 1, 2025

Using Adaptive application controls can help simplify the process of configuring and maintaining application policies. By using Adaptive application controls, you can: -Block attempts to run potentially malicious applications. -Receive alerts when adaptive application control blocks an application https://learn.microsoft.com/en-us/training/modules/create-implement-application-allowlists-adaptive-application-control/2-describe-controls