You have an Azure subscription that uses Microsoft Defender for Servers Plan 1 and contains a server named Server1.
You enable agentless scanning.
You need to prevent Server1 from being scanned. The solution must minimize administrative effort.
What should you do?
To prevent a specific server from being scanned in Microsoft Defender for Servers, creating an exclusion tag is the appropriate solution. This method allows for easy specification of which resources should not be scanned, minimizing administrative effort. This approach is consistent with Azure's management of security settings and exclusions via tagging mechanisms, ensuring streamlined operations.
Agentless malware scanning is only available if you have enabled Defender for Servers plan 2 so I assume you need to upgrade plan first
A. Create an exclusion tag. https://learn.microsoft.com/en-us/azure/defender-for-cloud/enable-agentless-scanning-vms
I think you need to upgrade to Plan 2 first.
A. Create an exclusion tag.
I see some people voting foranswer is "B". But if agentless scanning requires a plan 2 licence, and the assignment reads "you enable agentless monitoring" doesn't that suggest said licence is already in play?
This question was in the exam 27/04/2024.
on exam 2024/April
Agentless scanning requires plan 2 licenses
https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection
A. Create an exclusion tag. https://learn.microsoft.com/en-us/azure/defender-for-cloud/enable-agentless-scanning-vms#exclude-machines-from-scanning
This new question arrived today 9th september 2023. Can someone please verify the correct answer?
Since it already says "you enable agentless scanning" I take this as an upgrade to Plan 2 has already occured in the environment.
I guess just pick your answer and hope for the best? What a terribly written question. My guess is A because it doesn't answer the question of HOW to exclude. Just adding a P2 license doesn't exclude and it doesn't ask, "what do you do first". Still, is there some way of doing this without P2? For either the Defender Cloud Security Posture Management (CSPM) or Defender for Servers P2 plan, select Settings. For either the Defender Cloud Security Posture Management (CSPM) or Defender for Servers P2 plan, select Settings. From MS: For either the Defender Cloud Security Posture Management (CSPM) or Defender for Servers P2 plan, select Settings. Enter the tag name and value that applies to the machines that you want to exempt. You can enter multiple tag:value pairs. https://learn.microsoft.com/en-us/azure/defender-for-cloud/enable-agentless-scanning-vms#exclude-machines-from-scanning
That copied and pasted weird: For either the Defender Cloud Security Posture Management (CSPM) or Defender for Servers P2 plan, select Settings. Enter the tag name and value that applies to the machines that you want to exempt. You can enter multiple tag:value pairs. https://learn.microsoft.com/en-us/azure/defender-for-cloud/enable-agentless-scanning-vms#exclude-machines-from-scanning
correct -- A To prevent specific machines from being scanned, you can exclude machines from agentless scanning based on your pre-existing environment tags. https://learn.microsoft.com/en-us/azure/defender-for-cloud/enable-agentless-scanning-vms
I am gonna go for B I checked it with co-pilot as well and it agrees with this by saying Upgrading to Defender for Servers Plan 2 provides more advanced security features and capabilities.
Option A tag
Why it is not D?
Why create a group if it is only for one server?