You have the Azure resources shown in the following table.
You need to meet the following requirements:
✑ Internet-facing virtual machines must be protected by using network security groups (NSGs).
✑ All the virtual machines must have disk encryption enabled.
What is the minimum number of security policies that you should create in Microsoft Defender for Cloud?
To meet the requirements, you need one security policy to ensure all internet-facing virtual machines are protected by network security groups (NSGs) and another policy to enable disk encryption on all virtual machines. Since these policies can be applied at a higher scope like the subscription or management group level, a total of two security policies are sufficient.
B is the answer. https://learn.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept#what-is-a-security-policy An Azure Policy definition, created in Azure Policy, is a rule about specific security conditions that you want controlled. Built in definitions include things like controlling what type of resources can be deployed or enforcing the use of tags on all resources. You can also create your own custom policy definitions.
https://learn.microsoft.com/en-us/azure/governance/policy/overview#overview Azure Policy evaluates resources and actions in Azure by comparing the properties of those resources to business rules. These business rules, described in JSON format, are known as policy definitions. To simplify management, several business rules can be grouped together to form a policy initiative (sometimes called a policySet). Once your business rules have been formed, the policy definition or initiative is assigned to any scope of resources that Azure supports, such as management groups, subscriptions, resource groups, or individual resources.
B: 2 security policies
B, just apply it to the scope to the subscription or management group
Why I should need a policy for each VM? They're in the same scope (Management1) I would say that right answer is B
They are saying to filter traffic out via NSG. NSGs can only be applied at the subnet or VM level. In this example there are no subnets listed so the there will be to be rule set against each vnic of each VM. Those two policies along with the disk encryption policy give a total of 3.
A resource can only exist in a single Resource Group which means a single Virtual Network cannot be added to multiple Resource Groups but it does not need to be.
The explanation in the answer is indicating 2 policies, why then 3 is the suggested answer..
Hi guys , I think here answer should be one. In the condition it asks how many security policies that you should create in defender for cloud. If you guys go to defender for cloud->Environment Settings->Security Policies and press on create we can see we can add inside one Security Policy of Defender for cloud multiple policies. Here we need to add 2 different policy inside one Security Policy of Defender for Cloud. That is why I would go with A - one. BR
VM1 is attached to RG1, and RG1 is attached to subscription 1 VM2 is attached to RG2, and RG2 is attached to subscription 1 NSGs can only be applied at the subnet or VM level. the question is poorly posed or is missing info ? https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
C.2 One policy for Disk Encryption applied at the sub level One policy apply at the level for the VMs
just apply it to the scope to the subscription or management group
Why 3 is the answer?
why question says to create policy in "Defender for cloud" ?
haha.......weird
https://learn.microsoft.com/en-us/azure/defender-for-cloud/tutorial-security-policy You can edit Azure security policies through Defender for Cloud, Azure Policy, via REST API or using PowerShell.
"B" for sure
I'd Say B
B correct answer
Minimum security policy required should be 2 only.
Vote B