Exam AZ-500 All QuestionsBrowse all questions from this exam
Go to Exam
Question 322

You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud.

You have the management group hierarchy shown in the following exhibit.

You create the definitions shown in the following table.

You need to use Defender for Cloud to add a security policy.

Which definitions can you use as a security policy?

    Correct Answer: C

    In Microsoft Defender for Cloud, security policies can only be created using initiatives, not individual policies. Microsoft Defender for Cloud applies security initiatives to subscriptions. Therefore, only initiatives can be used for creating security policies. Given this, the correct definitions that can be used as a security policy for Sub1 are Initiative1 and Initiative2. Initiative1 is applied at the Tenant Root Group level and is inherited by Sub1. Initiative2 is applied directly to Sub1. Initiative3, although also an initiative, is applied to MG1 and is not relevant to Sub1. Therefore, the correct answer is Initiative1 and Initiative2 only.

Discussion
ppolychronOption: C

C, Initiative1, Initiative2 Microsoft Defender for Cloud applies security initiatives to the subscriptions. So when you go to Environment Settings of Defender for Cloud you will be able to assign Initiative1 (inheritied from TRG) and 2 to Sub1. MG1 does not have an Subscription so it wont even be an available option in Environment Settings.

Ofenomeno

C is correct (initiatives and not individual policies) and MG1 has no Subs Log in to the Azure Portal. Go to Microsoft Defender for Cloud. Click Environment settings, then select your subscription. In the left-pane menu, click Security policy in the Policy settings section. Under Default initiative, click Assign policy.

billo79152718Option: B

B. Policy1 and Initiative1 only

billo79152718

https://learn.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept

liorh

what is the correct one?!?

ghostmeOption: D

Initiative1, Initiative2, and Initiative3 only

Strive_for_greatness_kc

Initiative3 should not even be an option here as Sub1 is not under MG1

hfk2020Option: C

C, Initiative1, Initiative2 Microsoft Defender for Cloud applies security initiatives to the subscriptions. So when you go to Environment Settings of Defender for Cloud you will be able to assign Initiative1 (inheritied from TRG) and 2 to Sub1. Also tested in the lab this is correct

OrangeSGOption: C

B is not correct. Microsoft documentation below imply that Policy cannot be added in Defender. Only initiative. Microsoft Defender for Cloud applies security initiatives to the subscriptions. Defender for Cloud offers the following options for working with security initiatives and policies: - View and edit the built-in default initiative - Add your own custom initiatives - Add regulatory compliance standards as initiatives

kuskumarOption: C

Policy cannot be added in Defender. Tested. Only initiative

Yesvanth1Option: B

Defender for Cloud is only on Sub1. From Environment Settings, you can add a custom initiative, you can create a new custom initiative with a custom policy from the same definition scope. Initiative 3 is on MG1: I don't think you can use initiatives from a different scope if it is not inheriting. I believe answer is: Policy1, Initiative1, Initiative2

uml55

Dude! That is not even an option!

guchao2000Option: C

C is correct, only Initiative1 (for TRG) and Initiative2 (for Sub1) Microsoft Defender for Cloud applies security initiatives to your subscriptions. Sub3 is not correct, as Sub 1 is not under MG1

Jimmy500Option: C

C. We can use initiatives with Security Policies with. In this picture MG1 is not cover Sub1 and we can not use Initiative that it has, and we cannot use Policy1. Tenant Root Group has initiative that will be inherited to Sub1, and it can use this as Security Policy in defender for cloud and its own inherited as well. So, the answer will be here C initiative1 and 2.

az2022Option: D

It's D

KRISTINMERIEANNOption: B

https://learn.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept

hb0011Option: C

It's C

TheProfessor

I think the correct answer will be Initiated2 only. The reason is - An assignment is a policy definition or initiative that has been assigned to a specific scope. This scope could range from a management group to an individual resource. The term scope refers to all the resources, resource groups, subscriptions, or management groups (https://learn.microsoft.com/en-us/azure/governance/policy/overview#resources-covered-by-azure-policy) Microsoft Defender for Cloud applies security initiatives to your subscriptions. (https://learn.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept) Nowhere in the above links it says initiate can be assigned to Tenant Root Group.

TheProfessor

B is not correct as - Microsoft Defender for Cloud applies security initiatives to the subscriptions.

ArioOption: B

given answer is correct , Policy used as an individual security policy. It can be applied directly to the subscription and Initiative Initiatives are collections of security policies bundled together. While you can apply initiatives at the subscription level, they are typically used to manage and enforce multiple policies across multiple resources, subscriptions, or management groups. since there is no option for p1,in1andin2 B is the only one