Azure Defender for Servers Capabilities | Exam SC-200 Microsoft Security Operations Analyst

Azure Defender for Servers Capabilities

Question

What capabilities below are part of Azure Defender for Servers? (Mark all correct ones)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Correct Answers: A, B, C and D.

i?) Security Center | Azure Defender & x

Showing 40 subscriptions

» ‘Y Subscriptions (7 What's new

Azure Defender coverage aN
Enable just-in-time VM access
po
161/70 1022 4 @ 60
m ” i & 19 if Just-in-time VM access is
691 Servers Kubernetes App Service enabled on is enabled on
Tom. 84% of the 116 relevant
Upgrade Upgrade Upgrade Upgrade VMs. Use just-in-time
VM access to lock down
the inbound traffic to
ey -= VM:
EA 3, @ Bas B46): = 258/203 your VMs.
[Fully covered (555)
SQL servers on machines Key Vault Azure SQL database servers Storage Click here to enable >
Agent not installed (@)_ Install
Not covered (128) Upgrade all Upgrade Upgrade Upgrade Upgrade
Enable adaptive appli
controls
Security alerts
ecurity ale (== Adaptive application
control is enabled on
0 High sevety 41% of the 80 relevant
21 VMs. Use adaptive

Medium sx application control to
44 trigger alerts when

vow my unexpected applications

19 run.

PTT _—

Enable adaptive network hardening

13500 205un sun
Adaptive network
Advanced protection hardening is enabled on
88% of the 130 relevant
HA vowuinerabitty assessment © rustinstime vn access ‘=, Adaptive application control @ Containerimage scanning VMs. Adaptive network
v hardening dramatically
126 Unprotected 18 Unprotected AT Unprotected 3 unprotected reduces the attack
surface of your internet-
facing VMs.
‘Adaptive network hardening Ee SQL vulnerability assessment [By Fle integrity monitoring Network map
Click here to enable >
15 unprotected 29 Unprotected

VA

Reference:

Azure Defender for Servers is a cloud-native security solution provided by Microsoft to detect and respond to advanced attacks targeting servers running in the Azure cloud or on-premises data centers. The solution uses behavioral analytics, machine learning, and threat intelligence to detect and prevent attacks in real-time.

The capabilities of Azure Defender for Servers are as follows:

A. Adaptive Application Control: This capability enables administrators to control which applications are allowed to run on servers. It uses machine learning to create a baseline of normal behavior and detect anomalies. If an application is not on the approved list, it will be blocked from running. This helps prevent malware from running on servers.

B. Integration with Qualys for Vulnerability Assessment: This capability allows administrators to assess the security posture of servers by scanning for vulnerabilities. Azure Defender for Servers integrates with Qualys to perform vulnerability scans and provide recommendations for remediation.

C. Adaptive Network Hardening: This capability enables administrators to control network traffic to and from servers. It uses machine learning to create a baseline of normal behavior and detect anomalies. If network traffic is not on the approved list, it will be blocked. This helps prevent lateral movement by attackers.

D. Fileless attack detection for Windows: This capability detects attacks that do not involve writing files to disk. Attackers can use fileless techniques to evade detection by traditional antivirus solutions. Azure Defender for Servers uses behavioral analytics to detect fileless attacks.

E. Vulnerability assessment for Azure Container Registries: This capability allows administrators to assess the security posture of container images stored in Azure Container Registries. Azure Defender for Servers performs vulnerability scans and provides recommendations for remediation.

Therefore, the correct answers are A, C, and D. Azure Defender for Servers does not have integration with Qualys for Vulnerability Assessment for servers as part of its capabilities. Instead, it has integration with Qualys for vulnerability assessment for Azure Container Registries as part of its capabilities.