Preventing Unauthorized Applications and Malware on Azure Virtual Machines
Question
You have 15 Azure virtual machines in a resource group named RG1.
All the virtual machines run identical applications.
You need to prevent unauthorized applications and malware from running on the virtual machines.
What should you do?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.B
Adaptive application control is an intelligent, automated end-to-end application whitelisting solution from Azure Security Center. It helps you control which applications can run on your Azure and non-Azure VMs (Windows and Linux), which, among other benefits, helps harden your VMs against malware. Security
Center uses machine learning to analyze the applications running on your VMs and helps you apply the specific whitelisting rules using this intelligence.
https://docs.microsoft.com/en-us/azure/security-center/security-center-adaptive-applicationThe most appropriate answer to this question is B. From Azure Security Center, configure adaptive application controls.
Explanation:
Adaptive application controls allow you to create a list of approved applications that are allowed to run on your virtual machines, while blocking all others. This helps to prevent unauthorized applications and malware from running on your virtual machines.
To configure adaptive application controls from Azure Security Center, you need to follow these steps:
Open Azure Security Center from the Azure portal.
Go to the Security policy blade and select the Security policy that applies to the virtual machines.
In the Security policy blade, select Adaptive application controls.
In the Adaptive application controls blade, select Add to create a new adaptive application control.
In the New adaptive application control blade, specify the applications that are allowed to run on the virtual machines. You can specify applications by file path, hash, or publisher.
Save the adaptive application control and apply it to the virtual machines.
Note that Azure policy (option A) is used to enforce organizational standards and to assess compliance of Azure resources with those standards. Resource locks (option D) prevent accidental deletion or modification of Azure resources. Azure AD Identity Protection (option C) is used to detect and respond to identity-based risks in Azure AD. None of these options address the specific requirement to prevent unauthorized applications and malware from running on the virtual machines.
