Configuring Windows Server Hybrid Advanced Services - Exam AZ-801
Question
You have 100 Azure virtual machines that run Windows Server. The virtual machines are onboarded to Microsoft Defender for Cloud.
You need to shut down a virtual machine automatically if Microsoft Defender for Cloud generates the "Antimalware disabled in the virtual machine" alert for the virtual machine.
What should you use in Microsoft Defender for Cloud?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.A
https://docs.microsoft.com/en-us/azure/defender-for-cloud/managing-and-responding-alertsThe correct answer to the question is C. a security policy.
Explanation:
Microsoft Defender for Cloud is a security solution offered by Microsoft for protecting cloud workloads, including Azure virtual machines. The solution provides threat detection, prevention, and response capabilities through a centralized dashboard.
To automate the process of shutting down a virtual machine if Microsoft Defender for Cloud generates the "Antimalware disabled in the virtual machine" alert for the virtual machine, a security policy can be used. A security policy in Microsoft Defender for Cloud defines the security settings and configurations for a set of Azure resources.
The following steps can be followed to create a security policy in Microsoft Defender for Cloud that will shut down a virtual machine if the "Antimalware disabled in the virtual machine" alert is generated:
- In the Microsoft Defender for Cloud dashboard, click on "Security Policy" from the left-hand menu.
- Click on "Create policy."
- Give the policy a name and description.
- Select "Virtual machines" as the resource type.
- Define the conditions that will trigger the policy. In this case, select "Antimalware status" as the condition and set it to "Disabled."
- Define the actions that will be taken when the policy is triggered. Select "Stop virtual machines" as the action and select the virtual machines that should be stopped.
- Save the policy.
Once the security policy is created, it will monitor the virtual machines and trigger the defined action if the "Antimalware disabled in the virtual machine" alert is generated.
A logic app is a workflow automation tool in Azure that allows users to create workflows and integrate various Azure services and external systems. A workbook is a tool in Azure Monitor that allows users to visualize and analyze data from Azure services. Adaptive network hardening is a feature in Azure Security Center that automatically configures network security settings based on the actual traffic patterns observed in the environment. These options are not directly related to the requirement of shutting down a virtual machine if the "Antimalware disabled in the virtual machine" alert is generated.
