Free Microsoft Cybersecurity SC-100 Actual Exam Questions - Question 5 Discussion
You are evaluating the Azure Security Benchmark V3 report.
In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.
You need to recommend configurations to increase the score of the Secure management ports
controls.
Solution: You recommend enabling just-in-time (JIT) VM access on all virtual machines.
Does this meet the goal?
It’s A. Enabling just-in-time VM access directly targets the risk of having management ports open and accessible all the time, which is exactly what the Secure management ports control is about. Other controls like NSGs or MFA are good too, but JIT alone already scores points in this area because it reduces the attack surface by only opening ports when needed. So this solution fits the requirement perfectly.
A. JIT VM access limits open management ports to when needed, which directly improves security for these ports according to the benchmark. It’s the main recommendation here.
A/B? JIT definitely restricts access, but the benchmark might also expect things like NSG rules or MFA for management ports. So maybe JIT alone isn’t enough?
Makes sense to me. JIT VM access restricts management ports from being open all the time, so it definitely helps improve the Secure management ports score. So yeah, A sounds right here.
A