Free Microsoft Cybersecurity SC-100 Actual Exam Questions - Question 8 Discussion
Question No. 8
Your company finalizes the adoption of Azure and is implementing Microsoft Defender for Cloud.
You receive the following recommendations in Defender for Cloud
• Access to storage accounts with firewall and virtual network configurations should be restricted,
• Storage accounts should restrict network access using virtual network rules.
• Storage account should use a private link connection.
• Storage account public access should be disallowed.
You need to recommend a service to mitigate identified risks that relate to the recommendations.
What should you recommend?
You receive the following recommendations in Defender for Cloud
• Access to storage accounts with firewall and virtual network configurations should be restricted,
• Storage accounts should restrict network access using virtual network rules.
• Storage account should use a private link connection.
• Storage account public access should be disallowed.
You need to recommend a service to mitigate identified risks that relate to the recommendations.
What should you recommend?
Select one option, then reveal solution.
US
AY
Ahmed Y.
2026-02-19
I agree with picking D here. Azure Policy is designed exactly for enforcing those kinds of configurations automatically across all storage accounts, which tackles the risk of misconfigurations upfront. The other options focus more on monitoring or analysis rather than prevention.
0
SY
Sohail Y.
2026-01-22
D imo, since Azure Policy can enforce those storage account settings consistently across the subscription, unlike the other options that focus more on monitoring or analytics.
0
SY
Sohail Y.
2026-01-15
It’s D, Azure Policy fits here.
0