Microsoft Azure Security Engineer Associate AZ-500 Practice Question
You are configuring Microsoft Defender for Cloud to monitor resources that reside in Amazon Web Services (AWS). Your company uses a single AWS Organization that contains a management account and 50 member accounts. You must ensure that every current account is onboarded and that any new member accounts created in the future are added to Defender for Cloud automatically, without additional configuration. In the Add AWS cloud connector wizard in the Azure portal, which connector type should you choose and deploy?
Choose the Google Cloud Platform (GCP) Organization connector and assign a Viewer service account to all AWS accounts.
Choose the AWS Account connector, enable AWS Security Hub delegated administration, and rely on Security Hub findings for automatic onboarding.
Choose the AWS Account connector and deploy the generated CloudFormation stack separately in each member account.
Choose the AWS Organization connector and deploy the generated CloudFormation stack set from the organization's management account.
The AWS Organization connector is designed to be deployed from the management (formerly master) account of an AWS Organization by using an AWS CloudFormation stack set. This approach creates the required cross-account IAM role in all existing member accounts and automatically provisions the same role in any new accounts that join the organization. As a result, Microsoft Defender for Cloud can continuously discover and protect current and future AWS accounts without further manual steps.
Selecting the AWS Account connector would require deploying an individual CloudFormation stack in every account and would not automatically include accounts created later.
Enabling AWS Security Hub alone or configuring a delegated administrator does not satisfy Defender for Cloud's onboarding requirements unless the Organization connector is used.
The GCP Organization connector is unrelated to AWS and therefore inappropriate.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an AWS CloudFormation stack set?
Open an interactive chat with Bash
What is the role of the AWS Organization connector in Defender for Cloud?
Open an interactive chat with Bash
How does enabling AWS Security Hub differ from using the AWS Organization connector?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .