Microsoft Azure Security Engineer Associate AZ-500 Practice Question
You manage a subscription that hosts several Azure Container Apps environments. Security operations must receive alerts when Microsoft Defender detects suspicious or malicious activity inside the running containers. You have already onboarded the subscription to Microsoft Defender for Cloud, but no security alerts are shown for the container apps. To ensure runtime threat detection for Azure Container Apps, what should you do first?
Enable the Microsoft Defender for Containers plan for the subscription (or relevant resource group).
Enable diagnostic settings on each container app to stream the ContainerAppConsoleLogs and ContainerAppSystemLogs categories to a Log Analytics workspace.
Configure egress filtering for the Container Apps environment by sending outbound traffic through Azure Firewall.
Deploy the container apps into an App Service Environment to inherit App Service threat detection features.
For Azure Container Apps, runtime threat detection is provided by Microsoft Defender for Containers. Merely onboarding a subscription to Microsoft Defender for Cloud does not automatically enable any Defender plans. You must explicitly enable the Microsoft Defender for Containers plan at the subscription or resource-group level. Once the plan is enabled, Defender instruments the Container Apps environment and can raise security alerts for suspicious processes, reverse shells, crypto-mining, and other threats. Enabling diagnostic logs, deploying the apps to an App Service Environment, or configuring egress filtering can improve observability or network security but will not activate Defender's runtime analysis or generate the required alerts.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Microsoft Defender for Containers?
Open an interactive chat with Bash
Why doesn’t enabling Microsoft Defender for Cloud automatically include Defender plans?
Open an interactive chat with Bash
What happens after enabling the Defender for Containers plan?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure compute, storage, and databases
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .