Microsoft Azure Security Engineer Associate AZ-500 Practice Question
Your organization has an Azure subscription that contains several Linux and Windows virtual machines (VMs). You plan to turn on the agentless vulnerability scanning feature that is included with Microsoft Defender for Servers Plan 2. Before you enable the plan, which setting must be configured at the subscription level to ensure that agentless scanning can be performed on every current and future VM without deploying any additional software?
Create a tag named "DefenderScan" with the value "On" and apply it to each virtual machine.
Enable Microsoft Defender for Storage on all storage accounts in the subscription.
Assign the built-in Azure Policy definition "Configure agentless VM scanning to assess for vulnerabilities" at the subscription scope.
Turn on diagnostic settings in Azure Monitor to forward guest performance counters to a Log Analytics workspace.
Agentless vulnerability assessment relies on the Azure guest introspection capability provided by the Microsoft.AzureSecurityCenter VM extension. This extension is automatically installed by the built-in Azure Policy definition named "Configure agentless VM scanning to assess for vulnerabilities". The policy must be assigned at the subscription (or management-group) scope so it can deploy the extension to all existing VMs and automatically apply to new VMs, allowing Defender for Servers Plan 2 to collect software inventory and scan for vulnerabilities without installing the Log Analytics or Microsoft Defender for Endpoint agents.
The other options either address workload protection plans (such as Defender for Storage), VM tagging, or data collection settings that are not prerequisites for agentless VM scanning.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the Azure Policy definition 'Configure agentless VM scanning to assess for vulnerabilities' do?
Open an interactive chat with Bash
What is the Microsoft.AzureSecurityCenter VM extension, and how does it work?
Open an interactive chat with Bash
How does agentless vulnerability assessment differ from traditional agent-based scanning?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .