Microsoft Azure Security Engineer Associate AZ-500 Practice Question
Your organization operates several Azure Kubernetes Service (AKS) clusters. You must prevent developers from deploying containers that request host networking or run privileged containers. Violations must be denied at admission time and surfaced as policy compliance results in Microsoft Defender for Cloud. Which feature should you enable on each cluster?
Azure Monitor Container Insights
Only enable Microsoft Defender for Cloud at the subscription level
Kubernetes Pod Security Admission enforcement
Azure Policy add-on for Kubernetes in the AKS cluster
The Azure Policy add-on for AKS installs the Gatekeeper admission controller in the cluster. Gatekeeper evaluates every resource request against the Azure Policy assignments that target the cluster, can deny non-compliant manifests during admission, and reports compliance data back to Azure Policy and Defender for Cloud. Container Insights only collects metrics and logs. Upstream Pod Security Admission is not integrated with Azure Policy or Defender for Cloud, and enabling Defender for Cloud at the subscription level does not itself block non-compliant deployments inside the cluster.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Azure Policy add-on for Kubernetes?
Open an interactive chat with Bash
How does Gatekeeper admission controller enforce policies?
Open an interactive chat with Bash
What is the role of Microsoft Defender for Cloud in AKS compliance monitoring?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure compute, storage, and databases
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .