Exam
Answer confirmed
Question
You have an Azure subscription. The subscription contains 50 virtual machines that run Windows Server.
You need to monitor the configuration of the virtual machines and ensure that they comply with security best practices. The solution must meet the following requirements:
- Remediate noncompliant settings.
- Minimize administrative effort.
What should you use?
Proposed answer
- Azure Desired State Configuration (DSC)
Correct answer
Azure Desired State Configuration (DSC)
- Incorrect – Application security groups are used in conjunction with NSGs to manage network traffic.
- Incorrect - Azure CLI Deployment is not designed to monitor the configuration of virtual machines over time. While it can be used to deploy and configure virtual machines to a desired state, it does not provide ongoing monitoring and maintenance of that state.
- Correct - The DSC extension can be used to provide ongoing monitoring and maintenance of a virtual machine’s desired state.
- Incorrect – NSGs are used to manage network traffic.
Desired State Configuration for Azure overview - Azure Virtual Machines | Microsoft Learn