Q: 1
A customer is deploying Docker images to 10 Azure Kubernetes Service (AKS) resources across four
Azure subscriptions. You are evaluating the security posture of the customer.
You discover that the AKS resources are excluded from the secure score recommendations. You need
to produce accurate recommendations and update the secure score.
Which two actions should you recommend in Microsoft Defender for Cloud? Each correct answer
presents part of the solution. NOTE: Each correct selection is worth one point.
Options
Discussion
Its A and E. Auto provisioning gets the monitoring agents on all AKS, and Defender plans actually unlock those recommendations for secure score. B isn't needed just for secure score on this workload from what I’ve seen.
Why can't you just enable Defender for Containers and auto provisioning to get AKS resources into secure score? Isn't that what A and E are getting at here?
A and E imo. Enabling Defender plans (E) is what actually lets Defender for Cloud assess AKS clusters, and auto provisioning (A) makes sure all new/existing resources get those agents rolled out automatically. Don't think B impacts secure score directly for containers. Pretty sure that's what gives accurate recommendations.
Option A and B for me. Had something like this in a mock and auto provisioning plus regulatory compliance policies both impacted secure score results (at least that's how it looked). Not 100% if B is really needed though, agree?
Likely it's A and E. You have to enable Defender plans for coverage, and auto provisioning makes it easy to roll out protections across all the AKS clusters. Official documentation or hands-on labs confirm this.
Be respectful. No spam.
