U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Microsoft SC-200 Exam - Topic 1 Question 113 Discussion

You receive an alert from Azure Defender for Key Vault.You discover that the alert is generated from multiple suspicious IP addresses.You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must minimize the impact on legitimate users.What should you do first?
B) Enable the Key Vault firewall.
A) Modify the access control settings for the key vault.
C) Create an application security group.
D) Modify the access policy for the key vault.

Microsoft SC-200 Exam - Topic 1 Question 113 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 113
Topic #: 1
[All SC-200 Questions]

You receive an alert from Azure Defender for Key Vault.

You discover that the alert is generated from multiple suspicious IP addresses.

You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must minimize the impact on legitimate users.

What should you do first?

Show Suggested Answer Hide Answer
Suggested Answer: B

When Azure Defender for Key Vault (now part of Microsoft Defender for Cloud) raises an alert about suspicious access attempts from multiple unknown IP addresses, the immediate mitigation step---before deeper investigation---is to restrict network access to the Key Vault to reduce exposure.

The Azure Key Vault firewall allows you to restrict access by:

Allowing access only from trusted IP addresses, VNets, or private endpoints.

Blocking all other traffic by enabling the firewall and disabling ''Allow access from all networks.''

Microsoft's official recommendation states:

''To reduce the likelihood of secrets being compromised while you investigate an alert, enable the Key Vault firewall and restrict access to trusted networks or specific virtual networks.'' ''Firewall and virtual network configuration can be applied immediately without affecting existing permissions or access policies.''

This step:

Minimizes exposure to malicious IP addresses.

Is quick to implement (through the Azure Portal or CLI).

Has minimal impact on legitimate users if you properly whitelist trusted networks or VNets.

Other options:

A (Modify access control settings) or D (Modify access policy) would affect permissions and could disrupt legitimate users or service principals.

C (Create an application security group) applies to network interfaces, not directly to Key Vault.

Answe r: B. Enable the Key Vault firewall


Contribute your Thoughts:

0/2000 characters

Currently there are no comments in this discussion, be the first to comment!


Save Cancel