Microsoft SC-500: Secure Compute

Topic snapshot

Sample questions

These questions are original IT Mastery practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.

Question 1

Topic: Secure Compute

A security team manages Azure VMs in a subscription protected by Microsoft Defender for Servers Plan 2. During a change freeze, production VMs cannot receive new agents or VM extensions, but the team needs vulnerability findings in Defender for Cloud for those VMs.

Current settings

Which configuration change best supports the requirement?

Options:

• A. Create a Microsoft Sentinel connector for Defender for Cloud.

• B. Enable Agentless scanning for machines for the subscription.

• C. Enable automatic deployment of the vulnerability assessment extension.

• D. Deploy the Azure Arc Connected Machine agent to each VM.

Best answer: B

Explanation: Agentless VM scanning is managed in Defender for Cloud settings and is designed to discover vulnerabilities from machine disk snapshots without requiring an installed security agent or VM extension. In this scenario, Defender for Servers Plan 2 is already enabled, but agentless scanning is off and production VMs cannot be changed. Turning on agentless scanning aligns with the no-agent constraint while still producing vulnerability discovery signals in Defender for Cloud. Extension-based assessment and endpoint onboarding can provide useful security data, but they depend on installed components or runtime agents. Sentinel ingestion can centralize alerts and logs, but it does not perform the vulnerability scan itself.

• Extension deployment fails because the change freeze blocks new VM extensions.
• Azure Arc agent is for connecting hybrid or multicloud machines and still requires agent installation.
• Sentinel connector can ingest Defender for Cloud data but does not create VM vulnerability findings.

Question 2

Topic: Secure Compute

A subscription contains Azure VMs and Azure Arc-enabled servers protected by Defender for Servers. The security team must surface continuous OS and software vulnerability findings in Defender for Cloud and wants to use the Microsoft-native scanner without deploying a third-party scanner extension. What should you configure?

Options:

• A. Enable vulnerability assessment using Microsoft Defender Vulnerability Management.

• B. Deploy the Qualys vulnerability assessment extension by policy.

• C. Enable only agentless scanning for machines in Defender CSPM.

• D. Connect Defender for Cloud alerts to Microsoft Sentinel.

Best answer: A

Explanation: Defender for Servers can provide vulnerability assessment results for protected server workloads by using Microsoft Defender Vulnerability Management. This is configured from the Defender for Servers plan settings as the vulnerability assessment option, so findings appear in Defender for Cloud recommendations without requiring a third-party scanner extension. Agentless scanning can provide useful posture visibility, but it is not the same as configuring the Microsoft-native vulnerability assessment path for the protected Azure and Arc server estate. Sentinel ingestion is for monitoring and correlation, not scanning configuration.

• Agentless only fails because it does not implement the requested Microsoft-native vulnerability assessment configuration for all protected server workloads.
• Sentinel connector fails because it collects security data and alerts; it does not enable server vulnerability scanning.
• Qualys extension fails because the requirement explicitly avoids a third-party scanner extension.

Question 3

Topic: Secure Compute

A security engineer onboarded several on-premises Linux servers to Azure Arc so the servers can be governed by Azure security services in Microsoft Defender for Cloud. Which evidence best validates that the intended security control is working?

Options:

• A. The Azure virtual machines inventory lists the servers as native Azure VMs

• B. Azure Monitor shows heartbeat data from the servers in a Log Analytics workspace

• C. Microsoft Entra sign-in logs show administrators accessing the Azure portal

• D. Defender for Cloud lists the servers as Arc-enabled resources with server recommendations

Best answer: D

Explanation: Azure Arc extends Azure management and security governance to servers that run outside Azure, such as on-premises or other-cloud machines. For this objective, the best validation is evidence that Defender for Cloud recognizes those machines as Arc-enabled server resources and applies security assessment or recommendations to them. That confirms both required parts: the non-Azure resource boundary is handled through Azure Arc, and Azure security services are actively governing the server. A heartbeat only proves telemetry is being sent, and portal sign-in activity only proves administrator access, not server protection or governance.

• Portal sign-ins show user activity, not whether hybrid servers are onboarded or governed.
• Heartbeat telemetry can support monitoring but does not prove Defender for Cloud governance through Azure Arc.
• Native VM inventory is the wrong resource boundary because on-premises servers should appear as Arc-enabled resources, not Azure VMs.

Question 4

Topic: Secure Compute

An organization runs several Azure Kubernetes Service (AKS) clusters. A security review identifies a container posture concern: some running workloads might be configured with privileged mode or risky host mounts. There is no evidence of active exploitation, and the team wants built-in Microsoft recommendations that detect these workload misconfigurations. Which mechanism should the team use?

Options:

• A. Azure WAF managed rules for ingress traffic

• B. Defender for Containers workload recommendations

• C. Microsoft Sentinel analytics rules for pod logs

• D. Defender for Servers EDR on AKS nodes

Best answer: B

Explanation: Defender for Containers is the Microsoft Defender for Cloud plan used for Kubernetes and container workload security. When the issue is posture risk in container workloads, such as privileged containers or risky host mounts, the relevant signal is the container-specific recommendations and hardening findings produced by Defender for Containers. These recommendations help security engineers identify misconfigurations before they become exploitable paths.

Sentinel analytics are useful for correlating logs and detecting suspicious activity, but they are not the primary posture assessment mechanism. WAF protects HTTP application traffic, and Defender for Servers focuses on server and VM protection rather than Kubernetes workload configuration.

• Log analytics trap fails because Sentinel rules analyze ingested events rather than provide built-in container posture recommendations.
• Ingress protection trap fails because WAF addresses web request threats, not pod or workload configuration risk.
• Node security trap fails because Defender for Servers protects compute hosts, not Kubernetes workload posture settings.

Question 5

Topic: Secure Compute

A security engineer reviews Microsoft Defender for Cloud findings for an AKS-hosted payment workload. The team needs to determine whether the finding is a container posture issue and what to do next.

Exhibit: Defender for Cloud recommendation

What is the best next action?

Options:

• A. Enable Defender for Servers on the AKS node VMs.

• B. Update the workload security context to disable privileged execution.

• C. Add an NSG rule to block inbound Internet traffic.

• D. Connect AKS logs to Microsoft Sentinel before remediation.

Best answer: B

Explanation: Defender for Containers surfaces posture recommendations for container workloads, including unsafe Kubernetes security-context settings. In the exhibit, privileged=true and allowPrivilegeEscalation=true indicate that the workload can run with elevated container privileges. The absence of a runtime alert does not make the finding informational; the Unhealthy status means Defender for Cloud detected a configuration risk that should be remediated in the workload manifest or deployment configuration. The appropriate response is to disable privileged execution, prevent privilege escalation, redeploy, and verify that the recommendation becomes healthy.

• Server plan focus misses that the source is Defender for Containers and the evidence is in the container workload configuration.
• Sentinel ingestion can support monitoring, but it does not correct the unsafe security-context settings shown in the exhibit.
• Network blocking addresses traffic exposure, not privileged container execution inside the AKS workload.

Question 6

Topic: Secure Compute

A company runs Windows and Linux servers in an on-premises datacenter. The servers cannot be migrated to Azure, but security must manage them with Azure Policy compliance assignments and Microsoft Defender for Cloud server protections from the same Azure governance scope used for cloud VMs. Which implementation should the security engineer use?

Options:

• A. Connect the servers to Microsoft Sentinel by using only syslog collection.

• B. Replicate the servers to Azure with Azure Site Recovery.

• C. Onboard with Azure Arc, then apply Azure Policy and Defender for Servers.

• D. Create private endpoints for the servers in an Azure virtual network.

Best answer: C

Explanation: Azure Arc-enabled servers extend Azure management and security controls to supported non-Azure Windows and Linux machines. Installing the Azure Connected Machine agent on each server onboards it as an Azure resource, which lets the organization assign Azure Policy, evaluate compliance, and apply Microsoft Defender for Cloud protections such as Defender for Servers without migrating the workloads. This preserves the operational constraint that the servers remain on-premises while still bringing them under Azure governance. Log collection, private connectivity, or disaster recovery replication can support other goals, but they do not make the current non-Azure servers manageable as Azure-governed server resources.

• Sentinel collection sends events for monitoring but does not provide Azure Policy governance or Defender for Servers onboarding by itself.
• Private endpoints control private access to Azure services, not management enrollment of physical or virtual servers.
• Site Recovery replication supports disaster recovery and failover, but it is not required to govern the existing on-premises servers.

Question 7

Topic: Secure Compute

An organization uses Azure AI services for a customer-facing application. Security leadership wants workload protection that can detect threats against the AI service while allowing the application to continue calling the service normally. Which control should the security engineer implement?

Options:

• A. Enable only Defender CSPM for the subscription.

• B. Create a Sentinel rule for AI logs only.

• C. Add Foundry guardrails for prompt filtering.

• D. Enable Defender for AI Service in Defender for Cloud.

Best answer: D

Explanation: Defender for AI Service is the Defender for Cloud workload protection plan intended for AI services that need threat detection and protection coverage. In this scenario, the requirement is not merely to assess posture, filter prompts, or build custom monitoring after log ingestion; it is to protect the AI workload itself while preserving normal application behavior. Enabling the Defender for AI Service plan in Cloud Workload Protection provides the appropriate control boundary for that need. Foundry guardrails and Sentinel analytics can be useful in related designs, but they do not replace enabling the workload protection plan for AI services.

• Posture only misses the requirement because Defender CSPM focuses on security posture and recommendations, not AI workload protection.
• Prompt filtering helps reduce unsafe AI interactions but does not provide Defender workload protection for the AI service.
• Custom analytics only depends on collected signals and rules, but it is not the Defender for Cloud AI workload protection plan.

Question 8

Topic: Secure Compute

A team has deployed a Microsoft Foundry chat application. Security review finds that client apps call the model endpoint directly, so the team cannot centrally enforce caller authentication, request throttling, or request/response policy checks before traffic reaches the Foundry endpoint. What is the best next hardening step?

Options:

• A. Review the Data and AI security dashboard.

• B. Enable Defender for AI Service for the workload.

• C. Place the app behind AI Gateway in Azure API Management.

• D. Configure Foundry guardrails for the model deployment.

Best answer: C

Explanation: AI Gateway in Azure API Management is used when the security need is to broker and control application traffic before it reaches Microsoft Foundry. In this scenario, the gap is direct endpoint access without centralized authentication, throttling, and request/response policy enforcement. Defender for AI Service helps protect AI workloads by detecting threats and risks, Foundry guardrails help constrain AI behavior and safety within Foundry, and the Data and AI security dashboard provides monitoring and posture visibility. Those are useful controls, but they do not replace the need for a gateway front door when the immediate problem is unmanaged client-to-endpoint traffic.

• Defender for AI Service addresses workload protection and detection, not centralized ingress control for client traffic.
• Foundry guardrails help manage AI behavior and safety, but they do not provide the API front door for authentication and throttling.
• Security dashboard review provides visibility and monitoring, but it does not implement the missing enforcement point.

Question 9

Topic: Secure Compute

A server team deployed an Azure VM named vm-app01 by using a supported Generation 2 image, but the VM is currently running with Security type: Standard. Defender for Cloud flags that Secure Boot is disabled, and the workload owner requires trusted boot protection before production release. What should you do next?

Options:

• A. Enable Azure Bastion for administrative access.

• B. Apply an Azure Machine Configuration baseline.

• C. Enable disk encryption with a customer-managed key.

• D. Deallocate the VM, set Trusted launch, and enable Secure Boot.

Best answer: D

Explanation: Azure VM Secure Boot is part of the Trusted launch security model. Because vm-app01 is a supported Generation 2 VM but still uses the Standard security type, the logical next step is to move it to Trusted launch and enable Secure Boot. Deallocating the running VM is the appropriate implementation sequence before changing this security configuration. Secure Boot helps protect the boot chain from unsigned or tampered boot components; related capabilities such as vTPM and integrity monitoring build on the same trusted launch foundation. Controls such as Bastion, Machine Configuration, and disk encryption improve other security areas but do not satisfy the trusted boot requirement.

• Bastion access hardens management connectivity but does not change the VM boot trust configuration.
• Machine Configuration can assess or enforce OS settings but does not enable Azure VM Secure Boot.
• Disk encryption protects data at rest but does not validate the boot chain.

Question 10

Topic: Secure Compute

A security engineer reviews a deployed Microsoft Copilot Studio agent after a Defender XDR blast-radius alert. The business owner confirms the agent should answer only benefits FAQ questions.

Agent: BenefitsHelper
Finding: Agent can read HR-Performance site
Evidence source: Microsoft Entra Agent ID access graph
Runtime protection alerts: None
Recent blocked prompts or tools: None

What is the best next implementation step?

Options:

• A. Re-scope the agent identity’s HR-Performance access in Microsoft Entra Agent ID.

• B. Disable all Copilot Studio agents across the tenant.

• C. Add a Copilot Studio runtime rule to block HR prompts.

• D. Ingest all agent transcripts into Microsoft Sentinel first.

Best answer: A

Explanation: Defender XDR blast-radius evidence from Microsoft Entra Agent ID indicates an identity and access issue: the agent identity can reach a resource outside its business purpose. The next step is to reduce that identity’s permissions or assignments and validate least privilege. Microsoft Copilot Studio runtime protection is relevant when the evidence involves malicious prompts, unsafe tool calls, or runtime policy violations, but the exhibit shows no runtime alerts. Monitoring or tenant-wide shutdowns either delay risk reduction or over-remediate. Match the remediation plane to the evidence source.

• Runtime filtering addresses prompt or tool behavior at run time, but the evidence is excessive identity access.
• Tenant-wide disablement is broader than needed because only one agent identity is implicated.
• Sentinel-first monitoring can improve visibility, but it does not reduce the current blast radius.

Continue with full practice

Use the Microsoft SC-500 Practice Test page for the full IT Mastery practice bank, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.

Try Microsoft SC-500 on Web View Microsoft SC-500 Practice Test

Related focused pages

• Free Microsoft SC-500 Full-Length Practice Exam
• Identity and Governance
• Storage and Networking Security
• Security Posture Monitoring

Free review resource

Read the Microsoft SC-500 Cheat Sheet for compact concept review before returning to timed practice.