Question 168 of 1,000
Manage identity and accessmediumMultiple ChoiceObjective-mapped

Quick Answer

The correct answer is to enable the integrated vulnerability assessment solution (Qualys) directly from Microsoft Defender for Cloud. This is the right choice because it is a native, built-in capability that automatically scans both Azure VMs and on-premises servers connected via Azure Arc for OS vulnerabilities without requiring any additional licensing or external setup. On the AZ-500 exam, this question tests your understanding of Defender for Cloud’s unified security posture management for hybrid environments, often appearing as a trap where candidates might mistakenly choose a third-party agent or a separate Azure service. The key distinction is that the integrated VA solution is fully managed and enabled from within Defender for Cloud, ensuring seamless coverage across your hybrid servers. Memory tip: Think “Qualys is Qualifed” for hybrid—it’s the only native, zero-config option that covers both Azure and Arc-enabled machines.

AZ-500 Manage identity and access Practice Question

This AZ-500 practice question tests your understanding of manage identity and access. This is a configuration task: choose the command set that satisfies every stated requirement. Small differences — like 'secret' vs 'password' or 'transport input ssh' vs 'all' — change whether the answer is correct. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

A security team uses Microsoft Defender for Cloud to monitor the security posture of a hybrid environment that includes on-premises servers connected via Azure Arc. They want to enable a vulnerability assessment solution that automatically scans all servers (both Azure VMs and on-premises Arc-enabled servers) for OS vulnerabilities. Which solution should they enable directly from Defender for Cloud?

Question 1mediummultiple choice
Full question →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Enable the integrated vulnerability assessment solution (Qualys) in Defender for Cloud

The integrated vulnerability assessment (VA) solution in Defender for Cloud, powered by Qualys, is the correct choice because it is a native, built-in capability that can be automatically enabled for both Azure VMs and Azure Arc-enabled on-premises servers. It requires no additional licensing or external configuration, and it automatically discovers and scans OS vulnerabilities without manual intervention, directly from the Defender for Cloud portal.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Enable the integrated vulnerability assessment solution (Qualys) in Defender for Cloud

    Why this is correct

    The built-in VA solution (Qualys) is available at no additional cost in Defender for Cloud. It can be deployed to both Azure VMs and Arc-enabled servers through the integration, providing automatic OS vulnerability scanning.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Enable Microsoft Defender for Endpoint and integrate it with Defender for Cloud

    Why it's wrong here

    Microsoft Defender for Endpoint provides vulnerability assessment, but it requires separate licensing (E5 or add-on) and may not be the first choice if the goal is to use a built-in solution without extra cost.

  • Configure Azure Update Management to assess missing patches

    Why it's wrong here

    Azure Update Management focuses on missing OS patches and updates, not comprehensive vulnerability assessment (which includes configuration issues and other weaknesses). It is not a full vulnerability scanning solution.

  • Use Azure Policy to deploy the Log Analytics agent and manually enable scanning

    Why it's wrong here

    Deploying the Log Analytics agent alone does not enable vulnerability scanning. The VA solution requires the specific Qualys or MDE agent.

Common exam traps

Common exam trap: answer the scenario, not the keyword

The trap here is that candidates often confuse Microsoft Defender for Endpoint's threat and vulnerability management (TVM) with a dedicated vulnerability assessment solution, but the question specifically asks for a solution that can be enabled directly from Defender for Cloud for automatic OS vulnerability scanning, which is the integrated Qualys-based VA solution.

Detailed technical explanation

How to think about this question

The integrated Qualys VA solution uses a lightweight agent that is automatically deployed to Azure VMs and Arc-enabled servers when enabled in Defender for Cloud; it communicates with the Qualys cloud service over HTTPS (port 443) to perform authenticated scans of the OS and installed software. The solution provides a unified vulnerability dashboard, remediation recommendations, and integration with Azure Policy for compliance, and it supports both Windows and Linux operating systems without requiring a separate Qualys license.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

An e-commerce site experiences heavy traffic on Black Friday and near-zero traffic during off-peak weeks. Rather than provisioning permanent large VMs, the team uses auto-scaling groups that add capacity automatically under load and reduce it overnight. Questions like this test whether you understand elasticity, availability zones, and cloud compute scaling patterns.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related AZ-500 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free AZ-500 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this AZ-500 question test?

Manage identity and access — This question tests Manage identity and access — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Enable the integrated vulnerability assessment solution (Qualys) in Defender for Cloud — The integrated vulnerability assessment (VA) solution in Defender for Cloud, powered by Qualys, is the correct choice because it is a native, built-in capability that can be automatically enabled for both Azure VMs and Azure Arc-enabled on-premises servers. It requires no additional licensing or external configuration, and it automatically discovers and scans OS vulnerabilities without manual intervention, directly from the Defender for Cloud portal.

What should I do if I get this AZ-500 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: Jun 11, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This AZ-500 practice question is part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the AZ-500 exam.