Question 1,140 of 1,639
Mitigate threats using Microsoft Defender for CloudmediumMultiple ChoiceObjective-mapped

SC-200 Practice Question: Mitigate threats using Microsoft Defender for Cloud

This SC-200 practice question tests your understanding of mitigate threats using microsoft defender for cloud. This is a configuration task: choose the command set that satisfies every stated requirement. Small differences — like 'secret' vs 'password' or 'transport input ssh' vs 'all' — change whether the answer is correct. A key principle to apply: defender for Cloud's 'Environment settings' manage subscription-wide security configurations.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

A cloud security team uses Microsoft Defender for Cloud with Defender for Servers enabled. They want to ensure that all Azure virtual machines have automatic provisioning of the Log Analytics agent (Azure Monitor Agent) turned on. Where should this configuration be set to cover existing and future VMs?

Question 1mediummultiple choice
Full question →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

In Microsoft Defender for Cloud > Environment settings > Select subscription > Settings & monitoring > Log Analytics agent for Azure VMs > Set to 'On'

Option A is correct because the 'Settings & monitoring' pane under Environment settings in Microsoft Defender for Cloud is the centralized location to enable automatic provisioning of the Log Analytics agent (Azure Monitor Agent) at the subscription level. This setting ensures that both existing Azure VMs and any future VMs are automatically provisioned with the agent, without requiring individual VM configuration or manual policy assignment.

Key principle: Defender for Cloud's 'Environment settings' manage subscription-wide security configurations.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • In Microsoft Defender for Cloud > Environment settings > Select subscription > Settings & monitoring > Log Analytics agent for Azure VMs > Set to 'On'

    Why this is correct

    This is the correct location to enable automatic provisioning of the Log Analytics agent for all current and future VMs in the subscription.

    Related concept

    Defender for Cloud's 'Environment settings' manage subscription-wide security configurations.

  • In Azure Policy > Assign a policy that deploys the Log Analytics agent to VMs

    Why it's wrong here

    While Azure Policy can be used, Defender for Cloud provides a built-in setting that automatically creates a policy assignment and is easier to manage.

  • In Microsoft Defender for Cloud > Security policy > Data collection

    Why it's wrong here

    The 'Data collection' blade under Security policy is for selecting workspace and storage, not for enabling automatic provisioning of the agent.

  • In Azure virtual machine blade > Auto-provisioning

    Why it's wrong here

    The Auto-provisioning page in the Azure portal is for IaaS VM backup, not for Defender for Cloud agent installation.

Common exam traps

Common exam trap: answer the scenario, not the keyword

The trap here is that candidates often confuse the deprecated 'Data collection' option under Security policy (Option C) with the current 'Settings & monitoring' pane, or they assume that Azure Policy (Option B) is the only way to enforce agent deployment, missing the built-in auto-provisioning toggle in Defender for Cloud.

Detailed technical explanation

How to think about this question

Under the hood, enabling 'Log Analytics agent for Azure VMs' in Defender for Cloud triggers the deployment of the Azure Monitor Agent (AMA) via the 'AzureSecurityMonitoring' extension, which is automatically applied to all existing and future VMs in the subscription. This setting also configures the Data Collection Rule (DCR) for security events, ensuring that Defender for Cloud can collect necessary telemetry for threat detection without manual intervention. In a real-world scenario, if a team mistakenly uses Azure Policy instead, they would need to manage policy assignments and remediation tasks separately, potentially missing coverage for new VMs if the policy scope is not correctly set.

KKey Concepts to Remember

  • Defender for Cloud's 'Environment settings' manage subscription-wide security configurations.
  • Automatic provisioning ensures Log Analytics agent deployment on existing and future VMs.
  • This setting simplifies agent management compared to manual or separate Azure Policy assignments.
  • The Log Analytics agent collects security data for Defender for Servers features.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Defender for Cloud's 'Environment settings' manage subscription-wide security configurations.

Real-world example

How this comes up in practice

An e-commerce site experiences heavy traffic on Black Friday and near-zero traffic during off-peak weeks. Rather than provisioning permanent large VMs, the team uses auto-scaling groups that add capacity automatically under load and reduce it overnight. Questions like this test whether you understand elasticity, availability zones, and cloud compute scaling patterns.

What to study next

Got this wrong? Here's your next step.

Review defender for Cloud's 'Environment settings' manage subscription-wide security configurations., then practise related SC-200 questions on the same topic to reinforce the concept.

Related practice questions

Related SC-200 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free SC-200 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this SC-200 question test?

Mitigate threats using Microsoft Defender for Cloud — This question tests Mitigate threats using Microsoft Defender for Cloud — Defender for Cloud's 'Environment settings' manage subscription-wide security configurations..

What is the correct answer to this question?

The correct answer is: In Microsoft Defender for Cloud > Environment settings > Select subscription > Settings & monitoring > Log Analytics agent for Azure VMs > Set to 'On' — Option A is correct because the 'Settings & monitoring' pane under Environment settings in Microsoft Defender for Cloud is the centralized location to enable automatic provisioning of the Log Analytics agent (Azure Monitor Agent) at the subscription level. This setting ensures that both existing Azure VMs and any future VMs are automatically provisioned with the agent, without requiring individual VM configuration or manual policy assignment.

What should I do if I get this SC-200 question wrong?

Review defender for Cloud's 'Environment settings' manage subscription-wide security configurations., then practise related SC-200 questions on the same topic to reinforce the concept.

What is the key concept behind this question?

Defender for Cloud's 'Environment settings' manage subscription-wide security configurations.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: Jun 11, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This SC-200 practice question is part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the SC-200 exam.