Microsoft Cybersecurity Architect — Question 12

You have legacy operational technology (OT) devices and IoT devices.

You need to recommend best practices for applying Zero Trust principles to the OT and IoT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations.

Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Answer options

• A. active scanning
• B. threat monitoring
• C. software patching
• D. passive traffic monitoring

Correct answer: B, D

Explanation

The correct answers, B (threat monitoring) and D (passive traffic monitoring), are essential for identifying and mitigating risks without actively disrupting operations. In contrast, A (active scanning) and C (software patching) can introduce potential disruptions or downtime, making them less suitable for maintaining uninterrupted business functions.