Microsoft Cybersecurity Architect — Question 21

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You need to enforce ISO 27001:2013 standards for new resources deployed to the subscription. The solution must ensure that noncompliant resources are automatically detected.

What should you use?

Answer options

• A. Azure Blueprints
• B. the regulatory compliance dashboard in Defender for Cloud
• C. Azure Policy
• D. Azure role-based access control (Azure RBAC)

Correct answer: C

Explanation

Azure Policy is the correct choice because it allows you to define and enforce rules for resource compliance, automatically identifying noncompliant resources. Azure Blueprints and the regulatory compliance dashboard can assist in managing compliance but do not enforce policies automatically. Azure RBAC focuses on access control rather than compliance enforcement.