Microsoft Cybersecurity Architect — Question 8

Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.
The company signs a contract with the United States government.
You need to review the current subscription for NIST 800-53 compliance.
What should you do first?

Answer options

• A. From Defender for Cloud, review the secure score recommendations.
• B. From Microsoft Sentinel, configure the Microsoft Defender for Cloud data connector.
• C. From Defender for Cloud, review the Azure security baseline for audit report.
• D. From Defender for Cloud, add a regulatory compliance standard.

Correct answer: D

Explanation

The correct answer is D because adding a regulatory compliance standard is the necessary first step to ensure that the subscription aligns with NIST 800-53 requirements. The other options, while valuable, do not directly initiate the compliance review process needed for this specific standard.