🔥 3-day streak
Microsoft Cybersecurity Architect Expert21 / 158
Question 21 of 158

A financial services company runs a customer-facing web application backed by Azure Key Vault (for API secrets), Azure SQL Database, and Azure Storage accounts (holding uploaded documents). Recent penetration testing found that an attacker who compromised the app tier could enumerate secrets and download blobs without triggering any alert. The security architect must recommend a Microsoft Defender for Cloud configuration that provides threat detection specifically for anomalous data-plane access to these PaaS services — such as unusual secret retrieval patterns and atypical blob access from suspicious IPs. Which approach best meets this requirement?

Reviewed for accuracy · Report an issueNext question