Microsoft Azure Architect Design (AZ-304) Practice Test

Which service should be used for continuous compliance monitoring in Azure?

• A. Azure Sentinel
• B. Azure Monitor
• C. Azure Policy
• D. Azure Security Center

The correct answer is: Azure Policy

Continuous compliance monitoring in Azure is effectively managed through Azure Policy. This service enables organizations to define policies that enforce rules and effects on their resources, helping to ensure that they remain compliant with organizational standards and regulatory requirements. Azure Policy allows you to evaluate the compliance state of your resources against the defined policies and automatically remediate resources that are found to be non-compliant. This can include policies around resource types, locations, and configurations. It essentially creates a framework for resource governance and ensures adherence to specific compliance requirements without requiring manual checking. Other services play important roles in Azure's security and governance landscape. For instance, Azure Sentinel is a Security Information and Event Management (SIEM) solution that provides advanced threat intelligence and lifecycle threat management, but it is not inherently focused on continuous compliance monitoring. Azure Monitor is designed for collecting and analyzing telemetry data from applications and infrastructure to monitor their performance. Azure Security Center, on the other hand, provides security management and threat protection, assisting in managing security posture but does not specifically enforce compliance policies as Azure Policy does. Thus, the functionality of Azure Policy in continuous compliance monitoring makes it the most suitable answer among the provided choices.