You plan to create a Windows Server 2019 Azure virtual machine (VM) for processing sensitive data. Other applications and operating systems should not be able to access or view the sensitive data.
You need to decide which security feature to use and which type of Azure VM to create.
What should you use? Select correct placeholder values.
Feature to use: PLACEHOLDER 1
Azure virtual machine type to use PLACEHOLDER 2
You should use the secure enclave security feature. A secure enclave is a protected memory region that appears as a black box to the containing process and the other processes that are running on the machine. Enclaves are the perfect solution for processing sensitive data because you cannot view the data or code inside the enclave from the outside. Only the DC-series of Azure VMs supports secure enclave. The other Azure VM types do not support secure enclave.
You should not select Data Execution Prevention (DEP). DEP can be described as a set of hardware and software technologies that conduct additional memory checks to help to prevent malicious attacks.
You should not select Windows Defender Application Guard (WDAG). WDAG is a security tool built into Microsoft Edge that isolates browser sessions from the desktop in a VM to prevent any malicious activity from reaching the desktop.
You should not select Windows Defender Application Control (WDAC). WDAC can reduce security threats by limiting the applications that users are allowed to run and the code running in the System Core (kernel).