- All Exams Instant Download
How should you complete the query?
HOTSPOT You have a Microsoft 365 E5 subscription. You plan to perform cross-domain investigations by using Microsoft 365 Defender. You need to create an advanced hunting query to identify devices affected by a malicious email attachment. How should you complete the query? To answer, select the appropriate options in the...
What should you use to detect which documents are sensitive?
You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365. You have Microsoft SharePoint Online sites that contain sensitive documents. The documents contain customer account numbers that each consists of 32 alphanumeric characters. You need to create a data loss prevention (DLP) policy to protect the sensitive...
The issue for which team can be resolved by using Microsoft Defender for Endpoint?
Topic 1, Contoso Ltd Case study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to...
Where can you find the column name to complete the where clause?
You need to complete the query for failed sign-ins to meet the technical requirements. Where can you find the column name to complete the where clause?A . Security alerts in Azure Security CenterB . Activity log in AzureC . Azure AdvisorD . the query windows of the Log Analytics workspaceView...
How should you complete the query?
HOTSPOT You need to create an advanced hunting query to investigate the executive team issue. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer:
Which role should you assign?
You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure Sentinel requirements and the business requirements. Which role should you assign?A . Automation OperatorB . Automation Runbook OperatorC . Azure Sentinel ContributorD . Logic App ContributorView AnswerAnswer: C Explanation: Reference: https://docs.microsoft.com/en-us/azure/sentinel/roles
Which three actions should you perform in sequence?
DRAG DROP You need to add notes to the events to meet the Azure Sentinel requirements. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of action to the answer area and arrange them in the correct order. View AnswerAnswer: Explanation: Graphical...
Which three actions should you perform in sequence?
DRAG DROP You plan to connect an external solution that will send Common Event Format (CEF) messages to Azure Sentinel. You need to deploy the log forwarder. Which three actions should you perform in sequence? To answer, move the appropriate actions form the list of actions to the answer area...
What should you include in the recommendation?
You need to recommend a solution to meet the technical requirements for the Azure virtual machines. What should you include in the recommendation?A . just-in-time (JIT) accessB . Azure DefenderC . Azure FirewallD . Azure Application GatewayView AnswerAnswer: B Explanation: Reference: https://docs.microsoft.com/en-us/azure/security-center/azure-defender
What should you recommend for each threat?
HOTSPOT You need to recommend remediation actions for the Azure Defender alerts for Fabrikam. What should you recommend for each threat? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer:
