- All Exams Instant Download
Which role should you assign?
You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure Sentinel requirements and the business requirements. Which role should you assign?A . Automation Operator B. Automation Runbook Operator C. Azure Sentinel Contributor D. Logic App ContributorView AnswerAnswer: C Explanation: Reference: https://docs.microsoft.com/en-us/azure/sentinel/roles
Which three actions should you perform in sequence?
DRAG DROP You need to add notes to the events to meet the Azure Sentinel requirements. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of action to the answer area and arrange them in the correct order. View AnswerAnswer: Explanation: Graphical...
Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you...
What should you use?
You have an Azure subscription that contains a user named User1. User1 is assigned an Azure Active Directory Premium Plan 2 license You need to identify whether the identity of User1 was compromised during the last 90 days. What should you use?A . the risk detections report B. the risky...
What should you use?
You have a Microsoft 365 E5 subscription that is linked to a hybrid Azure AD tenant. You need to identify all the changes made to Domain Admins group during the past 30 days. What should you use?A . the Azure Active Directory Provisioning Analysis workbook B. the Overview settings of...
Which severity should you use?
You have an Azure subscription that uses Microsoft Defender for Cloud. You need to filter the security alerts view to show the following alerts: • Unusual user accessed a key vault • Log on from an unusual location • Impossible travel activity Which severity should you use?A . Informational B....
Which two actions should you perform in Azure Sentinel?
Topic 3, Misc. Questions You are configuring Azure Sentinel. You need to send a Microsoft Teams message to a channel whenever an incident representing a sign-in risk event is activated in Azure Sentinel. Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution....
What should you do?
You have a Microsoft Sentinel workspace that contains the following incident. Brute force attack against Azure Portal analytics rule has been triggered. You need to identify the geolocation information that corresponds to the incident. What should you do?A . From Overview, review the Potential malicious events map. B. From Incidents,...
Which two configurations should you modify?
You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for Endpoint requirements. Which two configurations should you modify? Each correct answer present part of the solution. NOTE: Each correct selection is worth one point.A . the Onboarding settings from Device management in Microsoft Defender Security...
What should you configure first?
You need to implement the Azure Information Protection requirements. What should you configure first?A . Device health and compliance reports settings in Microsoft Defender Security Center B. scanner clusters in Azure Information Protection from the Azure portal C. content scan jobs in Azure Information Protection from the Azure portal D....
