How should you complete the query?
HOTSPOT You are informed of an increase in malicious email being received by users. You need to create an advanced hunting query in Microsoft 365 Defender to identify whether the accounts of the email recipients were compromised. The query must return the most recent 20 sign-ins performed by the recipients...
Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you...
What should you include in the recommendation?
You need to recommend a solution to meet the technical requirements for the Azure virtual machines. What should you include in the recommendation?A . just-in-time (JIT) accessB . Azure DefenderC . Azure FirewallD . Azure Application GatewayView AnswerAnswer: B Explanation: Reference: https://docs.microsoft.com/en-us/azure/security-center/azure-defender
Which policy should you modify?
You need to modify the anomaly detection policy settings to meet the Microsoft Defender for Cloud Apps requirements and resolve the reported problem. Which policy should you modify?A . Activity from suspicious IP addressesB . Risky sign-inC . Activity from anonymous IP addressesD . Impossible travelView AnswerAnswer: D
Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you...
What should you include in the solution?
You need to remediate active attacks to meet the technical requirements. What should you include in the solution?A . Azure Automation runbooksB . Azure Logic AppsC . Azure Functions D Azure Sentinel livestreamsView AnswerAnswer: B Explanation: Reference: https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks
What should you do first?
You receive an alert from Azure Defender for Key Vault. You discover that the alert is generated from multiple suspicious IP addresses. You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must...
How should you complete the portion of the template that will provision the required Azure resources?
HOTSPOT You need to use an Azure Resource Manager template to create a workflow automation that will trigger an automatic remediation when specific security alerts are received by Azure Security Center. How should you complete the portion of the template that will provision the required Azure resources? To answer, select...
What should you do?
You create an Azure subscription named sub1. In sub1, you create a Log Analytics workspace named workspace1. You enable Azure Security Center and configure Security Center to use workspace1. You need to ensure that Security Center processes events from the Azure virtual machines that report to workspace1. What should you...
Which three actions should you perform?
You are investigating a potential attack that deploys a new ransomware strain. You plan to perform automated actions on a group of highly valuable machines that contain sensitive information. You have three custom device groups. You need to be able to temporarily group the machines to perform actions on the...