- All Exams Instant Download
What should you include in the solution?
HOTSPOT You need to implement Azure Defender to meet the Azure Defender requirements and the business requirements. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer:
What should you use?
A company uses Azure Sentinel. You need to create an automated threat response. What should you use?A . a data connectorB . a playbookC . a workbookD . a Microsoft incident creation ruleView AnswerAnswer: B Explanation: Reference: https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook
Which three actions should you perform?
Your company uses Microsoft Defender for Endpoint. The company has Microsoft Word documents that contain macros. The documents are used frequently on the devices of the company’s accounting team. You need to hide false positive in the Alerts queue, while maintaining the existing security posture. Which three actions should you...
What should you configure for Server2?
You need to implement the Defender for Cloud requirements. What should you configure for Server2?A . the Microsoft Antimalware extensionB . an Azure resource lockC . an Azure resource tagD . the Azure Automanage machine configuration extension for WindowsView AnswerAnswer: D
What should you create first?
You need to ensure that the processing of incidents generated by rulequery1 meets the Microsoft Sentinel requirements. What should you create first?A . a playbook with an incident triggerB . a playbook with an entity triggerC . an Azure Automation ruleD . a playbook with an alert triggerView AnswerAnswer: A
Which three actions should you perform in sequence?
DRAG DROP You have an Azure Sentinel deployment. You need to query for all suspicious credential access activities. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. View AnswerAnswer:...
Which data connector type should you use for each workload?
HOTSPOT You deploy Azure Sentinel. You need to implement connectors in Azure Sentinel to monitor Microsoft Teams and Linux virtual machines in Azure. The solution must minimize administrative effort. Which data connector type should you use for each workload? To answer, select the appropriate options in the answer area. NOTE:...
What should you do to provide the alerts to the administrator?
You are investigating an incident in Azure Sentinel that contains more than 127 alerts. You discover eight alerts in the incident that require further investigation. You need to escalate the alerts to another Azure Sentinel administrator. What should you do to provide the alerts to the administrator?A . Create a...
The issue for which team can be resolved by using Microsoft Defender for Endpoint?
Topic 1, Contoso Ltd Case study Overview This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time...
Which role should you assign?
You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure Sentinel requirements and the business requirements. Which role should you assign?A . Automation OperatorB . Automation Runbook OperatorC . Azure Sentinel ContributorD . Logic App ContributorView AnswerAnswer: C Explanation: Reference: https://docs.microsoft.com/en-us/azure/sentinel/roles
