What should you create first?

You have an Azure subscription that contains an Azure logic app named app1 and a Microsoft Sentinel workspace that has an Azure AD connector. You need to ensure that app1 launches when Microsoft Sentinel detects an Azure AD-generated alert. What should you create first?A . a repository connection B. awatchlist...

April 23, 2023 No Comments READ MORE +

What should you do to provide the alerts to the administrator?

You are investigating an incident in Azure Sentinel that contains more than 127 alerts. You discover eight alerts in the incident that require further investigation. You need to escalate the alerts to another Azure Sentinel administrator. What should you do to provide the alerts to the administrator?A . Create a...

April 22, 2023 No Comments READ MORE +

What should you recommend for each threat?

HOTSPOT You need to recommend remediation actions for the Azure Defender alerts for Fabrikam. What should you recommend for each threat? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer:

April 22, 2023 No Comments READ MORE +

Which two actions should you perform?

You use Microsoft Sentinel. You need to receive an alert in near real-time whenever Azure Storage account keys are enumerated. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one pointA . Create a bookmark. B. Create an analytics...

April 22, 2023 No Comments READ MORE +

What should you create in Workspace1?

You have a Microsoft Sentinel workspace named Workspaces You need to exclude a built-in. source-specific Advanced Security Information Model (ASIM) parser from a built-in unified ASIM parser. What should you create in Workspace1?A . a workbook B. a hunting query C. a watchlist D. an analytic ruleView AnswerAnswer: D Explanation:...

April 22, 2023 No Comments READ MORE +

What should you include in the recommendation?

You need to recommend a solution to meet the technical requirements for the Azure virtual machines. What should you include in the recommendation?A . just-in-time (JIT) access B. Azure Defender C. Azure Firewall D. Azure Application GatewayView AnswerAnswer: B Explanation: Reference: https://docs.microsoft.com/en-us/azure/security-center/azure-defender

April 22, 2023 No Comments READ MORE +

Which Log Analytics table should you use?

You need to correlate data from the SecurityEvent Log Anarytks table to meet the Microsoft Sentinel requirements for using UEBA. Which Log Analytics table should you use? A. SentwlAuoNt B. AADRiskyUsers C. IdentityOirectoryEvents D. IdentityinfoView AnswerAnswer: C

April 21, 2023 No Comments READ MORE +

What should do?

You have a Microsoft Sentinel workspace. You receive multiple alerts for failed sign in attempts to an account. You identify that the alerts are false positives. You need to prevent additional failed sign-in alerts from being generated for the account. The solution must meet the following requirements. • Ensure that...

April 21, 2023 No Comments READ MORE +

Which two configurations should you modify?

Topic 2, Litware inc. Case study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to...

April 21, 2023 No Comments READ MORE +

The issue for which team can be resolved by using Microsoft Defender for Office 365?

The issue for which team can be resolved by using Microsoft Defender for Office 365?A . executive B. marketing C. security D. salesView AnswerAnswer: B Explanation: Reference: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/atp-for-spo-odb-and-teams? view=o365-worldwide

April 21, 2023 No Comments READ MORE +