- All Exams Instant Download
Which three actions should you perform in sequence?
DRAG DROP You plan to connect an external solution that will send Common Event Format (CEF) messages to Azure Sentinel. You need to deploy the log forwarder. Which three actions should you perform in sequence? To answer, move the appropriate actions form the list of actions to the answer area...
What should you include in the recommendation?
You need to recommend a solution to meet the technical requirements for the Azure virtual machines. What should you include in the recommendation?A . just-in-time (JIT) accessB . Azure DefenderC . Azure FirewallD . Azure Application GatewayView AnswerAnswer: B Explanation: Reference: https://docs.microsoft.com/en-us/azure/security-center/azure-defender
What should you recommend for each threat?
HOTSPOT You need to recommend remediation actions for the Azure Defender alerts for Fabrikam. What should you recommend for each threat? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer:
What should you do?
HOTSPOT You need to create the analytics rule to meet the Azure Sentinel requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer:
What should you include in the solution?
You need to remediate active attacks to meet the technical requirements. What should you include in the solution?A . Azure Automation runbooksB . Azure Logic AppsC . Azure Functions D Azure Sentinel livestreamsView AnswerAnswer: B Explanation: Reference: https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks
What should you do when you create the rule?
You need to create the test rule to meet the Azure Sentinel requirements. What should you do when you create the rule?A . From Set rule logic, turn off suppression.B . From Analytics rule details, configure the tactics.C . From Set rule logic, map the entities.D . From Analytics rule...
What should you use?
You need to visualize Azure Sentinel data and enrich the data by using third-party data sources to identify indicators of compromise (IoC). What should you use?A . notebooks in Azure SentinelB . Microsoft Cloud App SecurityC . Azure MonitorD . hunting queries in Azure SentinelView AnswerAnswer: A Explanation: Reference: https://docs.microsoft.com/en-us/azure/sentinel/notebooks
Which three actions should you perform in sequence?
DRAG DROP You have an Azure Sentinel deployment. You need to query for all suspicious credential access activities. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. View AnswerAnswer:...
What should you configure first?
You need to implement the Azure Information Protection requirements. What should you configure first?A . Device health and compliance reports settings in Microsoft Defender Security CenterB . scanner clusters in Azure Information Protection from the Azure portalC . content scan jobs in Azure Information Protection from the Azure portalD ....
How should you complete the query?
DRAG DROP You are investigating an incident by using Microsoft 365 Defender. You need to create an advanced hunting query to detect failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE:...
