Which two actions should you perform in the Cloud App Security portal?
You need to configure Microsoft Cloud App Security to generate alerts and trigger remediation actions in response to external sharing of confidential files. Which two actions should you perform in the Cloud App Security portal? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one...
Which role should you assign for each task?
DRAG DROP Your company deploys Azure Sentinel. You plan to delegate the administration of Azure Sentinel to various groups. You need to delegate the following tasks: ✑ Create and run playbooks ✑ Create workbooks and analytic rules. The solution must use the principle of least privilege. Which role should you...
What should you do first?
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You have a virtual machine that runs Windows 10 and has the Log Analytics agent installed. You need to simulate an attack on the virtual machine that will generate an alert. What should you do first?A . Run...
Which three actions should you perform in sequence?
DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test...
Which three actions should you perform in sequence?
DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test...
What should you do?
You create an Azure subscription named sub1. In sub1, you create a Log Analytics workspace named workspace1. You enable Azure Security Center and configure Security Center to use workspace1. You need to ensure that Security Center processes events from the Azure virtual machines that report to workspace1. What should you...
Which Azure Security Center role should you use for each requirement?
Topic 3, Misc. Questions DRAG DROP You have an Azure subscription. You need to delegate permissions to meet the following requirements: ✑ Enable and disable Azure Defender. ✑ Apply security recommendations to resource. The solution must use the principle of least privilege. Which Azure Security Center role should you use...
Which three actions should you perform in sequence in the Azure portal?
DRAG DROP You have a Microsoft Sentinel workspace named workspace1 and an Azure virtual machine named VM1. You receive an alert for suspicious use of PowerShell on VM1. You need to investigate the incident, identify which event triggered the alert, and identify whether the following actions occurred on VM1 after...
Which three actions should you perform in sequence?
Topic 2, Litware inc. Case study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to...
How should you complete the query?
HOTSPOT You need to create a query for a workbook. The query must meet the following requirements: ✑ List all incidents by incident number. ✑ Only include the most recent log for each incident. How should you complete the query? To answer, select the appropriate options in the answer area....