Which indicator type should you use?
You receive a security bulletin about a potential attack that uses an image file. You need to create an indicator of compromise (IoC) in Microsoft Defender for Endpoint to prevent the attack. Which indicator type should you use?A . a URL/domain indicator that has Action set to Alert only B....
What should you use?
You have a Microsoft 365 E5 subscription that is linked to a hybrid Azure AD tenant. You need to identify all the changes made to Domain Admins group during the past 30 days. What should you use?A . the Azure Active Directory Provisioning Analysis workbook B. the Overview settings of...
Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you...
Which two Bash commands should you run on the virtual machine?
You provision a Linux virtual machine in a new Azure subscription. You enable Azure Defender and onboard the virtual machine to Azure Defender. You need to verify that an attack on the virtual machine triggers an alert in Azure Defender. Which two Bash commands should you run on the virtual...
What should you include in the solution?
You need to remediate active attacks to meet the technical requirements. What should you include in the solution?A . Azure Automation runbooks B. Azure Logic Apps C. Azure Functions D Azure Sentinel livestreamsView AnswerAnswer: B Explanation: Reference: https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks
Where should you enable Azure Defender?
You have an Azure subscription that contains a Log Analytics workspace. You need to enable just-in-time (JIT) VM access and network detections for Azure resources. Where should you enable Azure Defender?A . at the subscription level B. at the workspace level C. at the resource levelView AnswerAnswer: A Explanation: Reference:...
What should you do to route events to the SIEM solution?
You have a third-party security information and event management (SIEM) solution. You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD) sign-events in near real time. What should you do to route events to the SIEM solution?A . Create an Azure Sentinel workspace...
How should you complete the query?
HOTSPOT You have a Microsoft 365 E5 subscription. You plan to perform cross-domain investigations by using Microsoft 365 Defender. You need to create an advanced hunting query to identify devices affected by a malicious email attachment. How should you complete the query? To answer, select the appropriate options in the...
Which three actions should you perform in sequence?
DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test...