Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you...
Which role should you assign for each task?
DRAG DROP Your company deploys Azure Sentinel. You plan to delegate the administration of Azure Sentinel to various groups. You need to delegate the following tasks: ✑ Create and run playbooks ✑ Create workbooks and analytic rules. The solution must use the principle of least privilege. Which role should you...
What should you create in Workspace1?
You have a Microsoft Sentinel workspace named Workspaces You need to exclude a built-in. source-specific Advanced Security Information Model (ASIM) parser from a built-in unified ASIM parser. What should you create in Workspace1?A . a workbook B. a hunting query C. a watchlist D. an analytic ruleView AnswerAnswer: D Explanation:...
What are two ways to achieve this goal?
You have a Microsoft Sentinel workspace. You need to prevent a built-in Advance Security information Model (ASIM) parse from being updated automatically. What are two ways to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.A . Redeploy the built-in parse...
Which four actions should you perform in sequence?
DRAG DROP You open the Cloud App Security portal as shown in the following exhibit. You need to remediate the risk for the Launchpad app. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange...
What should you include in the recommendation?
You need to recommend a solution to meet the technical requirements for the Azure virtual machines. What should you include in the recommendation?A . just-in-time (JIT) access B. Azure Defender C. Azure Firewall D. Azure Application GatewayView AnswerAnswer: B Explanation: Reference: https://docs.microsoft.com/en-us/azure/security-center/azure-defender
What should you do when you create the rule?
You need to create the test rule to meet the Azure Sentinel requirements. What should you do when you create the rule?A . From Set rule logic, turn off suppression. B. From Analytics rule details, configure the tactics. C. From Set rule logic, map the entities. D. From Analytics rule...
Which two actions should you perform?
You have the following advanced hunting query in Microsoft 365 Defender. You need to receive an alert when any process disables System Restore on a device managed by Microsoft Defender during the last 24 hours. Which two actions should you perform? Each correct answer presents part of the solution. NOTE:...
What should you include in the solution?
HOTSPOT You need to implement Azure Defender to meet the Azure Defender requirements and the business requirements. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer: Explanation: Graphical user interface, application Description...
Which policy should you modify?
You need to modify the anomaly detection policy settings to meet the Cloud App Security requirements. Which policy should you modify?A . Activity from suspicious IP addresses B. Activity from anonymous IP addresses C. Impossible travel D. Risky sign-inView AnswerAnswer: C Explanation: Reference: https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy