What should you do?
HOTSPOT You have an Azure subscription that has Azure Defender enabled for all supported resource types. You create an Azure logic app named LA1. You plan to use LA1 to automatically remediate security risks detected in Azure Security Center. You need to test LA1 in Security Center. What should you...
What should you recommend for each threat?
HOTSPOT You need to recommend remediation actions for the Azure Defender alerts for Fabrikam. What should you recommend for each threat? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer:
Which four actions should you perform in sequence?
Topic 2, Litware inc. Case study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to...
What should you do?
HOTSPOT You have an Azure subscription that has Azure Defender enabled for all supported resource types. You create an Azure logic app named LA1. You plan to use LA1 to automatically remediate security risks detected in Defenders for Cloud. You need to test LA1 in Defender for Cloud. What should...
How should you complete the query?
HOTSPOT You need to create an advanced hunting query to investigate the executive team issue. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer:
From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown in the following exhibit
HOTSPOT From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. View AnswerAnswer:...
Which anomaly detection policy should you use?
Topic 3, Misc. Questions You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in. Which anomaly detection policy should you use?A . Impossible travel B. Activity from anonymous IP...
To which service should you export the alerts?
You have an Azure subscription that has Azure Defender enabled for all supported resource types. You need to configure the continuous export of high-severity alerts to enable their retrieval from a third-party security information and event management (SIEM) solution. To which service should you export the alerts?A . Azure Cosmos...
How should you complete the query?
HOTSPOT You have a Microsoft 365 E5 subscription that uses Microsoft Defender and an Azure subscription that uses Azure Sentinel. You need to identify all the devices that contain files in emails sent by a known malicious email sender. The query will be based on the match of the SHA256...
What should you do?
You have an Azure subscription that uses Microsoft Sentinel. You detect a new threat by using a hunting query. You need to ensure that Microsoft Sentinel automatically detects the threat. The solution must minimize administrative effort. What should you do?A . Create a playbook. B. Create a watchlist. C. Create...