- All Exams Instant Download
What should you include in the recommendation?
Your company uses Azure Sentinel to manage alerts from more than 10,000 IoT devices. A security manager at the company reports that tracking security threats is increasingly difficult due to the large number of incidents. You need to recommend a solution to provide a custom visualization to simplify the investigation...
Which three actions should you perform in sequence?
DRAG DROP You plan to connect an external solution that will send Common Event Format (CEF) messages to Azure Sentinel. You need to deploy the log forwarder. Which three actions should you perform in sequence? To answer, move the appropriate actions form the list of actions to the answer area...
Which subscription-level role should you assign to Group1?
You need to implement the Defender for Cloud requirements. Which subscription-level role should you assign to Group1?A . Security AdminB . OwnerC . Security Assessment ContributorD . ContributorView AnswerAnswer: B
Which rule setting should you configure to meet the Microsoft Sentinel requirements?
Which rule setting should you configure to meet the Microsoft Sentinel requirements?A . From Set rule logic, turn off suppression.B . From Analytic rule details, configure the tactics.C . From Set rule logic, map the entities.D . From Analytic rule details, configure the severity.View AnswerAnswer: C
What should you include in the solution?
HOTSPOT You need to implement Azure Sentinel queries for Contoso and Fabrikam to meet the technical requirements. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer: Explanation: Reference: https://docs.microsoft.com/en-us/azure/sentinel/extend-sentinel-across-workspaces-tenants
Which role should you assign?
You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure Sentinel requirements and the business requirements. Which role should you assign?A . Automation OperatorB . Automation Runbook OperatorC . Azure Sentinel ContributorD . Logic App ContributorView AnswerAnswer: C Explanation: Reference: https://docs.microsoft.com/en-us/azure/sentinel/roles
Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you...
How should you complete the query?
HOTSPOT You have a Microsoft 365 E5 subscription that uses Microsoft Defender and an Azure subscription that uses Azure Sentinel. You need to identify all the devices that contain files in emails sent by a known malicious email sender. The query will be based on the match of the SHA256...
What should you include in the solution?
You need to remediate active attacks to meet the technical requirements. What should you include in the solution?A . Azure Automation runbooksB . Azure Logic AppsC . Azure Functions D Azure Sentinel livestreamsView AnswerAnswer: B Explanation: Reference: https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks
How should you complete the query?
HOTSPOT You have a Microsoft 365 E5 subscription. You plan to perform cross-domain investigations by using Microsoft 365 Defender. You need to create an advanced hunting query to identify devices affected by a malicious email attachment. How should you complete the query? To answer, select the appropriate options in the...
