- All Exams Instant Download
Which indicator type should you use?
You receive a security bulletin about a potential attack that uses an image file. You need to create an indicator of compromise (IoC) in Microsoft Defender for Endpoint to prevent the attack. Which indicator type should you use?A . a URL/domain indicator that has Action set to Alert onlyB ....
Where can you find the column name to complete the where clause?
You need to complete the query for failed sign-ins to meet the technical requirements. Where can you find the column name to complete the where clause?A . Security alerts in Azure Security CenterB . Activity log in AzureC . Azure AdvisorD . the query windows of the Log Analytics workspaceView...
What should you include in the solution?
HOTSPOT You need to implement Azure Defender to meet the Azure Defender requirements and the business requirements. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer:
From where can you run the test in Azure Sentinel?
You have an Azure Sentinel workspace. You need to test a playbook manually in the Azure portal. From where can you run the test in Azure Sentinel?A . PlaybooksB . AnalyticsC . Threat intelligenceD . IncidentsView AnswerAnswer: D Explanation: Reference: https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook#run-a-playbook-on-demand
You use Azure Sentinel to monitor irregular Azure activity
HOTSPOT You use Azure Sentinel to monitor irregular Azure activity. You create custom analytics rules to detect threats as shown in the following exhibit. You do NOT define any incident settings as part of the rule definition. Use the drop-down menus to select the answer choice that completes each statement...
What should you do?
You need to ensure that the configuration of HuntingQuery1 meets the Microsoft Sentinel requirements. What should you do?A . Add HuntingQuery1 to a livestream.B . Create a watch list.C . Create an Azure Automation rule.D . Add HuntingQuery1 to favorites.View AnswerAnswer: D
From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown in the following exhibit
HOTSPOT From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. View AnswerAnswer:...
Which three actions should you perform?
You are investigating a potential attack that deploys a new ransomware strain. You plan to perform automated actions on a group of highly valuable machines that contain sensitive information. You have three custom device groups. You need to be able to temporarily group the machines to perform actions on the...
How should you complete the query?
HOTSPOT You need to implement the Microsoft Sentinel NRT rule for monitoring the designated break glass account. The solution must meet the Microsoft Sentinel requirements. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View...
What should you do?
HOTSPOT You need to configure the Microsoft Sentinel integration to meet the Microsoft Sentinel requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer:
