What should you do?
You recently deployed Azure Sentinel. You discover that the default Fusion rule does not generate any alerts. You verify that the rule is enabled. You need to ensure that the Fusion rule can generate alerts. What should you do?A . Disable, and then enable the rule.B . Add data connectorsC...
How should you complete the query?
HOTSPOT You are informed of an increase in malicious email being received by users. You need to create an advanced hunting query in Microsoft 365 Defender to identify whether the accounts of the email recipients were compromised. The query must return the most recent 20 sign-ins performed by the recipients...
Which role should you assign to Group1?
You need to ensure that the Group1 members can meet the Microsoft Sentinel requirements. Which role should you assign to Group1?A . Microsoft Sentinel Automation ContributorB . Logic App ContributorC . Automation OperatorD . Microsoft Sentinel Playbook OperatorView AnswerAnswer: D
Which two roles should assign to the analyst?
Your company deploys the following services: ✑ Microsoft Defender for Identity ✑ Microsoft Defender for Endpoint ✑ Microsoft Defender for Office 365 You need to provide a security analyst with the ability to use the Microsoft 365 security center. The analyst must be able to approve and reject pending actions...
Which two actions should you perform?
You use Azure Defender. You have an Azure Storage account that contains sensitive information. You need to run a PowerShell script if someone accesses the storage account from a suspicious IP address. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection...
Where should you enable Azure Defender?
You have an Azure subscription that contains a Log Analytics workspace. You need to enable just-in-time (JIT) VM access and network detections for Azure resources. Where should you enable Azure Defender?A . at the subscription levelB . at the workspace levelC . at the resource levelView AnswerAnswer: A Explanation: Reference:...
How should you configure the query?
HOTSPOT You need to implement the ASIM query for DNS requests. The solution must meet the Microsoft Sentinel requirements. How should you configure the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer:
Which three actions should you perform in sequence?
DRAG DROP You have an Azure Sentinel deployment. You need to query for all suspicious credential access activities. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. View AnswerAnswer:...
Which four actions should you perform in sequence?
DRAG DROP You open the Cloud App Security portal as shown in the following exhibit. You need to remediate the risk for the Launchpad app. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange...
Which role should you assign to SecAdmin1?
You have a Microsoft 365 subscription that uses Azure Defender. You have 100 virtual machines in a resource group named RG1. You assign the Security Admin roles to a new user named SecAdmin1. You need to ensure that SecAdmin1 can apply quick fixes to the virtual machines by using Azure...