What should you do?
HOTSPOT You need to configure the Azure Sentinel integration to meet the Azure Sentinel requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer: Explanation: Reference: https://docs.microsoft.com/en-us/cloud-app-security/siem-sentinel
From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown in the following exhibit
HOTSPOT From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. View AnswerAnswer:...
Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you...
What should you do?
You have a playbook in Azure Sentinel. When you trigger the playbook, it sends an email to a distribution group. You need to modify the playbook to send the email to the owner of the resource instead of the distribution group. What should you do?A . Add a parameter and...
What should you include in the solution?
HOTSPOT You need to implement Azure Sentinel queries for Contoso and Fabrikam to meet the technical requirements. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer: Explanation: Reference: https://docs.microsoft.com/en-us/azure/sentinel/extend-sentinel-across-workspaces-tenants
What should you configure in Security Center to enable the email notifications?
Your company uses Azure Security Center and Azure Defender. The security operations team at the company informs you that it does NOT receive email notifications for security alerts. What should you configure in Security Center to enable the email notifications?A . Security solutionsB . Security policyC . Pricing & settingsD...
Which three actions should you perform?
Your company uses Microsoft Defender for Endpoint. The company has Microsoft Word documents that contain macros. The documents are used frequently on the devices of the company’s accounting team. You need to hide false positive in the Alerts queue, while maintaining the existing security posture. Which three actions should you...
Which anomaly detection policy should you use?
You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in. Which anomaly detection policy should you use?A . Impossible travelB . Activity from anonymous IP addressesC . Activity from...
How should you complete the query?
HOTSPOT You need to create an advanced hunting query to investigate the executive team issue. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer:
In which order should you perform the actions?
DRAG DROP You have resources in Azure and Google cloud. You need to ingest Google Cloud Platform (GCP) data into Azure Defender. In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct...