Which three actions should you perform in sequence?
DRAG DROP You need to add notes to the events to meet the Azure Sentinel requirements. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of action to the answer area and arrange them in the correct order. View AnswerAnswer: Explanation: Reference:...
What should you include in the solution?
HOTSPOT You need to implement Azure Defender to meet the Azure Defender requirements and the business requirements. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer:
Which role should you assign to the analyst?
Your company uses Azure Sentinel. A new security analyst reports that she cannot assign and dismiss incidents in Azure Sentinel. You need to resolve the issue for the analyst. The solution must use the principle of least privilege. Which role should you assign to the analyst?A . Azure Sentinel ResponderB...
What should you do?
HOTSPOT You have an Azure subscription that has Azure Defender enabled for all supported resource types. You create an Azure logic app named LA1. You plan to use LA1 to automatically remediate security risks detected in Azure Security Center. View the window. You need to test LA1 in Security Center....
What should you configure in the Safe Attachments policies?
You implement Safe Attachments policies in Microsoft Defender for Office 365. Users report that email messages containing attachments take longer than expected to be received. You need to reduce the amount of time it takes to deliver messages that contain attachments without compromising security. The attachments must be scanned for...
Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you...
How should you complete the query?
HOTSPOT You need to implement the Microsoft Sentinel NRT rule for monitoring the designated break glass account. The solution must meet the Microsoft Sentinel requirements. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View...
You manage the security posture of an Azure subscription that contains two virtual machines name vm1 and vm2
HOTSPOT You manage the security posture of an Azure subscription that contains two virtual machines name vm1 and vm2. The secure score in Azure Security Center is shown in the Security Center exhibit. (Click the Security Center tab.) Azure Policy assignments are configured as shown in the Policies exhibit. (Click...
What should you do first?
You receive an alert from Azure Defender for Key Vault. You discover that the alert is generated from multiple suspicious IP addresses. You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must...
What should you do?
You need to ensure that the configuration of HuntingQuery1 meets the Microsoft Sentinel requirements. What should you do?A . Add HuntingQuery1 to a livestream.B . Create a watch list.C . Create an Azure Automation rule.D . Add HuntingQuery1 to favorites.View AnswerAnswer: D