- All Exams Instant Download
What should you include in the query?
You plan to create a custom Azure Sentinel query that will track anomalous Azure Active Directory (Azure AD) sign-in activity and present the activity as a time chart aggregated by day. You need to create a query that will be used to display the time chart. What should you include...
Which role should you assign to the analyst?
Your company uses Azure Sentinel. A new security analyst reports that she cannot assign and dismiss incidents in Azure Sentinel. You need to resolve the issue for the analyst. The solution must use the principle of least privilege. Which role should you assign to the analyst?A . Azure Sentinel ResponderB...
Which three actions should you perform in sequence?
DRAG DROP You are informed of a new common vulnerabilities and exposures (CVE) vulnerability that affects your environment. You need to use Microsoft Defender Security Center to request remediation from the team responsible for the affected systems if there is a documented active exploit available. Which three actions should you...
Which two commands can you run to achieve the goal?
Your company uses line-of-business apps that contain Microsoft Office VBA macros. You plan to enable protection against downloading and running additional payloads from the Office VBA macros as additional child processes. You need to identify which Office VBA macros might be affected. Which two commands can you run to achieve...
From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown in the following exhibit
HOTSPOT From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. View AnswerAnswer:...
What should you do?
HOTSPOT You need to monitor the password resets. The solution must meet the Microsoft Sentinel requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer:
What should you do?
You need to ensure that the configuration of HuntingQuery1 meets the Microsoft Sentinel requirements. What should you do?A . Add HuntingQuery1 to a livestream.B . Create a watch list.C . Create an Azure Automation rule.D . Add HuntingQuery1 to favorites.View AnswerAnswer: D
Which two configurations should you modify?
You need to restrict cloud apps running on CUENT1 to meet the Microsoft Defender for Endpoint requirements. Which two configurations should you modify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.A . the Cloud Discovery settings in Microsoft Defender for Cloud AppsB...
What should you do?
You use Azure Security Center. You receive a security alert in Security Center. You need to view recommendations to resolve the alert in Security Center. What should you do?A . From Security alerts, select the alert, select Take Action, and then expand the Prevent future attacks section.B . From Security...
How should you complete the query?
HOTSPOT You have a Microsoft 365 E5 subscription that uses Microsoft Defender and an Azure subscription that uses Azure Sentinel. You need to identify all the devices that contain files in emails sent by a known malicious email sender. The query will be based on the match of the SHA256...
