- All Exams Instant Download
Which three actions should you perform in sequence?
DRAG DROP You have an Azure Sentinel deployment. You need to query for all suspicious credential access activities. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. View AnswerAnswer:...
Which data connector type should you use for each workload?
HOTSPOT You deploy Azure Sentinel. You need to implement connectors in Azure Sentinel to monitor Microsoft Teams and Linux virtual machines in Azure. The solution must minimize administrative effort. Which data connector type should you use for each workload? To answer, select the appropriate options in the answer area. NOTE:...
What should you do to provide the alerts to the administrator?
You are investigating an incident in Azure Sentinel that contains more than 127 alerts. You discover eight alerts in the incident that require further investigation. You need to escalate the alerts to another Azure Sentinel administrator. What should you do to provide the alerts to the administrator?A . Create a...
The issue for which team can be resolved by using Microsoft Defender for Endpoint?
Topic 1, Contoso Ltd Case study Overview This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time...
Which role should you assign?
You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure Sentinel requirements and the business requirements. Which role should you assign?A . Automation OperatorB . Automation Runbook OperatorC . Azure Sentinel ContributorD . Logic App ContributorView AnswerAnswer: C Explanation: Reference: https://docs.microsoft.com/en-us/azure/sentinel/roles
Which indicator type should you use?
You receive a security bulletin about a potential attack that uses an image file. You need to create an indicator of compromise (IoC) in Microsoft Defender for Endpoint to prevent the attack. Which indicator type should you use?A . a URL/domain indicator that has Action set to Alert onlyB ....
What should you do when you create the rule?
You need to create the test rule to meet the Azure Sentinel requirements. What should you do when you create the rule?A . From Set rule logic, turn off suppression.B . From Analytics rule details, configure the tactics.C . From Set rule logic, map the entities.D . From Analytics rule...
Which two Bash commands should you run on the virtual machine?
You provision a Linux virtual machine in a new Azure subscription. You enable Azure Defender and onboard the virtual machine to Azure Defender. You need to verify that an attack on the virtual machine triggers an alert in Azure Defender. Which two Bash commands should you run on the virtual...
What should you create first?
Topic 3, Adatum Corporation Overview Adatum Corporation is a United States-based financial services company that has regional offices in New York, Chicago, and San Francisco. The on-premises network contains an Active Directory Domain Services (AD DS) forest named corp.adatum.com that syncs with an Azure AD tenant named adatum.com. All user...
Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you...
