- All Exams Instant Download
What are two ways to achieve this goal?
You have a Microsoft Sentinel workspace. You need to prevent a built-in Advance Security information Model (ASIM) parse from being updated automatically. What are two ways to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.A . Redeploy the built-in parse...
Which three actions should you perform?
You are investigating a potential attack that deploys a new ransomware strain. You plan to perform automated actions on a group of highly valuable machines that contain sensitive information. You have three custom device groups. You need to be able to temporarily group the machines to perform actions on the...
Which two actions should you perform?
You have the following environment: ✑ Azure Sentinel ✑ A Microsoft 365 subscription ✑ Microsoft Defender for Identity ✑ An Azure Active Directory (Azure AD) tenant You configure Azure Sentinel to collect security logs from all the Active Directory member servers and domain controllers. You deploy Microsoft Defender for Identity...
What should you do when you create the rule?
You need to create the test rule to meet the Azure Sentinel requirements. What should you do when you create the rule?A . From Set rule logic, turn off suppression. B. From Analytics rule details, configure the tactics. C. From Set rule logic, map the entities. D. From Analytics rule...
What should you include in the recommendation?
You need to recommend a solution to meet the technical requirements for the Azure virtual machines. What should you include in the recommendation?A . just-in-time (JIT) access B. Azure Defender C. Azure Firewall D. Azure Application GatewayView AnswerAnswer: B Explanation: Reference: https://docs.microsoft.com/en-us/azure/security-center/azure-defender
What should you include in the solution?
HOTSPOT You need to implement Azure Sentinel queries for Contoso and Fabrikam to meet the technical requirements. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer:
Which data connector type should you use for each workload?
HOTSPOT You deploy Azure Sentinel. You need to implement connectors in Azure Sentinel to monitor Microsoft Teams and Linux virtual machines in Azure. The solution must minimize administrative effort. Which data connector type should you use for each workload? To answer, select the appropriate options in the answer area. NOTE:...
What should you do?
HOTSPOT You need to configure the Azure Sentinel integration to meet the Azure Sentinel requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer: Explanation: Graphical user interface, text, application Description automatically generated
What should you use?
A company uses Azure Sentinel. You need to create an automated threat response. What should you use?A . a data connector B. a playbook C. a workbook D. a Microsoft incident creation ruleView AnswerAnswer: B Explanation: Reference: https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook
Which three actions should you perform in sequence?
DRAG DROP You need to use an Azure Sentinel analytics rule to search for specific criteria in Amazon Web Services (AWS) logs and to generate incidents. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and...
