Topic 1: Contoso Ltd
You need to complete the query for failed sign-ins to meet the technical requirements.
Where can you find the column name to complete the where clause?
A.
Security alerts in Azure Security Center
B.
Activity log in Azure
C.
Azure Advisor
D.
the query windows of the Log Analytics workspace
the query windows of the Log Analytics workspace
The issue for which team can be resolved by using Microsoft Defender for Office 365?
A.
executive
B.
marketing
C.
security
D.
sales
marketing
You need to remediate active attacks to meet the technical requirements.
What should you include in the solution?
A.
Azure Automation runbooks
B.
Azure Logic Apps
C.
Azure Functions
D.
Azure Sentinel livestreams
Azure Logic Apps
The issue for which team can be resolved by using Microsoft Defender for Endpoint?
A.
executive
B.
sales
C.
marketing
sales
You need to recommend a solution to meet the technical requirements for the Azure virtual
machines. What should you include in the recommendation?
A.
just-in-time (JIT) access
B.
Azure Defender
C.
Azure Firewall
D.
Azure Application Gateway
Azure Defender
You need to implement the Azure Information Protection requirements. What should you
configure first?
A.
Device health and compliance reports settings in Microsoft Defender Security Center
B.
scanner clusters in Azure Information Protection from the Azure portal
C.
content scan jobs in Azure Information Protection from the Azure portal
D.
Advanced features from Settings in Microsoft Defender Security Center
Advanced features from Settings in Microsoft Defender Security Center
You need to create the test rule to meet the Azure Sentinel requirements. What should you
do when you create the rule?
A.
From Set rule logic, turn off suppression
B.
From Analytics rule details, configure the tactics.
C.
From Set rule logic, map the entities
D.
From Analytics rule details, configure the severity.
From Set rule logic, map the entities
You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for
Endpoint requirements.
Which two configurations should you modify? Each correct answer present part of the
solution.
NOTE: Each correct selection is worth one point.
A.
the Onboarding settings from Device management in Microsoft Defender Security
Center
B.
Cloud App Security anomaly detection policies
C.
Advanced features from Settings in Microsoft Defender Security Center
D.
the Cloud Discovery settings in Cloud App Security
Advanced features from Settings in Microsoft Defender Security Center
the Cloud Discovery settings in Cloud App Security
All Cloud App Security unsanctioned apps must be blocked on the Windows 10 computers
by using Microsoft Defender for Endpoint.
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/mde-govern
You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure
Sentinel requirements and the business requirements.
Which role should you assign?
A.
Automation Operator
B.
Automation Runbook Operator
C.
Azure Sentinel Contributor
D.
Logic App Contributor
Azure Sentinel Contributor
You need to modify the anomaly detection policy settings to meet the Cloud App Security
requirements. Which policy should you modify?
A.
Activity from suspicious IP addresses
B.
Activity from anonymous IP addresses
C.
Impossible travel
D.
Risky sign-in
Impossible travel