You create an Azure subscription.
You enable Microsoft Defender for Cloud for the subscription.
You need to use Defender for Cloud to protect on-premises computers.
What should you do on the on-premises computers?

A.

Configure the Hybrid Runbook Worker role

B.

Install the Connected Machine agent

C.

Install the Log Analytics agent

D.

Install the Dependency agent.

Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated
goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a
result, these questions will not appear in the review screen.
You are configuring Microsoft Defender for Identity integration with Active Directory.
From the Microsoft Defender for identity portal, you need to configure several accounts for
attackers to exploit.
Solution: You add each account as a Sensitive account.
Does this meet the goal?

A.

Yes

B.

No

Note: This question is part of a series of questions that present the same scenario. Each
question in the series contains a unique solution that might meet the stated goals. Some
question sets might have more than one correct solution, while others might not have a
correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result,
these questions will not appear in the review screen.
You are configuring Microsoft Defender for Identity integration with Active Directory.
From the Microsoft Defender for identity portal, you need to configure several accounts for
attackers to exploit. 
Solution: From Entity tags, you add the accounts as Honeytoken accounts.
Does this meet the goal?

A.

Yes

B.

No

You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.
You have Microsoft SharePoint Online sites that contain sensitive documents. The
documents contain customer account numbers that each consists of 32 alphanumeric
characters.
You need to create a data loss prevention (DLP) policy to protect the sensitive documents.
What should you use to detect which documents are sensitive?

A.

SharePoint search

B.

a hunting query in Microsoft 365 Defender

C.

Azure Information Protection

D.

RegEx pattern matching

Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated
goals. Some question sets might have more than one correct solution, while others
might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a
result, these questions will not appear in the review screen.
You have Linux virtual machines on Amazon Web Services (AWS).
You deploy Azure Defender and enable auto-provisioning.
You need to monitor the virtual machines by using Azure Defender.
Solution: You enable Azure Arc and onboard the virtual machines to Azure Arc.
Does this meet the goal?

A.

Yes

B.

No

Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated
goals. Some question sets might have more than one correct solution, while others
might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a
result, these questions will not appear in the review screen.
You are configuring Azure Sentinel.
You need to create an incident in Azure Sentinel when a sign-in to an Azure virtual
machine from a malicious IP address is detected.
Solution: You create a livestream from a query.
Does this meet the goal?

A.

Yes

B.

No

Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated
goals. Some question sets might have more than one correct solution, while others
might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a
result, these questions will not appear in the review screen.
You are configuring Azure Sentinel.
You need to create an incident in Azure Sentinel when a sign-in to an Azure virtual
machine from a malicious IP address is detected.
Solution: You create a hunting bookmark.
Does this meet the goal?

A.

Yes

B.

No

You have an Azure Sentinel deployment in the East US Azure region.
You create a Log Analytics workspace named LogsWest in the West US Azure region.
You need to ensure that you can use scheduled analytics rules in the existing Azure
Sentinel deployment to generate alerts based on queries to LogsWest.
What should you do first?

A.

Deploy Azure Data Catalog to the West US Azure region.

B.

Modify the workspace settings of the existing Azure Sentinel deployment

C.

Add Microsoft Sentinel to a workspace.

D.

Create a data connector in Azure Sentinel.

You have an Azure subscription that uses Microsoft Sentinel.
You need to minimize the administrative effort required to respond to the incidents and
remediate the security threats detected by Microsoft Sentinel.
Which two features should you use? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A.

Microsoft Sentinel bookmarks

B.

Azure Automation runbooks

C.

Microsoft Sentinel automation rules

D.

Microsoft Sentinel playbooks

E.

Azure Functions apps

You are configuring Azure Sentinel.
You need to send a Microsoft Teams message to a channel whenever an incident
representing a sign-in risk event is activated in Azure Sentinel.
Which two actions should you perform in Azure Sentinel? Each correct answer presents
part of the solution.
NOTE: Each correct selection is worth one point.

A.

Enable Entity behavior analytics.

B.

Associate a playbook to the analytics rule that triggered the incident

C.

Enable the Fusion rule

D.

Add a playbook

E.

Create a workbook