Topic 3: Misc. Questions
Your company uses Azure Sentinel.
A new security analyst reports that she cannot assign and dismiss incidents in Azure
Sentinel. You need to resolve the issue for the analyst. The solution must use the principle
of least privilege. Which role should you assign to the analyst?
A.
Azure Sentinel Responder
B.
Logic App Contributor
C.
Azure Sentinel Contributor
D.
Azure Sentinel Reader
Azure Sentinel Responder
A security administrator receives email alerts from Azure Defender for activities such as
potential malware uploaded to a storage account and potential successful brute force
attacks.
The security administrator does NOT receive email alerts for activities such as antimalware
action failed and suspicious network activity. The alerts appear in Azure Security Center.
You need to ensure that the security administrator receives email alerts for all the activities.
What should you configure in the Security Center settings?
A.
the severity level of email notifications
B.
a cloud connector
C.
the Azure Defender plans
D.
the integration settings for Threat detection
the severity level of email notifications
You have five on-premises Linux servers.
You have an Azure subscription that uses Microsoft Defender for Cloud.
You need to use Defender for Cloud to protect the Linux servers.
What should you install on the servers first?
A.
the Dependency agent
B.
the Log Analytics agent
C.
the Azure Connected Machine agent
D.
the Guest Configuration extension
the Log Analytics agent
Explanation:
Defender for Cloud depends on the Log Analytics agent.
Use the Log Analytics agent if you need to:
* Collect logs and performance data from Azure virtual machines or hybrid machines
hosted outside of Azure
* Etc.
Reference:
https://docs.microsoft.com/en-us/azure/defender-for-cloud/os-coverage
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview#loganalytics-
agent
Your company uses Azure Sentinel to manage alerts from more than 10,000 IoT devices.
A security manager at the company reports that tracking security threats is increasingly
difficult due to the large number of incidents.
You need to recommend a solution to provide a custom visualization to simplify the
investigation of threats and to infer threats by using machine learning.
What should you include in the recommendation?
A.
built-in queries
B.
livestream
C.
notebooks
D.
bookmarks
notebooks
Note: This question is part of a series of questions that present the same scenario. Each
question in the series contains a unique solution that might meet the stated goals. Some
question sets might have more than one correct solution, while others might not have a
correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result,
these questions will not appear in the review screen.
You use Azure Security Center.
You receive a security alert in Security Center.
You need to view recommendations to resolve the alert in Security Center.
Solution: From Regulatory compliance, you download the report.
Does this meet the goal?
A.
Yes
B.
No
No
You receive an alert from Azure Defender for Key Vault.
You discover that the alert is generated from multiple suspicious IP addresses.
You need to reduce the potential of Key Vault secrets being leaked while you investigate
the issue. The solution must be implemented as soon as possible and must minimize the
impact on legitimate users.
What should you do first?
A.
Modify the access control settings for the key vault
B.
Enable the Key Vault firewall
C.
Create an application security group.
D.
Modify the access policy for the key vault
Enable the Key Vault firewall
Your company uses Microsoft Sentinel
A new security analyst reports that she cannot assign and resolve incidents in Microsoft
Sentinel.
You need to ensure that the analyst can assign and resolve incidents. The solution must
use the principle of least privilege.
Which role should you assign to the analyst?
A.
Microsoft Sentinel Responder
B.
Logic App Contributor
C.
Microsoft Sentinel Reader
D.
Microsoft Sentinel Contributor
Microsoft Sentinel Responder
Explanation: The Microsoft Sentinel Responder role allows users to investigate, triage, and resolve security incidents, which includes the ability to assign incidents to other users.
This role is designed to provide the necessary permissions for incident management and
response while still adhering to the principle of least privilege. Other roles such as Logic
App Contributor and Microsoft Sentinel Contributor would have more permissions than
necessary and may not be suitable for the analyst's needs. Microsoft Sentinel Reader role
is not sufficient as it doesn't have permission to assign and resolve incidents.
Reference: https://docs.microsoft.com/en-us/azure/sentinel/role-based-access-control-rbac
You have an Azure subscription that contains a Log Analytics workspace.
You need to enable just-in-time (JIT) VM access and network detections for Azure
resources.
Where should you enable Azure Defender?
A.
at the subscription level
B.
at the workspace level
C.
at the resource level
at the subscription level
You need to visualize Azure Sentinel data and enrich the data by using third-party data
sources to identify indicators of compromise (IoC).
What should you use?
A.
notebooks in Azure Sentinel
B.
Microsoft Cloud App Security
C.
Azure Monitor
D.
hunting queries in Azure Sentinel
notebooks in Azure Sentinel
Your company has a single office in Istanbul and a Microsoft 365 subscription.
The company plans to use conditional access policies to enforce multi-factor authentication
(MFA).
You need to enforce MFA for all users who work remotely.
What should you include in the solution?
A.
a fraud alert
B.
a user risk policy
C.
a named location
D.
a sign-in user policy
a named location
Page 4 out of 16 Pages |
Previous |