- Email support@dumps4free.com
Topic 3: Misc. Questions
You have an Azure subscription that uses Microsoft Defender for Cloud and contains a
storage account named storage1. You receive an alert that there was an unusually high
volume of delete operations on the blobs in storage1. You need to identify which blobs
were deleted. What should you review?
A.
the activity logs of storage1
B.
the Azure Storage Analytics logs
C.
the alert details
D.
the related entities of the alert
the activity logs of storage1
Explanation: To identify which blobs were deleted, you should review the activity logs of
the storage account. The activity logs contain information about all the operations that have
taken place in the storage account, including delete operations. These logs can be
accessed in the Azure portal by navigating to the storage account, selecting "Activity log"
under the "Monitoring" section, and filtering by the appropriate time range. You can also
use Azure Monitor and Log Analytics to query and analyze the activity logs data.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-activity-logs
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-azurestorage
You need to receive a security alert when a user attempts to sign in from a location that
was never used by the other users in your organization to sign in.
Which anomaly detection policy should you use?
A.
Impossible travel
B.
Activity from anonymous IP addresses
C.
Activity from infrequent country
D.
Malware detection
Activity from infrequent country
Explanation:
Activity from a country/region that could indicate malicious activity. This policy profiles your
environment and triggers alerts when activity is detected from a location that was not
recently or was never visited by any user in the organization. Activity from the same user in
different locations within a time period that is shorter than the expected travel time between
the two locations. This can indicate a credential breach, however, it's also possible that the
user's actual location is masked, for example, by using a VPN.
You receive a security bulletin about a potential attack that uses an image file.
You need to create an indicator of compromise (IoC) in Microsoft Defender for Endpoint to
prevent the attack.
Which indicator type should you use?
A.
a URL/domain indicator that has Action set to Alert only
B.
a URL/domain indicator that has Action set to Alert and block
C.
a file hash indicator that has Action set to Alert and block
D.
a certificate indicator that has Action set to Alert and block
a file hash indicator that has Action set to Alert and block
You have an Azure subscription that uses Microsoft Defender for Endpoint.
You need to ensure that you can allow or block a user-specified range of IP addresses and
URLs.
What should you enable first in the advanced features from the Endpoints Settings in the
Microsoft 365 Defender portal?
A.
endpoint detection and response (EDR) in block mode
B.
custom network indicators
C.
web content filtering
D.
Live response for servers
endpoint detection and response (EDR) in block mode
You create an Azure subscription.
You enable Azure Defender for the subscription.
You need to use Azure Defender to protect on-premises computers.
What should you do on the on-premises computers?
A.
Install the Log Analytics agent
B.
Install the Dependency agent
C.
Configure the Hybrid Runbook Worker role
D.
Install the Connected Machine agent.
Install the Log Analytics agent
Explanation:
Security Center collects data from your Azure virtual machines (VMs), virtual machine
scale sets, IaaS containers, and non-Azure (including on-premises) machines to monitor
for security vulnerabilities and threats.
Data is collected using:
The Log Analytics agent, which reads various security-related configurations and event
logs from the machine and copies the data to your workspace for analysis. Examples of
such data are: operating system type and version, operating system logs (Windows event
logs), running processes, machine name, IP addresses, and logged in user.
Security extensions, such as the Azure Policy Add-on for Kubernetes, which can also
provide data to Security Center regarding specialized resource types.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-datacollection
| Page 11 out of 32 Pages |
| Previous |