- Email support@dumps4free.com
Topic 3: Misc. Questions
You have a Microsoft 365 subscription that uses Microsoft 365 Defender A remediation
action for an automated investigation quarantines a file across multiple devices. You need
to mark the file as safe and remove the file from quarantine on the devices. What should
you use m the Microsoft 365 Defender portal?
A.
From Threat tracker, review the queries.
B.
From the History tab in the Action center, revert the actions
C.
From the investigation page, review the AIR processes.
D.
From Quarantine from the Review page, modify the rules.
From the History tab in the Action center, revert the actions
You have an Azure Sentinel workspace.
You need to test a playbook manually in the Azure portal. From where can you run the test
in Azure Sentinel?
A.
Playbooks
B.
Analytics
C.
Threat intelligence
D.
Incidents
Incidents
You have an Azure subscription that has Azure Defender enabled for all supported
resource types.
You need to configure the continuous export of high-severity alerts to enable their retrieval from a third-party security information and event management (SIEM) solution.
To which service should you export the alerts?
A.
Azure Cosmos DB
B.
Azure Event Grid
C.
Azure Event Hubs
D.
Azure Data Lake
Azure Event Hubs
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint.
You need to add threat indicators for all the IP addresses in a range of 171.23.3432-
171.2334.63. The solution must minimize administrative effort.
What should you do in the Microsoft 365 Defender portal?
A.
Create an import file that contains the IP address of 171.23.34.32/27. Select Import
and import the file.
B.
Select Add indicator and set the IP address to 171.2334.32-171.23.34.63.
C.
Select Add indicator and set the IP address to 171.23.34.32/27
D.
Create an import file that contains the individual IP addresses in the range. Select
Import and import the file.
Select Add indicator and set the IP address to 171.23.34.32/27
Explanation: This will add all the IP addresses in the range of 171.23.34.32/27 as threat
indicators. This is the simplest and most efficient way to add all the IP addresses in the
range.
Reference: [1] https://docs.microsoft.com/en-us/windows/security/threatprotection/
microsoft-defender-atp/threat-intelligence-manage-indicators
You use Azure Sentinel.
You need to receive an immediate alert whenever Azure Storage account keys are
enumerated. Which two actions should you perform? Each correct answer presents part of
the solution.
NOTE: Each correct selection is worth one point.
A.
Create a livestream
B.
Add a data connector
C.
Create an analytics rule
D.
Create a hunting query
E.
Create a bookmark.
Add a data connector
Create an analytics rule
Explanation:
B: To add a data connector, you would use the Azure Sentinel data connectors feature to
connect to your Azure subscription and to configure log data collection for Azure Storage
account key enumeration events.
C: After adding the data connector, you need to create an analytics rule to analyze the log
data from the Azure storage connector, looking for the specific event of Azure storage
account keys enumeration. This rule will trigger an alert when it detects the specific event,
allowing you to take immediate action.
| Page 6 out of 32 Pages |
| Previous |