You recently deployed Azure Sentinel. You discover that the default Fusion rule does not generate any alerts. You verify that the rule is enabled. You need to ensure that the Fusion rule can generate alerts. What should you do?

Disable, and then enable the rule.

Create a new machine learning analytics rule.

A company uses Azure Sentinel. You need to create an automated threat response. What should you use?

a Microsoft incident creation rule

You have an Azure Sentinel deployment in the East US Azure region. You create a Log Analytics workspace named LogsWest in the West US Azure region. You need to ensure that you can use scheduled analytics rules in the existing Azure Sentinel deployment to generate alerts based on queries to LogsWest. What should you do first?

Add Azure Sentinel to a workspace.

Deploy Azure Data Catalog to the West US Azure region.

Modify the workspace settings of the existing Azure Sentinel deployment.

Create a data connector in Azure Sentinel.

You create a custom analytics rule to detect threats in Azure Sentinel. You discover that the rule fails intermittently. What are two possible causes of the failures? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

The target workspace was deleted.

Permissions to the data sources of the rule query were modified.

You are configuring Azure Sentinel. You need to send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected. Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Associate a playbook to an incident.

Enable Entity behavior analytics.

You are investigating an incident in Azure Sentinel that contains more than 127 alerts. You discover eight alerts in the incident that require further investigation. You need to escalate the alerts to another Azure Sentinel administrator. What should you do to provide the alerts to the administrator?

Create a Microsoft incident creation rule

You are configuring Azure Sentinel. You need to send a Microsoft Teams message to a channel whenever an incident representing a sign-in risk event is activated in Azure Sentinel. Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Associate a playbook to the analytics rule that triggered the incident.

Enable Entity behavior analytics.

You have the following environment: Azure Sentinel - ✑ A Microsoft 365 subscription ✑ Microsoft Defender for Identity ✑ An Azure Active Directory (Azure AD) tenant You configure Azure Sentinel to collect security logs from all the Active Directory member servers and domain controllers. You deploy Microsoft Defender for Identity by using standalone sensors. You need to ensure that you can detect when sensitive groups are modified in Active Directory. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Configure the Advanced Audit Policy Configuration settings for the domain controllers

Configure Windows Event Forwarding on the domain controllers.

Modify the permissions of the Domain Controllers organizational unit (OU).

Configure auditing in the Microsoft 365 compliance center

You have an Azure subscription named Sub1 and a Microsoft 365 subscription. Sub1 is linked to an Azure Active Directory (Azure AD) tenant named contoso.com . You create an Azure Sentinel workspace named workspace1. In workspace1, you activate an Azure AD connector for contoso.com and an Office 365 connector for the Microsoft 365 subscription. You need to use the Fusion rule to detect multi-staged attacks that include suspicious sign-ins to contoso.com followed by anomalous Microsoft Office 365 activity. Which two actions should you perform? Each correct answer present part of the solution. NOTE: Each correct selection is worth one point.

Create a Microsoft Cloud App Security connector.

Create an Azure AD Identity Protection connector

Create custom rule based on the Office 365 connector templates.

Create a Microsoft incident creation rule based on Azure Security Center.

You have an Azure subscription that uses Microsoft Sentinel. You need to minimize the administrative effort required to respond to the incidents and remediate the security threats detected by Microsoft Sentinel. Which two features should you use? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Microsoft Sentinel automation rules

You have a Microsoft Sentinel workspace that contains the following incident. Brute force attack against Azure Portal analytics rule has been triggered. You need to identify the geolocation information that corresponds to the incident. What should you do?

From Overview, review the Potential malicious events map.

From Incidents, review the details of the IPCustomEntity entity associated with the incident.

From Incidents, review the details of the AccountCustomEntity entity associated with the incident.

From Investigation, review insights on the incident entity.

You have two Azure subscriptions that use Microsoft Defender for Cloud. You need to ensure that specific Defender for Cloud security alerts are suppressed at the root management group level. The solution must minimize administrative effort. What should you do in the Azure portal?

Create an Azure Policy assignment.

Modify the Workload protections settings in Defender for Cloud

Create an alert rule in Azure Monitor.

Modify the alert settings in Defender for Cloud.

You have an Azure subscription that uses Microsoft Sentinel and contains 100 Linux virtual machines. You need to monitor the virtual machines by using Microsoft Sentinel. The solution must meet the following requirements: ✑ Minimize administrative effort. ✑ Minimize the parsing required to read fog data. What should you configure?

a Log Analytics Data Collector API

a Common Evert Format (CEF) connector

multi s3

Professional Development

•

35 Qs

Similar activities

Disaster Management Act 2005 India

University - Professional Development

•

30 Qs

US National Parks

Professional Development

•

34 Qs

MGNF 20

Professional Development

•

30 Qs

Klasa 8 - sprawdzian (Afryka)

KG - Professional Development

•

32 Qs

Geography (Countries) and History

KG - Professional Development

•

34 Qs

geografia de 6

Professional Development

•

31 Qs

SEBARAN DAN PENGELOLAAN SUMBER DAYA ALAM

Professional Development

•

40 Qs

BS1: World Geography

Professional Development

•

40 Qs

multi s3

Quiz

•

Geography

•

Professional Development

•

Practice Problem

•

Easy

John Doe

Used 2+ times

FREE Resource

35 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You have an existing Azure logic app that is used to block Azure Active Directory (Azure AD) users. The logic app is triggered manually. You deploy Azure Sentinel. You need to use the existing logic app as a playbook in Azure Sentinel. What should you do first?

And a new scheduled query rule.

Add a data connector to Azure Sentinel

Configure a custom Threat Intelligence connector in Azure Sentinel.

Modify the trigger in the logic app.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Your company uses Azure Sentinel to manage alerts from more than 10,000 IoT devices. A security manager at the company reports that tracking security threats is increasingly difficult due to the large number of incidents. You need to recommend a solution to provide a custom visualization to simplify the investigation of threats and to infer threats by using machine learning. What should you include in the recommendation?

built-in queries

livestream

notebooks

bookmarks

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You have a playbook in Azure Sentinel. When you trigger the playbook, it sends an email to a distribution group. You need to modify the playbook to send the email to the owner of the resource instead of the distribution group. What should you do?

Add a parameter and modify the trigger.

Add a custom data connector and modify the trigger

Add a condition and modify the action.

Add an alert and modify the action.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

You provision Azure Sentinel for a new Azure subscription. You are configuring the Security Events connector. While creating a new rule from a template in the connector, you decide to generate a new alert for every event. You create the following rule query.
By which two components can you group alerts into incidents? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point

user

resource group

IP address

computer

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Your company stores the data of every project in a different Azure subscription. All the subscriptions use the same Azure Active Directory (Azure AD) tenant. Every project consists of multiple Azure virtual machines that run Windows Server. The Windows events of the virtual machines are stored in a Log Analytics workspace in each machine's respective subscription. You deploy Azure Sentinel to a new Azure subscription. You need to perform hunting queries in Azure Sentinel to search across all the Log Analytics workspaces of all the subscriptions. Which two actions should you perform?
Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Add the Security Events connector to the Azure Sentinel workspace.

Create a query that uses the workspace expression and the union operator.

Use the alias statement.

Create a query that uses the resource expression and the alias operator.

Add the Azure Sentinel solution to each workspace.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You have an Azure Sentinel workspace. You need to test a playbook manually in the Azure portal. From where can you run the test in Azure Sentinel?

Playbooks

Analytics

Threat intelligence

Incidents

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You have a custom analytics rule to detect threats in Azure Sentinel. You discover that the analytics rule stopped running. The rule was disabled, and the rule name has a prefix of AUTO DISABLED. What is a possible cause of the issue?

There are connectivity issues between the data sources and Log Analytics.

The number of alerts exceeded 10,000 within two minutes.

The rule query takes too long to run and times out

Permissions to one of the data sources of the rule query were modified

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

32 questions

Geography

Quiz

•

Professional Development

36 questions

Flags of the world!

Quiz

•

KG - Professional Dev...

34 questions

US National Parks

Quiz

•

Professional Development

30 questions

MGNF 20

Quiz

•

Professional Development

32 questions

Klasa 8 - sprawdzian (Afryka)

Quiz

•

KG - Professional Dev...

34 questions

Geography (Countries) and History

Quiz

•

KG - Professional Dev...

30 questions

Disaster Management Act 2005 India

Quiz

•

University - Professi...

30 questions

Guess The Flags

Quiz

•

4th Grade - Professio...

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Geography

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

100 questions

Screening Test Customer Service

Quiz

•

Professional Development

20 questions

90s Cartoons

Quiz

•

Professional Development

10 questions

Reading a ruler in Inches

Quiz

•

4th Grade - Professio...

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

12 questions

Valentines Day Trivia

Quiz

•

Professional Development

multi s3

35 questions

You have an existing Azure logic app that is used to block Azure Active Directory (Azure AD) users. The logic app is triggered manually. You deploy Azure Sentinel. You need to use the existing logic app as a playbook in Azure Sentinel. What should you do first?

You have a playbook in Azure Sentinel. When you trigger the playbook, it sends an email to a distribution group. You need to modify the playbook to send the email to the owner of the resource instead of the distribution group. What should you do?

You have an Azure Sentinel workspace. You need to test a playbook manually in the Azure portal. From where can you run the test in Azure Sentinel?

You have a custom analytics rule to detect threats in Azure Sentinel. You discover that the analytics rule stopped running. The rule was disabled, and the rule name has a prefix of AUTO DISABLED. What is a possible cause of the issue?

Your company uses Azure Sentinel. A new security analyst reports that she cannot assign and resolve incidents in Azure Sentinel. You need to ensure that the analyst can assign and resolve incidents. The solution must use the principle of least privilege. Which role should you assign to the analyst?

You recently deployed Azure Sentinel. You discover that the default Fusion rule does not generate any alerts. You verify that the rule is enabled. You need to ensure that the Fusion rule can generate alerts. What should you do?

A company uses Azure Sentinel. You need to create an automated threat response. What should you use?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Geography