You need to receive an alert when any process disables System Restore on a device managed by Microsoft Defender during the last 24 hours. Which two actions should you perform? Each correct answer presents part of the solution.

Add DeviceId and ReportId to the output of the query.

Add | order by Timestamp to the query.

Replace DeviceProcessEvents with DeviceNetworkEvents.

You are investigating a potential attack that deploys a new ransomware strain. You have three custom device groups. The groups contain devices that store highly sensitive information. You plan to perform automated actions on all devices. You need to be able to temporarily group the machines to perform actions on the devices. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Assign a tag to the device group.

Create a new device group that has a rank of 1.

Add the device users to the admin role.

You receive a security bulletin about a potential attack that uses an image file. You need to create an indicator of compromise (IoC) in Microsoft Defender for Endpoint to prevent the attack. Which indicator type should you use?

a file hash indicator that has Action set to Alert and block

a URL/domain indicator that has Action set to Alert only

a URL/domain indicator that has Action set to Alert and block

a certificate indicator that has Action set to Alert and block

You need to provide a security analyst with the ability to use the Microsoft 365 security center. The analyst must be able to approve and reject pending actions generated by Microsoft Defender for Endpoint. The solution must use the principle of least privilege. Which two roles should assign to the analyst? Each correct answer presents part of the solution.

the Active remediation actions role in Microsoft Defender for Endpoint

the Security Reader role in Azure Active Directory (Azure AD)

the Compliance Data Administrator in Azure Active Directory (Azure AD)

the Security Administrator role in Azure Active Directory (Azure AD)

You need to configure Microsoft Cloud App Security to generate alerts and trigger remediation actions in response to external sharing of confidential files. Which two actions should you perform in the Cloud App Security portal? Each correct answer presents part of the solution.

From Settings, select Information Protection, select Azure Information Protection, and then select Automatically scan new files for Azure Information Protection classification labels and content inspection warnings.

From Settings, select Information Protection, select Files, and then enable file monitoring.

From Settings, select Information Protection, select Azure Information Protection, and then select Only scan files for Azure Information Protection classification labels and content inspection warnings from this tenant.

Select Investigate files, and then select New policy from search.

Select Investigate files, and then filter App to Office 365.

You need to prevent alerts for legitimate sign-ins from known locations. Which two actions should you perform? Each correct answer presents part of the solution.

Configure automatic data enrichment.

Add the IP addresses to the corporate address range category.

Increase the sensitivity level of the impossible travel anomaly detection policy.

Add the IP addresses to the other address range category and add a tag.

Create an activity policy that has an exclusion for the IP addresses.

What should you use to identify whether zero-hour auto purge (ZAP) moved an email message from the mailbox of a user?

the Threat Protection Status report in Microsoft Defender for Office 365

the mailbox audit log in Exchange

the Safe Attachments file types report in Microsoft Defender for Office 365

the mail flow report in Exchange

What should you use to mitigate the following device threats: Microsoft Excel macros that download scripts from untrusted websites, Users that open executable attachments in Microsoft Outlook, Outlook rules and forms exploits?

attack surface reduction rules in Microsoft Defender for Endpoint

adaptive application control in Azure Defender

What should you do to route events to the SIEM solution?

Configure the Diagnostics settings in Azure AD to stream to an event hub.

Create an Azure Sentinel workspace that has a Security Events connector.

Create an Azure Sentinel workspace that has an Azure Active Directory connector.

Configure the Diagnostics settings in Azure AD to archive to a storage account.

What should you use to be notified if the deleted users downloaded numerous documents from SharePoint Online sites during the month before their accounts were deleted?

a file policy in Microsoft Defender for Cloud Apps

an alert policy in Microsoft Defender for Office 365

Microsoft 365 Defender Quiz

Authored by Irvin Maceke

Information Technology (IT)

12th Grade

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

30 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 5 pts

You are investigating an incident by using Microsoft 365 Defender. You need to create an advanced hunting query to count failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop. How should you complete the query? To answer, select the appropriate options in the answer area.

DeviceLogonEvents where DeviceName in ("CFOLaptop", "CEOLaptop", "COOLaptop") ActionType == "LogonFailed" | summarize LogonFailures=count() by DeviceName, LogonType

DeviceLogonEvents where DeviceName in ("CFOLaptop", "CEOLaptop", "COOLaptop") ActionType == "LogonSucceeded" | summarize LogonFailures=count() by DeviceName, LogonType

DeviceLogonEvents where DeviceName in ("CFOLaptop", "CEOLaptop", "COOLaptop") ActionType == "LogonFailed" | summarize LogonSuccess=count() by DeviceName, LogonType

DeviceLogonEvents where DeviceName in ("CFOLaptop", "CEOLaptop", "COOLaptop") ActionType == "LogonFailed" | summarize LogonFailures=count() by LogonType

MULTIPLE CHOICE QUESTION

30 sec • 5 pts

You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in. Which anomaly detection policy should you use?

Impossible travel

Activity from anonymous IP addresses

Activity from infrequent country

Malware detection

MULTIPLE CHOICE QUESTION

30 sec • 5 pts

You need to create a data loss prevention (DLP) policy to protect the sensitive documents. What should you use to detect which documents are sensitive?

SharePoint search

a hunting query in Microsoft 365 Defender

Azure Information Protection

RegEx pattern matching

MULTIPLE SELECT QUESTION

30 sec • 5 pts

You need to prevent users from downloading and running additional payloads from the Office VBA macros as additional child processes. Which two commands can you run to achieve the goal? Each correct answer presents a complete solution.

Set-MpPreference -DisableChildProcessCreation $true

Set-MpPreference -EnableChildProcessCreation $false

Add-MpPreference -DisableChildProcessCreation $true

Add-MpPreference -EnableChildProcessCreation $false

MULTIPLE SELECT QUESTION

30 sec • 5 pts

You need to hide false positive in the Alerts queue, while maintaining the existing security posture. Which three actions should you perform? Each correct answer presents part of the solution.

Resolve the alert automatically.

Hide the alert.

Create a suppression rule scoped to any device.

Create a suppression rule scoped to a device group.

Generate the alert.

OPEN ENDED QUESTION

3 mins • 5 pts

You need to remediate the risk for the Launchpad app. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Evaluate responses using AI:

OFF

OPEN ENDED QUESTION

3 mins • 5 pts

You need to create an advanced hunting query to identify devices affected by a malicious email attachment. How should you complete the query? To answer, select the appropriate options in the answer area.

Evaluate responses using AI:

OFF

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

25 questions

Kelas 9 - Halaman 77 (PAS)

Quiz

•

9th Grade - University

25 questions

Quizizz JavaScript Attempt 2 Review

Quiz

•

9th - 12th Grade

25 questions

Networks & the Internet Quiz

Quiz

•

12th Grade - University

25 questions

KUIS TIK KELAS 7

Quiz

•

7th Grade - University

25 questions

ASTS 2 INFORMATIKA KELAS 7

Quiz

•

7th Grade - University

25 questions

LITERASI dIGITAL

Quiz

•

12th Grade

25 questions

Ujian Kompetensi Skakes Airlangga

Quiz

•

9th - 12th Grade

25 questions

Media Literacy Quiz

Quiz

•

11th Grade - University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

29 questions

Alg. 1 Section 5.1 Coordinate Plane

Quiz

•

9th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

11 questions

FOREST Effective communication

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Information Technology (IT)

20 questions

-AR -ER -IR present tense

Quiz

•

10th - 12th Grade

22 questions

El Imperfecto

Quiz

•

9th - 12th Grade

20 questions

SSS/SAS

Quiz

•

9th - 12th Grade

20 questions

verbos reflexivos en español

Quiz

•

9th - 12th Grade

14 questions

Making Inferences From Samples

Quiz

•

7th - 12th Grade

23 questions

CCG - CH8 Polygon angles and area Review

Quiz

•

9th - 12th Grade

8 questions

Momentum and Collisions

Lesson

•

9th - 12th Grade

28 questions

Ser vs estar

Quiz

•

9th - 12th Grade

Microsoft 365 Defender Quiz

You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in. Which anomaly detection policy should you use?

You need to create a data loss prevention (DLP) policy to protect the sensitive documents. What should you use to detect which documents are sensitive?

You need to prevent users from downloading and running additional payloads from the Office VBA macros as additional child processes. Which two commands can you run to achieve the goal? Each correct answer presents a complete solution.

You need to hide false positive in the Alerts queue, while maintaining the existing security posture. Which three actions should you perform? Each correct answer presents part of the solution.

You need to remediate the risk for the Launchpad app. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You need to create an advanced hunting query to identify devices affected by a malicious email attachment. How should you complete the query? To answer, select the appropriate options in the answer area.

You need to receive an alert when any process disables System Restore on a device managed by Microsoft Defender during the last 24 hours. Which two actions should you perform? Each correct answer presents part of the solution.

You are configuring Microsoft Defender for Identity integration with Active Directory. From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit. Solution: From Entity tags, you add the accounts as Honeytoken accounts. Does this meet the goal?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)