Q17. You use Azure Sentinel.
You need to use a built-in role to provide a security analyst with the ability to edit the queries of custom Azure Sentinel workbooks. The solution must use the principle of least privilege.
Which role should you assign to the analyst?

Q18. You have an existing Azure logic app that is used to block Azure Active Directory (Azure AD) users. The logic app is triggered manually.
You deploy Azure Sentinel.
You need to use the existing logic app as a playbook in Azure Sentinel. What should you do first?

Q19. You need to identify which mean time metrics to use to meet the Microsoft Sentinel requirements. Which workbook should you use?

Q20. You have an Azure Functions app that generates thousands of alerts in Azure Security Center each day for normal activity.
You need to hide the alerts automatically in Security Center.
Which three actions should you perform in sequence in Security Center? Each correct answer presents part of the solution.
참고: 정답을 선택할 때마다 1점의 가치가 있습니다.

Q21. You need to use an Azure Sentinel analytics rule to search for specific criteria in Amazon Web Services (AWS) logs and to generate incidents.
다음 중 순서대로 수행해야 하는 세 가지 작업은 무엇인가요? 답하려면 작업 목록에서 적절한 작업을 답 영역으로 이동하고 올바른 순서로 정렬하세요.

Q22. Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with Azure AD.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender 365.
You need to identify all the interactive authentication attempts by the users in the finance department of your company.
How should you complete the KQL query? To answer, select the appropriate options in the answer area.
참고: 정답을 선택할 때마다 1점의 가치가 있습니다.

Q23. You have an Azure subscription that uses Microsoft Defender fof Ctoud.
You have an Amazon Web Services (AWS) account that contains an Amazon Elastic Compute Cloud (EC2) instance named EC2-1.
You need to onboard EC2-1 to Defender for Cloud.
What should you install on EC2-1?

Q24. You plan to connect an external solution that will send Common Event Format (CEF) messages to Azure Sentinel.
You need to deploy the log forwarder.
Which three actions should you perform in sequence? To answer, move the appropriate actions form the list of actions to the answer area and arrange them in the correct order.

Q25. You open the Cloud App Security portal as shown in the following exhibit.

You need to remediate the risk for the Launchpad app.
다음 중 어떤 네 가지 작업을 순서대로 수행해야 하나요? 답하려면 작업 목록에서 적절한 작업을 답 영역으로 이동하고 올바른 순서로 정렬하세요.

Q26. You need to create the test rule to meet the Azure Sentinel requirements.
What should you do when you create the rule?

Q27. You need to recommend remediation actions for the Azure Defender alerts for Fabrikam.
What should you recommend for each threat? To answer, select the appropriate options in the answer area.
참고: 정답을 선택할 때마다 1점의 가치가 있습니다.

Q28. You are informed of a new common vulnerabilities and exposures (CVE) vulnerability that affects your environment.
You need to use Microsoft Defender Security Center to request remediation from the team responsible for the affected systems if there is a documented active exploit available.
다음 중 순서대로 수행해야 하는 세 가지 작업은 무엇인가요? 답하려면 작업 목록에서 적절한 작업을 답 영역으로 이동하고 올바른 순서로 정렬하세요.

Q29. You need to implement Azure Defender to meet the Azure Defender requirements and the business requirements.
솔루션에 무엇을 포함해야 하나요? 답하려면 답 영역에서 적절한 옵션을 선택하세요.
참고: 정답을 선택할 때마다 1점의 가치가 있습니다.

Q30. You have an Azure subscription that has Azure Defender enabled for all supported resource types.
You need to configure the continuous export of high-severity alerts to enable their retrieval from a third-party security information and event management (SIEM) solution.
To which service should you export the alerts?

Q31. You have a Microsoft Sentinel workspace that contains an Azure AD data connector.
You need to associate a bookmark with an Azure AD-related incident.
What should you do? To answer, drag the appropriate blades to the correct tasks. Each blade may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content NOTE: Each correct selection is worth one point.

Q32. You have a Microsoft 365 E5 subscription.
You plan to perform cross-domain investigations by using Microsoft 365 Defender.
You need to create an advanced hunting query to identify devices affected by a malicious email attachment.
쿼리를 어떻게 작성해야 하나요? 답변하려면 답변 영역에서 적절한 옵션을 선택합니다.
참고: 정답을 선택할 때마다 1점의 가치가 있습니다.

Q33. You have a playbook in Azure Sentinel.
When you trigger the playbook, it sends an email to a distribution group.
You need to modify the playbook to send the email to the owner of the resource instead of the distribution group.
어떻게 해야 하나요?