DRAG DROP -You plan to connect an external solution that will send Common Event Format (CEF) messages to Azure Sentinel.You need to deploy the log forwarder.Which three actions should you perform in sequence? To answer, move the appropriate actions form the list of actions to the answer area and arrange them in the correct order.Select and Place:
HOTSPOT -From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown in the following exhibit.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point.Hot Area:
You need to configure Microsoft Cloud App Security to generate alerts and trigger remediation actions in response to external sharing of confidential files.Which two actions should you perform in the Cloud App Security portal? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
You are investigating a potential attack that deploys a new ransomware strain.You have three custom device groups. The groups contain devices that store highly sensitive information.You plan to perform automated actions on all devices.You need to be able to temporarily group the machines to perform actions on the devices.Which three actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
You have a Microsoft 365 subscription that uses Azure Defender.You have 100 virtual machines in a resource group named RG1.You assign the Security Admin roles to a new user named SecAdmin1.You need to ensure that SecAdmin1 can apply quick fixes to the virtual machines by using Azure Defender. The solution must use the principle of least privilege.Which role should you assign to SecAdmin1?
HOTSPOT -You have an Azure subscription that has Azure Defender enabled for all supported resource types.You create an Azure logic app named LA1.You plan to use LA1 to automatically remediate security risks detected in Azure Security Center.You need to test LA1 in Security Center.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
