Your company stores the data of every project in a different Azure subscription. All the subscriptions use the same Azure Active Directory (Azure AD) tenant.Every project consists of multiple Azure virtual machines that run Windows Server. The Windows events of the virtual machines are stored in a Log Analytics workspace in each machine's respective subscription.You deploy Azure Sentinel to a new Azure subscription.You need to perform hunting queries in Azure Sentinel to search across all the Log Analytics workspaces of all the subscriptions.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
You provision Azure Sentinel for a new Azure subscription.You are configuring the Security Events connector.While creating a new rule from a template in the connector, you decide to generate a new alert for every event.You create the following rule query.By which two components can you group alerts into incidents? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.
HOTSPOT -You have an Azure subscription that has Azure Defender enabled for all supported resource types.You create an Azure logic app named LA1.You plan to use LA1 to automatically remediate security risks detected in Azure Security Center.You need to test LA1 in Security Center.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
You have a custom analytics rule to detect threats in Azure Sentinel.You discover that the analytics rule stopped running. The rule was disabled, and the rule name has a prefix of AUTO DISABLED.What is a possible cause of the issue?
Your company uses Azure Sentinel.A new security analyst reports that she cannot assign and resolve incidents in Azure Sentinel.You need to ensure that the analyst can assign and resolve incidents. The solution must use the principle of least privilege.Which role should you assign to the analyst?
HOTSPOT -You have a Microsoft 365 E5 subscription that uses Microsoft Defender and an Azure subscription that uses Azure Sentinel.You need to identify all the devices that contain files in emails sent by a known malicious email sender. The query will be based on the match of the SHA256 hash.How should you complete the query? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
