HOTSPOT -You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1.You need to ensure that the incidents in WS1 include a list of actions that must be performed. The solution must meet the following requirements:• Ensure that you can build a tailored list of actions for each type of incident.• Minimize administrative effort.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.
HOTSPOT-You have an Azure subscription that contains a user named User1 and a Microsoft Sentinel workspace named WS1.You need to ensure that User1 can enable User and Entity Behavior Analytics (UEBA) for WS1. The solution must follow the principle of least privilege.Which roles should you assign to User1? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.
You have a Microsoft 365 subscription that uses Microsoft Defender for Cloud Apps and has Cloud Discovery enabled.You need to enrich the Cloud Discovery data. The solution must ensure that usernames in the Cloud Discovery traffic logs are associated with the user principal name (UPN) of the corresponding Microsoft Entra ID user accounts.What should you do first?
You have an Azure subscription that uses Microsoft Defender for Cloud.You need to configure Defender for Cloud to mitigate the following risks:• Vulnerabilities within the application source code• Exploitation toolkits in declarative templates• Operations from malicious IP addresses• Exposed secretsWhich two Defender for Cloud services should you use? Each correct answer presents part of the solution.NOTE: Each correct answer is worth one point.
You need to modify the anomaly detection policy settings to meet the Cloud App Security requirements and resolve the reported problem.Which policy should you modify?
You have a Microsoft 365 subscription that contains the following resources:• 100 users that are assigned a Microsoft 365 E5 license• 100 Windows 11 devices that are joined to the Microsoft Entra tenantThe users access their Microsoft Exchange Online mailbox by using Outlook on the web.You need to ensure that if a user account is compromised, the Outlook on the web session token can be revoked. What should you configure?
