You need to complete the query for failed sign-ins to meet the technical requirements.
Where can you find the column name to complete the where clause?

A.

Security alerts in Azure Security Center

B.

Activity log in Azure

C.

Azure Advisor

D.

the query windows of the Log Analytics workspace

The issue for which team can be resolved by using Microsoft Defender for Office 365?

A.

executive

B.

marketing

C.

security

D.

sales

You need to remediate active attacks to meet the technical requirements.
What should you include in the solution?

A.

Azure Automation runbooks

B.

Azure Logic Apps

C.

Azure Functions

D.

Azure Sentinel livestreams

The issue for which team can be resolved by using Microsoft Defender for Endpoint?

A.

executive

B.

sales

C.

marketing

You need to recommend a solution to meet the technical requirements for the Azure virtual
machines. What should you include in the recommendation?

A.

just-in-time (JIT) access

B.

Azure Defender

C.

Azure Firewall

D.

Azure Application Gateway

You need to implement the Azure Information Protection requirements. What should you
configure first?

A.

Device health and compliance reports settings in Microsoft Defender Security Center

B.

scanner clusters in Azure Information Protection from the Azure portal

C.

content scan jobs in Azure Information Protection from the Azure portal

D.

Advanced features from Settings in Microsoft Defender Security Center

You need to create the test rule to meet the Azure Sentinel requirements. What should you
do when you create the rule?

A.

From Set rule logic, turn off suppression

B.

From Analytics rule details, configure the tactics.

C.

From Set rule logic, map the entities

D.

From Analytics rule details, configure the severity.

You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for
Endpoint requirements.
Which two configurations should you modify? Each correct answer present part of the
solution.
NOTE: Each correct selection is worth one point.

A.

the Onboarding settings from Device management in Microsoft Defender Security
Center

B.

Cloud App Security anomaly detection policies

C.

Advanced features from Settings in Microsoft Defender Security Center

D.

the Cloud Discovery settings in Cloud App Security

You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure
Sentinel requirements and the business requirements.
Which role should you assign?

A.

Automation Operator

B.

Automation Runbook Operator

C.

Azure Sentinel Contributor

D.

Logic App Contributor

You need to modify the anomaly detection policy settings to meet the Cloud App Security
requirements. Which policy should you modify?

A.

Activity from suspicious IP addresses

B.

Activity from anonymous IP addresses

C.

Impossible travel

D.

Risky sign-in

You create an Azure subscription.
You enable Microsoft Defender for Cloud for the subscription.
You need to use Defender for Cloud to protect on-premises computers.
What should you do on the on-premises computers?

A.

Configure the Hybrid Runbook Worker role

B.

Install the Connected Machine agent

C.

Install the Log Analytics agent

D.

Install the Dependency agent.

Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated
goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a
result, these questions will not appear in the review screen.
You are configuring Microsoft Defender for Identity integration with Active Directory.
From the Microsoft Defender for identity portal, you need to configure several accounts for
attackers to exploit.
Solution: You add each account as a Sensitive account.
Does this meet the goal?

A.

Yes

B.

No