You create a hunting query in Azure Sentinel. You need to receive a notification in the Azure portal as soon as the hunting query detects a match on the query. The solution must minimize effort. What should you use?

You use Azure Sentinel. You need to receive an immediate alert whenever Azure Storage account keys are enumerated. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

The issue for which team can be resolved by using Microsoft Defender for Endpoint?

You create an Azure subscription named sub1. In sub1, you create a Log Analytics workspace named workspace1. You enable Azure Security Center and configure Security Center to use workspace1. You need to ensure that Security Center processes events from the Azure virtual machines that report to workspace1. What should you do?

You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for Endpoint requirements. Which two configurations should you modify? Each correct answer present part of the solution. NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365. You have Microsoft SharePoint Online sites that contain sensitive documents. The documents contain customer account numbers that each consists of 32 alphanumeric characters. You need to create a data loss prevention (DLP) policy to protect the sensitive documents. What should you use to detect which documents are sensitive?

You have an Azure Sentinel workspace. You need to test a playbook manually in the Azure portal. From where can you run the test in Azure Sentinel?

Your company uses line-of-business apps that contain Microsoft Office VBA macros. You plan to enable protection against downloading and running additional payloads from the Office VBA macros as additional child processes. You need to identify which Office VBA macros might be affected. Which two commands can you run to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

You have a Microsoft subscription that has Microsoft Defender for Cloud enabled You configure the Azure logic apps shown in the following table. You need to configure an automatic action that will run if a Suspicious process executed alert is triggered. The solution must minimize administrative effort. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You need to recommend remediation actions for the Azure Defender alerts for Fabrikam. What should you recommend for each threat? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.