لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
You create a custom analytics rule to detect threats in Azure Sentinel.You discover that the rule fails intermittently.What are two possible causes of the failures? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
A. The rule query takes too long to run and times out
B. The target workspace was deleted
C. Permissions to the data sources of the rule query were modified
D. There are connectivity issues between the data sources and Log Analytics
عرض الإجابة
اجابة صحيحة: AD
السؤال #2
You have a playbook in Azure Sentinel. When you trigger the playbook, it sends an email to a distribution group. You need to modify the playbook to send the email to the owner of the resource instead of the distribution group. What should you do?
A. Add a parameter and modify the trigger
B. Add a custom data connector and modify the trigger
C. Add a condition and modify the action
D. Add a parameter and modify the action
عرض الإجابة
اجابة صحيحة: BCE
السؤال #3
You plan to create a custom Azure Sentinel query that will provide a visual representation of the security alerts generated byAzure Security Center.You need to create a query that will be used to display a bar graph.What should you include in the query?
A. extend
B. bin
C. count
D. workspace
عرض الإجابة
اجابة صحيحة: C
السؤال #4
You use Azure Sentinel.You need to receive an alert in near real-time whenever Azure Storage account keys are enumerated.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
A. Create a livestream
B. Add a data connector
C. Create an analytics rule
D. Create a hunting query
E. Create a bookmark
عرض الإجابة
اجابة صحيحة: BD
السؤال #5
You plan to create a custom Azure Sentinel query that will track anomalous Azure Active Directory (Azure AD) sign-in activityand present the activity as a time chart aggregated by day.You need to create a query that will be used to display the time chart.What should you include in the query?
A. extend
B. bin
C. makeset
D. workspace
عرض الإجابة
اجابة صحيحة: B
السؤال #6
You open the Cloud App Security portal as shown in the following exhibit. You need to remediate the risk for the Launchpad app. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
A. Mastered
B. Not Mastered
عرض الإجابة
اجابة صحيحة: C
السؤال #7
Your company stores the data for every project in a different Azure subscription. All the subscriptions use the same Azure Active Directory (Azure AD) tenant. Every project consists of multiple Azure virtual machines that run Windows Server. The Windows events of the virtual machines are stored in a Log Analytics workspace in each machine’s respective subscription. You deploy Azure Sentinel to a new Azure subscription. You need to perform hunting queries in Azure Sentinel to search across all the Log Analyt
A. Add the Security Events connector to the Azure Sentinel workspace
B. Create a query that uses the workspace expression and the union operator
C. Use the alias statement
D. Create a query that uses the resource expression and the alias operator
E. Add the Azure Sentinel solution to each workspace
عرض الإجابة
اجابة صحيحة: A
السؤال #8
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains aunique solution that might meet the stated goals. Some question sets might have more than one correct solution, whileothers might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear inthe review screen.You are configuring Azure Sentinel.You need to create an incident in Azure Sentinel
A. Yes
B. No
عرض الإجابة
اجابة صحيحة: B
السؤال #9
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains aunique solution that might meet the stated goals. Some question sets might have more than one correct solution, whileothers might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear inthe review screen.You are configuring Azure Sentinel.You need to create an incident in Azure Sentinel
A. Yes
B. No
عرض الإجابة
اجابة صحيحة: B
السؤال #10
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains aunique solution that might meet the stated goals. Some question sets might have more than one correct solution, whileothers might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear inthe review screen.You are configuring Azure Sentinel.You need to create an incident in Azure Sentinel
A. Yes
B. No
عرض الإجابة
اجابة صحيحة: A
السؤال #11
You are configuring Azure Sentinel.You need to send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected.Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
A. Add a playbook
B. Associate a playbook to an incident
C. Enable Entity behavior analytics
D. Create a workbook
E. Enable the Fusion rule
عرض الإجابة
اجابة صحيحة: AB
السؤال #12
You plan to connect an external solution that will send Common Event Format (CEF) messages to Azure Sentinel. You need to deploy the log forwarder. Which three actions should you perform in sequence? To answer, move the appropriate actions form the list of actions to the answer area and arrange them in the correct order.
A. Mastered
B. Not Mastered
عرض الإجابة
اجابة صحيحة: C
السؤال #13
You have an Azure Sentinel deployment in the East US Azure region.You create a Log Analytics workspace named LogsWest in the West US Azure region.You need to ensure that you can use scheduled analytics rules in the existing Azure Sentinel deployment to generate alertsbased on queries to LogsWest.What should you do first?
A. Deploy Azure Data Catalog to the West US Azure region
B. Modify the workspace settings of the existing Azure Sentinel deployment
C. Add Azure Sentinel to a workspace
D. Create a data connector in Azure Sentinel
عرض الإجابة
اجابة صحيحة: C
السؤال #14
A company uses Azure Sentinel.You need to create an automated threat response.What should you use?
A. a data connector
B. a playbook
C. a workbook
D. a Microsoft incident creation rule
عرض الإجابة
اجابة صحيحة: B
السؤال #15
Your company uses Azure Security Center and Azure Defender. The security operations team at the company informs you that it does NOT receive email notifications for security alerts. What should you configure in Security Center to enable the email notifications?
A. Security solutions
B. Security policy
C. Pricing & settings
D. Security alerts
E. Azure Defender
عرض الإجابة
اجابة صحيحة: D
السؤال #16
You have a Microsoft 365 subscription that uses Azure Defender. You have 100 virtual machines in a resource group named RG1. You assign the Security Admin roles to a new user named SecAdmin1. You need to ensure that SecAdmin1 can apply quick fixes to the virtual machines by using Azure Defender. The solution must use the principle of least privilege. Which role should you assign to SecAdmin1?
A. the Security Reader role for the subscription
B. the Contributor for the subscription
C. the Contributor role for RG1
D. the Owner role for RG1
عرض الإجابة
اجابة صحيحة: BE
السؤال #17
You need to create an advanced hunting query to investigate the executive team issue. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
A. Mastered
B. Not Mastered
عرض الإجابة
اجابة صحيحة: A
السؤال #18
Your company uses Microsoft Defender for Endpoint. The company has Microsoft Word documents that contain macros. The documents are used frequently on the devices of the company’s accounting team. You need to hide false positive in the Alerts queue, while maintaining the existing security posture. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Resolve the alert automatically
B. Hide the alert
C. Create a suppression rule scoped to any device
D. Create a suppression rule scoped to a device group
E. Generate the alert
عرض الإجابة
اجابة صحيحة: A
السؤال #19
You provision a Linux virtual machine in a new Azure subscription. You enable Azure Defender and onboard the virtual machine to Azure Defender. You need to verify that an attack on the virtual machine triggers an alert in Azure Defender. Which two Bash commands should you run on the virtual machine? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. cp /bin/echo
B.
C. cp /bin/echo
D.
عرض الإجابة
اجابة صحيحة: A
السؤال #20
You have an Azure Sentinel deployment. You need to query for all suspicious credential access activities. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
A. Mastered
B. Not Mastered
عرض الإجابة
اجابة صحيحة: B
السؤال #21
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You use Azure Security Center. You receive a security alert in Security Center
A. Yes
B. No
عرض الإجابة
اجابة صحيحة: C
السؤال #22
You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in. Which anomaly detection policy should you use?
A. Impossible travel
B. Activity from anonymous IP addresses
C. Activity from infrequent country
D. Malware detection
عرض الإجابة
اجابة صحيحة: BC
السؤال #23
You are informed of a new common vulnerabilities and exposures (CVE) vulnerability that affects your environment. You need to use Microsoft Defender Security Center to request remediation from the team responsible for the affected systems if there is a documented active exploit available. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
A. Mastered
B. Not Mastered
عرض الإجابة
اجابة صحيحة: AD
السؤال #24
You need to visualize Azure Sentinel data and enrich the data by using third-party data sources to identify indicators ofcompromise (IoC).What should you use?
A. notebooks in Azure Sentinel
B. Microsoft Cloud App Security
C. Azure Monitor
D. hunting queries in Azure Sentinel
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: