You have a Microsoft Sentinel workspace named Workspaces You need to exclude a built-in. source-specific Advanced Security Information Model (ASIM) parser from a built-in unified ASIM parser. What should you create in Workspace1?

You have the following KQL query.

You have an Azure subscription that has Azure Defender enabled for all supported resource types. You need to configure the continuous export of high-severity alerts to enable their retrieval from a third-party security information and event management (SIEM) solution. To which service should you export the alerts?

You have a Microsoft 365 E5 subscription that uses Microsoft 365 Defender. You need to review new attack techniques discovered by Microsoft and identify vulnerable resources in the subscription. The solution must minimize administrative effort Which blade should you use in the Microsoft 365 Defender portal?

You have two Azure subscriptions that use Microsoft Defender for Cloud. You need to ensure that specific Defender for Cloud security alerts are suppressed at the root management group level. The solution must minimize administrative effort. What should you do in the Azure portal?

You have a Microsoft Sentinel workspace. You receive multiple alerts for failed sign in attempts to an account. You identify that the alerts are false positives. You need to prevent additional failed sign-in alerts from being generated for the account. The solution must meet the following requirements. ? Ensure that failed sign-in alerts are generated for other accounts. ? Minimize administrative effort What should do?

You have a third-party security information and event management (SIEM) solution. You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD) sign-events in near real time. What should you do to route events to the SIEM solution?

You are investigating a potential attack that deploys a new ransomware strain. You plan to perform automated actions on a group of highly valuable machines that contain sensitive information. You have three custom device groups. You need to be able to temporarily group the machines to perform actions on the devices. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

You need to remediate active attacks to meet the technical requirements. What should you include in the solution?

You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscription. You need to use Defender for Cloud to protect on-premises computers. What should you do on the on-premises computers?

You have a Microsoft 365 E5 subscription that uses Microsoft SharePoint Online. You delete users from the subscription. You need to be notified if the deleted users downloaded numerous documents from SharePoint Online sites during the month before their accounts were deleted. What should you use?