Join the discussion
Question 1/158
Your company deploys Azure Sentinel.
You plan to delegate the administration of Azure Sentinel to various groups.
You need to delegate the following tasks:
Create and run playbooks
Create workbooks and analytic rules.
The solution must use the principle of least privilege.
Which role should you assign for each task? To answer, drag the appropriate roles to the correct tasks. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You plan to delegate the administration of Azure Sentinel to various groups.
You need to delegate the following tasks:
Create and run playbooks
Create workbooks and analytic rules.
The solution must use the principle of least privilege.
Which role should you assign for each task? To answer, drag the appropriate roles to the correct tasks. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/roles
Add Comments
- Other Question (158q)
- Q1. Your company deploys Azure Sentinel. You plan to delegate the administration of Azure Sent...
- Q2. You need to create a query for a workbook. The query must meet the following requirements:...
- Q3. You have five on-premises Linux servers. You have an Azure subscription that uses Microsof...
- Q4. You have an Azure Storage account that will be accessed by multiple Azure Function apps du...
- Q5. You have a Microsoft 365 E5 subscription that uses Microsoft Defender and an Azure subscri...
- Q6. You have an Azure subscription that has Azure Defender enabled for all supported resource ...
- Q7. You have the following advanced hunting query in Microsoft 365 Defender. (Exhibit) You nee...
- Q8. You are investigating an incident by using Microsoft 365 Defender. You need to create an a...
- Q9. You have an Azure subscription that contains 100 Linux virtual machines. You need to confi...
- Q10. You have a Microsoft Sentinel workspace named sws1. You need to create a hunting query to ...
- Q11. Your company uses Microsoft Defender for Endpoint. The company has Microsoft Word document...
- Q12. You have a Microsoft 365 E5 subscription. You plan to perform cross-domain investigations ...
- Q13. You are informed of a new common vulnerabilities and exposures (CVE) vulnerability that af...
- Q14. You are investigating an incident by using Microsoft 365 Defender. You need to create an a...
- Q15. You have the resources shown in the following table. (Exhibit) You need to prevent duplica...
- Q16. A company wants to analyze by using Microsoft 365 Apps. You need to describe the connected...
- Q17. Your on-premises network contains 100 servers that run Windows Server. You have an Azure s...
- Q18. You have an Azure subscription that is linked to a hybrid Azure AD tenant and contains a M...
- Q19. You need to configure the Microsoft Sentinel integration to meet the Microsoft Sentinel re...
- Q20. You need to correlate data from the SecurityEvent Log Anarytks table to meet the Microsoft...
- Q21. You are configuring Azure Sentinel. You need to send a Microsoft Teams message to a channe...
- Q22. You have a Microsoft Sentinel workspace. You need to create a KQL query that will identify...
- Q23. You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint. You need ...
- Q24. You are investigating an incident by using Microsoft 365 Defender. You need to create an a...
- Q25. Note: This question is part of a series of questions that present the same scenario. Each ...
- Q26. You have an Azure subscription that uses Azure Defender. You plan to use Azure Security Ce...
- Q27. You have a Microsoft 365 subscription that uses Microsoft Defender for Cloud Apps and has ...
- Q28. You create an Azure subscription. You enable Azure Defender for the subscription. You need...
- Q29. You plan to connect an external solution that will send Common Event Format (CEF) messages...
- Q30. You have the resources shown in the following table. (Exhibit) You need to prevent duplica...
- Q31. You have a custom detection rule that includes the following KQL query. (Exhibit) For each...
- Q32. You need to meet the Microsoft Defender for Cloud Apps requirements What should you do? To...
- Q33. You have a Microsoft Sentinel workspace named Workspace1. You need to exclude a built-in, ...
- Q34. You are investigating an incident by using Microsoft 365 Defender. You need to create an a...
- Q35. The issue for which team can be resolved by using Microsoft Defender for Office 365?...
- Q36. You have an Azure Storage account that will be accessed by multiple Azure Function apps du...
- Q37. You are informed of an increase in malicious email being received by users. You need to cr...
- Q38. Your network contains an on-premises Active Directory Domain Services (AD DS) domain that ...
- Q39. You have a Microsoft Sentinel workspace that contains an Azure AD data connector. You need...
- Q40. Your network contains an on-premises Active Directory Domain Services (AD DS) domain that ...
- Q41. From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown...
- Q42. You need to create the analytics rule to meet the Azure Sentinel requirements. What should...
- Q43. You have an Azure Sentinel deployment in the East US Azure region. You create a Log Analyt...
- Q44. You have an Azure subscription that uses Microsoft Sentinel. You need to create a custom r...
- Q45. You have a Microsoft subscription that has Microsoft Defender for Cloud enabled You config...
- Q46. You need to add notes to the events to meet the Azure Sentinel requirements. Which three a...
- Q47. You are investigating an incident by using Microsoft 365 Defender. You need to create an a...
- Q48. You have an Azure Functions app that generates thousands of alerts in Azure Security Cente...
- Q49. You are investigating an incident by using Microsoft 365 Defender. You need to create an a...
- Q50. You have an Azure subscription that contains a user named User1. User1 is assigned an Azur...
- Q51. You need to use an Azure Resource Manager template to create a workflow automation that wi...
- Q52. You are informed of a new common vulnerabilities and exposures (CVE) vulnerability that af...
- Q53. You plan to connect an external solution that will send Common Event Format (CEF) messages...
- Q54. You have an Microsoft Sentinel workspace named SW1. You plan to create a custom workbook t...
- Q55. You have a Microsoft 365 subscription. The subscription uses Microsoft 365 Defender and ha...
- Q56. You have a Microsoft 365 E5 subscription that uses Microsoft Defender and an Azure subscri...
- Q57. You need to create the analytics rule to meet the Azure Sentinel requirements. What should...
- Q58. You need to implement Azure Defender to meet the Azure Defender requirements and the busin...
- Q59. You need to meet the Microsoft Sentinel requirements for collecting Windows Security event...
- Q60. You have resources in Azure and Google cloud. You need to ingest Google Cloud Platform (GC...
- Q61. You deploy Azure Sentinel. You need to implement connectors in Azure Sentinel to monitor M...
- Q62. You need to identify which mean time metrics to use to meet the Microsoft Sentinel require...
- Q63. You need to configure DC1 to meet the business requirements. Which four actions should you...
- Q64. You have a custom detection rule that includes the following KQL query. (Exhibit) For each...
- Q65. You need to configure the Azure Sentinel integration to meet the Azure Sentinel requiremen...
- Q66. You need to use an Azure Sentinel analytics rule to search for specific criteria in Amazon...
- Q67. You use Azure Sentinel. You need to use a built-in role to provide a security analyst with...
- Q68. HOTSPOT You need to create an advanced hunting query to investigate the executive team iss...
- Q69. You need to create the analytics rule to meet the Azure Sentinel requirements. What should...
- Q70. You have an Azure subscription that contains an Microsoft Sentinel workspace. You need to ...
- Q71. You have a Microsoft Sentinel workspace that contains a custom workbook. You need to query...
- Q72. You have resources in Azure and Google cloud. You need to ingest Google Cloud Platform (GC...
- Q73. You have an Azure subscription that uses Microsoft Sentinel. You detect a new threat by us...
- Q74. You are investigating a potential attack that deploys a new ransomware strain. You plan to...
- Q75. You are investigating an incident by using Microsoft 365 Defender. You need to create an a...
- Q76. You have a Microsoft Sentinel workspace named sws1. You plan to create an Azure logic app ...
- Q77. You need to create the analytics rule to meet the Azure Sentinel requirements. What should...
- Q78. You have a Microsoft Sentinel workspace named Workspaces You configure Workspace1 to c oll...
- Q79. You need to complete the query for failed sign-ins to meet the technical requirements. Whe...
- Q80. You need to configure the Azure Sentinel integration to meet the Azure Sentinel requiremen...
- Q81. You have a Microsoft 365 subscription that uses Microsoft 365 Defender and contains a user...
- Q82. You have a Microsoft 365 subscription that uses Microsoft 365 Defender and contains a user...
- Q83. You need to implement Azure Sentinel queries for Contoso and Fabrikam to meet the technica...
- Q84. Your company deploys Azure Sentinel. You plan to delegate the administration of Azure Sent...
- Q85. You have a Microsoft Sentinel workspace named workspace1 that contains custom Kusto querie...
- Q86. You have an Azure subscription that uses Microsoft Defender for Cloud. You have an Amazon ...
- Q87. You need to implement Azure Sentinel queries for Contoso and Fabrikam to meet the technica...
- Q88. You need to remediate active attacks to meet the technical requirements. What should you i...
- Q89. You need to create the analytics rule to meet the Azure Sentinel requirements. What should...
- Q90. You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscrip...
- Q91. You create an Azure subscription named sub1. In sub1, you create a Log Analytics workspace...
- Q92. You deploy Azure Sentinel. You need to implement connectors in Azure Sentinel to monitor M...
- Q93. You need to configure event monitoring for Server1. The solution must meet the Microsoft S...
- Q94. You have resources in Azure and Google cloud. You need to ingest Google Cloud Platform (GC...
- Q95. HOTSPOT You have a Microsoft 365 E5 subscription. You plan to perform cross-domain investi...
- Q96. You implement Safe Attachments policies in Microsoft Defender for Office 365. Users report...
- Q97. You need to create the analytics rule to meet the Azure Sentinel requirements. What should...
- Q98. You have an Azure subscription that contains a Log Analytics workspace. You need to enable...
- Q99. Your company uses Microsoft Sentinel A new security analyst reports that she cannot assign...
- Q100. You need to visualize Azure Sentinel data and enrich the data by using third-party data so...
- Q101. You have an Azure Storage account that will be accessed by multiple Azure Function apps du...
- Q102. You have a Microsoft 365 E5 subscription that is linked to a hybrid Azure AD tenant. You n...
- Q103. You need to configure the Microsoft Sentinel integration to meet the Microsoft Sentinel re...
- Q104. You have resources in Azure and Google cloud. You need to ingest Google Cloud Platform (GC...
- Q105. You have a Microsoft Sentinel workspace You develop a custom Advanced Security information...
- Q106. You need to configure DC1 to meet the business requirements. Which four actions should you...
- Q107. You need to recommend remediation actions for the Azure Defender alerts for Fabrikam. What...
- Q108. You have an Azure Functions app that generates thousands of alerts in Azure Security Cente...
- Q109. You are investigating an incident by using Microsoft 365 Defender. You need to create an a...
- Q110. You have a Microsoft Sentinel workspace. You have a query named Query1 as shown in the fol...
- Q111. You have an Azure subscription. You need to delegate permissions to meet the following req...
- Q112. You need to use an Azure Resource Manager template to create a workflow automation that wi...
- Q113. You need to configure DC1 to meet the business requirements. Which four actions should you...
- Q114. You have a Microsoft Sentinel workspace named Workspaces You configure Workspace1 to colle...
- Q115. You manage the security posture of an Azure subscription that contains two virtual machine...
- Q116. A company wants to analyze by using Microsoft 365 Apps. You need to describe the connected...
- Q117. You have a Microsoft subscription that has Microsoft Defender for Cloud enabled You config...
- Q118. You have a Microsoft 365 subscription that contains 1,000 Windows 10 devices. The devices ...
- Q119. You have a Microsoft 365 E5 subscription. You plan to perform cross-domain investigations ...
- Q120. Your company uses Azure Sentinel. A new security analyst reports that she cannot assign an...
- Q121. You have an Azure Sentinel deployment in the East US Azure region. You create a Log Analyt...
- Q122. You have an Azure subscription that has Azure Defender enabled for all supported resource ...
- Q123. You have a Microsoft 365 E5 subscription that uses Microsoft 365 Defender. You need to rev...
- Q124. You have a Microsoft Sentinel workspace named sws1. You need to create a hunting query to ...
- Q125. You receive an alert from Azure Defender for Key Vault. You discover that the alert is gen...
- Q126. You have an Azure DevOps organization that uses Microsoft Defender for DevOps. The organiz...
- Q127. You have a Microsoft Sentinel workspace named sws1. You need to create a hunting query to ...
- Q128. You have a Microsoft 365 E5 subscription that contains two users named User! and User2. Yo...
- Q129. You need to create a query for a workbook. The query must meet the following requirements:...
- Q130. You have a Microsoft 365 E5 subscription that contains two users named User! and User2. Yo...
- Q131. You have resources in Azure and Google cloud. You need to ingest Google Cloud Platform (GC...
- Q132. You have an Azure subscription that uses Azure Defender. You plan to use Azure Security Ce...
- Q133. You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for Endp...
- Q134. You need to add notes to the events to meet the Azure Sentinel requirements. Which three a...
- Q135. You have an Azure subscription that contains a quest user named Userl and a Microsoft Sent...
- Q136. You have a Microsoft 365 E5 subscription that uses Microsoft Defender and an Azure subscri...
- Q137. You need to implement the Microsoft Sentinel NRT rule for monitoring the designated break ...
- Q138. Your company stores the data for every project in a different Azure subscription. All the ...
- Q139. You have a Microsoft Sentinel workspace that contains an Azure AD data connector. You need...
- Q140. Your company deploys Azure Sentinel. You plan to delegate the administration of Azure Sent...
- Q141. You have the following SQL query. (Exhibit)
- Q142. You have a Microsoft 365 E5 subscription that contains 100 Linux devices. The devices are ...
- Q143. You use Azure Sentinel. You need to receive an immediate alert whenever Azure Storage acco...
- Q144. You are investigating a potential attack that deploys a new ransomware strain. You plan to...
- Q145. You have an Azure Functions app that generates thousands of alerts in Azure Security Cente...
- Q146. You are investigating an incident by using Microsoft 365 Defender. You need to create an a...
- Q147. You have an Azure subscription named Sub1 and a Microsoft 365 subscription. Sub1 is linked...
- Q148. You have a Microsoft 365 subscription that uses Microsoft 365 Defender. You plan to create...
- Q149. You have an Azure subscription linked to an Azure Active Directory (Azure AD) tenant. The ...
- Q150. You have an Azure subscription. You need to delegate permissions to meet the following req...
- Q151. You have a Microsoft 365 E5 subscription. You plan to perform cross-domain investigations ...
- Q152. You have a Microsoft Sentinel workspace named Workspace1 and 200 custom Advanced Security ...
- Q153. You need to recommend remediation actions for the Azure Defender alerts for Fabrikam. What...
- Q154. You have a Microsoft 365 E5 subscription that contains 200 Windows 10 devices enrolled in ...
- Q155. You have a Microsoft 365 E5 subscription. You plan to perform cross-domain investigations ...
- Q156. You deploy Azure Sentinel. You need to implement connectors in Azure Sentinel to monitor M...
- Q157. Your network contains an on-premises Active Directory Domain Services (AD DS) domain that ...
- Q158. You need to create a query to investigate DNS-related activity. The solution must meet the...
