01. If you're hunting in Sentinel and come across results you want to use later, what would you use to save them for later?
a) Notebook
b) Livestream
c) Analytics rule
d) Bookmark
02. You receive a security bulletin about a potential attack that uses an image file. You need to create an indicator of compromise (IoC) in Microsoft Defender for Endpoint to prevent the attack. Which indicator type should you use?
a) a URL/domain indicator that has Action set to Alert only
b) a URL/domain indicator that has Action set to Alert and block
c) a file hash indicator that has Action set to Alert and block
d) a certificate indicator that has Action set to Alert and block
03. A security administrator receives email alerts from Azure Defender for activities such as potential malware uploaded to a storage account and potential successful brute force attacks.
The security administrator does NOT receive email alerts for activities such as antimalware action failed and suspicious network activity. The alerts appear in Azure Security Center. You need to ensure that the security administrator receives email alerts for all the activities.
What should you configure in the Security Center settings?
a) the severity level of email notifications
b) a cloud connector
c) the Azure Defender plans
d) the integration settings for Threat detection
04. You receive an alert from Azure Defender for Key Vault. You discover that the alert is generated from multiple suspicious IP addresses. You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must minimize the impact on legitimate users.
What should you do first?
a) Modify the access control settings for the key vault.
b) Enable the Key Vault firewall.
c) Create an application security group.
d) Modify the access policy for the key vault.
05. What type of policy would you create in MDA to monitor employee credentials being used in another country?
a) Access policy
b) Session policy
c) Activity policy
d) Privileged accounts
The issue for which team can be resolved by using Microsoft Defender for Endpoint?
a) executive
b) sales
c) marketing
d) security
07. Your company has a single office in Istanbul and a Microsoft 365 subscription. The company plans to use conditional access policies to enforce multi-factor authentication (MFA). You need to enforce MFA for all users who work remotely.
What should you include in the solution?
a) a fraud alert
b) a user risk policy
c) a sign-in user policy
d) a named location
08. You implement Safe Attachments policies in Microsoft Defender for Office 365. Users report that email messages containing attachments take longer than expected to be received.
You need to reduce the amount of time it takes to deliver messages that contain attachments without compromising security. The attachments must be scanned for malware, and any messages that contain malware must be blocked.
What should you configure in the Safe Attachments policies?
a) Dynamic Delivery
b) Replace
c) Block and Enable redirect
d) Monitor and Enable redirect
Which rule setting should you configure to meet the Azure Sentinel requirements?
a) From Set rule logic, turn off suppression.
b) From Analytics rule details, configure the tactics.
c) From Set rule logic, map the entities.
d) From Analytics rule details, configure the severity.
10. You are responsible for responding to Azure Defender for Key Vault alerts. During an investigation of an alert, you discover unauthorized attempts to access a key vault from a Tor exit node. What should you configure to mitigate the threat?
a) Key Vault firewalls and virtual networks
b) Azure Active Directory (Azure AD) permissions
c) role-based access control (RBAC) for the key vault
d) the access policy settings of the key vault