👉Get Full PDF
| Question. 61 You have an Azure Sentinel deployment. You need to create a scheduled query rule named Rule1. What should you use to define the query rule logic for Rule1? A. a Transact-SQL statement B. a JSON definition C. GraphQL D. a Kusto query |
61. Click here to View Answer
Answer:
D
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-custom
| Question.62 HOTSPOT You have an Azure subscription named Subscription1 that contains a resource group named RG1 and a user named User1. User1 is assigned the Owner role for RG1. You create an Azure Blueprints definition named Blueprint1 that includes a resource group named RG2 as shown in the following exhibit.  You assign Blueprint1 to Subscription1 by using the following settings: Lock assignment: Read Only  Managed Identity: System assigned  For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:  |
62. Click here to View Answer
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking
| Question. 63 HOTSPOT You have an Azure subscription named Subscription1 that contains the resources shown in the following table.  You have an Azure subscription named Subscription2 that contains the following resources: An Azure Sentinel workspace  An Azure Event Grid instance  You need to ingest the CEF messages from the NVAs to Azure Sentinel. What should you configure for each subscription? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:  |
63. Click here to View Answer
Answer:
| Question. 64 You have an Azure subscription that contains a resource group named RG1 and a security group named ServerAdmins. RG1 contains 10 virtual machines, a virtual network named VNET1, and a network security group (NSG) named NSG1. ServerAdmins can access the virtual machines by using RDP. You need to ensure that NSG1 only allows RDP connections to the virtual machines for a maximum of 60 minutes when a member of ServerAdmins requests access. What should you configure? A. an Azure policy assigned to RG1 B. a just in time (JIT) VM access policy in Azure Security Center C. an Azure Active Directory (Azure AD) Privileged Identity Management (PIM) role assignment D. an Azure Bastion host on VNET1 |
64. Click here to View Answer
Answer:
B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained
| Question. 65 DRAG DROP You have an Azure subscription that contains the following resources: A network virtual appliance (NVA) that runs non-Microsoft firewall software and routes all outbound traffic from the virtual  machines to the internet An Azure function that contains a script to manage the firewall rules of the NVA  Azure Security Center standard tier enabled for all virtual machines  An Azure Sentinel workspace  30 virtual machines  You need to ensure that when a high-priority alert is generated in Security Center for a virtual machine, an incident is created in Azure Sentinel and then a script is initiated to configure a firewall rule for the NVA. How should you configure Azure Sentinel to meet the requirements? To answer, drag the appropriate components to the correct requirements. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place:  |
65. Click here to View Answer
Answer:
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/sentinel/create-incidents-from-alerts https://docs.microsoft.com/en-
us/azure/sentinel/connect-azure-security-center