<< Prev Question Next Question >>

Question 23/104

You have a third-party security information and event management (SIEM) solution.
You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD) sign-events in near real time.
What should you do to route events to the SIEM solution?

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Question List (104q)
Question 1: You have an Azure subscription that uses Microsoft Sentinel....
Question 2: You have a Microsoft Sentinel workspace that contains an Azu...
Question 3: You are investigating an incident by using Microsoft 365 Def...
1 commentQuestion 4: You have a Microsoft 365 subscription that uses Microsoft Pu...
1 commentQuestion 5: You have a Microsoft Sentinel workspace that has user and En...
Question 6: You have resources in Azure and Google cloud. You need to in...
1 commentQuestion 7: You have a Microsoft Sentinel workspace. You need to prevent...
1 commentQuestion 8: You have an Azure subscription that use Microsoft Defender f...
1 commentQuestion 9: You need to monitor the password resets. The solution must m...
Question 10: Which rule setting should you configure to meet the Microsof...
Question 11: You need to implement the Azure Information Protection requi...
1 commentQuestion 12: Your on-premises network contains 100 servers that run Windo...
1 commentQuestion 13: You need to ensure that the Group1 members can meet the Micr...
1 commentQuestion 14: Your company uses Azure Sentinel to manage alerts from more ...
1 commentQuestion 15: You have an Azure DevOps organization that uses Microsoft De...
1 commentQuestion 16: You have a Microsoft 365 E5 subscription that is linked to a...
1 commentQuestion 17: You need to implement the query for Workbook1 and Webapp1. T...
Question 18: A security administrator receives email alerts from Azure De...
1 commentQuestion 19: You have an Azure subscription that has Microsoft Defender f...
Question 20: You have an Azure subscription that contains a virtual machi...
1 commentQuestion 21: You have a Microsoft 365 tenant that uses Microsoft Exchange...
1 commentQuestion 22: You have an Azure subscription that contains 100 Linux virtu...
Question 23: You have a third-party security information and event manage...
1 commentQuestion 24: You have a Microsoft 365 E5 subscription that uses Microsoft...
Question 25: You need to complete the query for failed sign-ins to meet t...
Question 26: HOTSPOT for the Azure virtual You need to recommend remediat...
1 commentQuestion 27: You have a Microsoft Sentinel workspace named workspace1 and...
1 commentQuestion 28: You need to create a query to investigate DNS-related activi...
Question 29: You have a Microsoft 365 subscription that uses Microsoft 36...
Question 30: You need to modify the anomaly detection policy settings to ...
Question 31: You deploy Azure Sentinel. You need to implement connectors ...
1 commentQuestion 32: You have a Microsoft Sentinel workspace that has a default d...
Question 33: You create a new Azure subscription and start collecting log...
Question 34: Note: This question is part of a series of questions that pr...
Question 35: You need to create the analytics rule to meet the Azure Sent...
Question 36: Your company uses Microsoft Defender for Endpoint. The compa...
1 commentQuestion 37: You have a Microsoft 365 subscription that uses Microsoft 36...
Question 38: You are responsible for responding to Azure Defender for Key...
Question 39: You have a Microsoft 365 subscription that uses Azure Defend...
1 commentQuestion 40: You have an Azure subscription that contains two users named...
Question 41: Your company has a single office in Istanbul and a Microsoft...
Question 42: You have an Azure subscription that has Azure Defender enabl...
1 commentQuestion 43: You need to correlate data from the SecurityEvent Log Anaryt...
Question 44: You have a Microsoft Sentinel workspace that uses the Micros...
Question 45: You need to use an Azure Sentinel analytics rule to search f...
Question 46: You have the following SQL query. (Exhibit)...
Question 47: You need to remediate active attacks to meet the technical r...
Question 48: You have a Microsoft Sentinel workspace that contains a cust...
1 commentQuestion 49: You have 50 on-premises servers. You have an Azure subscript...
Question 50: You receive a security bulletin about a potential attack tha...
Question 51: You are investigating a potential attack that deploys a new ...
Question 52: You have an Azure subscription that uses Microsoft Defender ...
Question 53: You are investigating an incident in Azure Sentinel that con...
Question 54: You have a custom analytics rule to detect threats in Azure ...
Question 55: Note: This question is part of a series of questions that pr...
Question 56: You plan to create a custom Azure Sentinel query that will t...
Question 57: You have four Azure subscriptions. One of the subscriptions ...
Question 58: You use Azure Security Center. You receive a security alert ...
Question 59: You have an Microsoft Sentinel workspace named SW1. You plan...
1 commentQuestion 60: You have an Azure subscription that uses Microsoft Defender ...
Question 61: Note: This question is part of a series of questions that pr...
Question 62: You have a Microsoft Sentinel workspace. You need to create ...
Question 63: You have an Azure subscription that uses resource type for C...
Question 64: You have an Azure Sentinel deployment in the East US Azure r...
Question 65: You have a Microsoft Sentinel workspace You develop a custom...
Question 66: Note: This question is part of a series of questions that pr...
Question 67: Your company deploys Azure Sentinel. You plan to delegate th...
Question 68: You have a custom detection rule that includes the following...
Question 69: You need to use an Azure Resource Manager template to create...
Question 70: Note: This question is part of a series of questions that pr...
1 commentQuestion 71: You need to implement the scheduled rule for incident genera...
1 commentQuestion 72: You have a Microsoft 365 E5 subscription that uses Microsoft...
1 commentQuestion 73: You need to ensure that you can run hunting queries to meet ...
1 commentQuestion 74: You have two Azure subscriptions that use Microsoft Defender...
Question 75: You have an Azure subscription that has Azure Defender enabl...
Question 76: You need to ensure that the processing of incidents generate...
1 commentQuestion 77: You have a Microsoft 365 subscription that contains the foll...
Question 78: You have an Azure subscription named Sub1 that uses Microsof...
Question 79: You create an Azure subscription. You enable Azure Defender ...
1 commentQuestion 80: You have an Azure subscription that uses Microsoft Defender ...
Question 81: You have a Microsoft 365 E5 subscription. You plan to perfor...
Question 82: Your company stores the data for every project in a differen...
1 commentQuestion 83: You have a Microsoft 365 subscription that contains 1,000 Wi...
Question 84: You have a Microsoft Sentinel workspace. You have a query na...
Question 85: Your company has an on-premises network that uses Microsoft ...
Question 86: You are informed of an increase in malicious email being rec...
1 commentQuestion 87: You have a Microsoft 365 E5 subscription that uses Microsoft...
Question 88: You need to receive a security alert when a user attempts to...
Question 89: You have an Azure subscription that uses Azure Defender. You...
Question 90: You need to ensure that the configuration of HuntingQuery1 m...
1 commentQuestion 91: You have an Azure subscription that uses Microsoft Defender ...
Question 92: You need to visualize Azure Sentinel data and enrich the dat...
Question 93: You create an Azure subscription. You enable Microsoft Defen...
Question 94: You have an Azure subscription that has Microsoft Defender f...
Question 95: You have an Azure subscription that contains an Microsoft Se...
1 commentQuestion 96: You plan to create a custom Azure Sentinel query that will p...
1 commentQuestion 97: You have a Microsoft Sentinel workspace. You need to configu...
1 commentQuestion 98: You need to implement the ASIM query for DNS requests. The s...
1 commentQuestion 99: You have an Azure subscription that is linked to a hybrid Az...
Question 100: A company uses Azure Sentinel. You need to create an automat...
Question 101: You need to implement Azure Defender to meet the Azure Defen...
Question 102: You have five on-premises Linux servers. You have an Azure s...
1 commentQuestion 103: Your network contains an on-premises Active Directory Domain...
Question 104: You have an Azure Functions app that generates thousands of ...