You are configuring Microsoft Cloud App Security.
You have a custom threat detection policy based on the IP address ranges of your company's United States-based offices.
You receive many alerts related to impossible travel and sign-ins from risky IP addresses.
You determine that 99% of the alerts are legitimate sign-ins from your corporate offices.
You need to prevent alerts for legitimate sign-ins from known locations.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A.Override automatic data enrichment.
• B.Increase the sensitivity level of the impossible travel anomaly detection policy.
• C.Add the IP addresses to the other address range category and add a tag.
• D.Add the IP addresses to the corporate address range category.
• E.Create an activity policy that has an exclusion for the IP addresses.

Comment: *

Name: *

Email: *

Verification: *

You have 50 on-premises servers.
You have an Azure subscription that uses Microsoft Defender for Cloud. The Defender for Cloud deployment has Microsoft Defender for Servers and automatic provisioning enabled.
You need to configure Defender for Cloud to support the on-premises servers. The solution must meet the following requirements:
* Provide threat and vulnerability management.
* Support data collection rules.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Correct Answer:

1 - On the on-premises servers, install the Azure Connected Machine agent.
2 - On the on-premises servers, install the Log Analytics agent.
3 - From the Data controller settings in the Azure portal, create an Azure Arc data controller.

Comment: *

Name: *

Email: *

Verification: *

You have an Azure subscription linked to an Azure Active Directory (Azure AD) tenant. The tenant contains two users named User1 and User2.
You plan to deploy Azure Defender.
You need to enable User1 and User2 to perform tasks at the subscription level as shown in the following table.

The solution must use the principle of least privilege.
Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Correct Answer:

Reference:
https://docs.microsoft.com/en-us/azure/defender-for-cloud/permissions

Comment: *

Name: *

Email: *

Verification: *

You have a Microsoft Sentinel workspace.
You have a query named Query1 as shown in the following exhibit.

You plan to create a custom parser named Parser 1. You need to use Query1 in Parser1. What should you do first?

• A.Remove line 2.
• B.In line 4. remove the TimeGenerated predicate.
• C.Remove line 5.
• D.In line 3, replace the 'contains operator with the !has operator.

Comment: *

Name: *

Email: *

Verification: *

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a user named User1.
You need to ensure that User1 can manage Microsoft Defender XDR custom detection rules and Endpoint security policies. The solution must follow the principle of least privilege.
Which role should you assign to User1?

• A.Security Operator
• B.Desktop Analytics Administrator
• C.Cloud Device Administrator
• D.Security Administrator

Comment: *

Name: *

Email: *

Verification: *