You need to implement the query for Workbook1 and Webapp1. The solution must meet the Microsoft Sentinel requirements. How should you configure the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:

To have a Microsoft Sentinel workbook pull live data from an external web service, you use the workbook's built-in JSON data source. Workbooks can query REST endpoints that return JSON and render results dynamically in visuals. Because the Azure portal (where the workbook runs) is a different origin than your on- prem/public Webapp1, browsers will block these cross-origin requests unless the endpoint explicitly allows them. Therefore, the external service must enable CORS to permit the portal's origin to fetch the JSON. This aligns with Microsoft guidance that Workbooks can query HTTP/HTTPS JSON endpoints and that external endpoints must allow cross-origin requests for client-side calls from the Azure portal. Enforcing CORS on Webapp1 satisfies the security model while enabling the workbook to retrieve data at view time-meeting the requirement to "dynamically retrieve data from Webapp1." Options like "custom endpoint" or "custom resource provider" aren't needed here, and enabling SOP or only enforcing TLS 1.2 wouldn't address the browser's cross-origin policy blocking the call.

Comment: *

Name: *

Email: *

Verification: *

You have a Microsoft Sentinel workspace that contains an Azure AD data connector.
You need to associate a bookmark with an Azure AD-related incident.
What should you do? To answer, drag the appropriate blades to the correct tasks. Each blade may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:
You can use the Logs blade or incident blade to create a bookmark of an Azure AD-related incident. Once the bookmark is created, you can associate it with the incident by using the incident blade. This allows you to quickly and easily access important information related to the incident in the future.

Comment: *

Name: *

Email: *

Verification: *

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint.
You have the on-premises devices shown in the following table.

You are preparing an incident response plan for devices infected by malware. You need to recommend response actions that meet the following requirements:
* Block malware from communicating with and infecting managed devices.
* Do NOT affect the ability to control managed devices.
Which actions should you use for each device? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:

Comment: *

Name: *

Email: *

Verification: *

You have a custom Microsoft Sentinel workbook named Workbooks.
You need to add a grid to Workbook1. The solution must ensure that the grid contains a maximum of 100 rows.
What should you do?

• A.In the grid query, include the project operator.
• B.In the query editor interface, configure Settings.
• C.In the query editor interface, select Advanced Editor
• D.In the grid query, include the take operator.

Comment: *

Name: *

Email: *

Verification: *

You purchase a Microsoft 365 subscription.
You plan to configure Microsoft Cloud App Security.
You need to create a custom template-based policy that detects connections to Microsoft 365 apps that originate from a botnet network.
What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation
Graphical user interface, text, application, table Description automatically generated

Reference:
https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy

Comment: *

Name: *

Email: *

Verification: *