You have a Microsoft Sentinel workspace that contains the following incident.
Brute force attack against Azure Portal analytics rule has been triggered.
You need to identify the geolocation information that corresponds to the incident.
What should you do?
You have an existing Azure logic app that is used to block Azure Active Directory (Azure AD) users. The logic app is triggered manually.
You deploy Azure Sentinel.
You need to use the existing logic app as a playbook in Azure Sentinel. What should you do first?
You have a Microsoft 365 subscription.
You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode. You need to ensure that the devices are protected from malicious artifacts that were undetected by the third-party antivirus product Solution: You enable automated investigation and response (AIR).
Does this meet the goal?
You have a Microsoft 365 subscription that uses Microsoft Defender XDR. All endpoint devices are onboarded to Microsoft Defender for Endpoint.
You have an Azure subscription that contains a Microsoft Sentinel workspace named Workspace 1. All Microsoft Defender XDR events are ingested into Workspace1.
You have a Microsoft Entra tenant.
You create a KQL query named query1 that searches device logs for a known vulnerability.
You need to ensure that query1 runs every hour. The solution must minimize administrative effort.
What should you configure?
Copyright © 2021-2025 CertsTopics. All Rights Reserved
