- (Topic 2)
You need to implement the Azure Information Protection requirements. What should you configure first?

1. A. Device health and compliance reports settings in Microsoft Defender Security Center
2. B. scanner clusters in Azure Information Protection from the Azure portal
3. C. content scan jobs in Azure Information Protection from the Azure portal
4. D. Advanced features from Settings in Microsoft Defender Security Center

Correct Answer: D
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender- atp/information- protection-in-windows-overview

- (Topic 4)
You have a Microsoft Sentinel workspace that uses the Microsoft 365 Defender data connector.
From Microsoft Sentinel, you investigate a Microsoft 365 incident.
You need to update the incident to include an alert generated by Microsoft Defender for Cloud Apps.
What should you use?

1. A. the entity side panel of the Timeline card in Microsoft Sentinel
2. B. the investigation graph on the Incidents page of Microsoft Sentinel
3. C. the Timeline tab on the Incidents page of Microsoft Sentinel
4. D. the Alerts page in the Microsoft 365 Defender portal

Correct Answer: A

- (Topic 2)
You need to restrict cloud apps running on CUENT1 to meet the Microsoft Defender for Endpoint requirements. Which two configurations should you modify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

1. A. the Cloud Discovery settings in Microsoft Defender for Cloud Apps
2. B. the Onboarding settings from Device management in Settings in Microsoft 365 Defender portal
3. C. Microsoft Defender for Cloud Apps anomaly detection policies
4. D. Advanced features from the Endpoints Settings in the Microsoft 365 Defender portal

Correct Answer: AD

DRAG DROP - (Topic 4)
You have an Azure Sentinel deployment.
You need to query for all suspicious credential access activities.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Topic 4)
You are responsible for responding to Azure Defender for Key Vault alerts.
During an investigation of an alert, you discover unauthorized attempts to access a key vault from a Tor exit node.
What should you configure to mitigate the threat?

1. A. Key Vault firewalls and virtual networks
2. B. Azure Active Directory (Azure AD) permissions
3. C. role-based access control (RBAC) for the key vault
4. D. the access policy settings of the key vault

Correct Answer: A
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/network-security