Question 161
Open question ↗You have a Microsoft Sentinel workspace that has a default data retention period of 30 days. The workspace contains two custom tables as shown in the following table.
Each table ingested two records per day during the past 365 days.
You build KQL statements for use in analytic rules as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Question 162
Open question ↗You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint.
You have the on-premises devices shown in the following table.
You are preparing an incident response plan for devices infected by malware.
You need to recommend response actions that meet the following requirements:
• Block malware from communicating with and infecting managed devices.
• Do NOT affect the ability to control managed devices.
Which actions should you use for each device? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 163
Open question ↗You have the resources shown in the following table.
You have an Azure subscription that uses Microsoft Defender for Cloud.
You need to use Defender for Cloud to protect VM1 and Server1. The solution must meet the following requirements:
• Support Advanced Threat Protection and vulnerability assessment.
• Register each SQL Server 2022 instance as a SQL virtual machine.
• Minimize implementation and administrative effort.
What should you deploy to each server? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 164
Open question ↗You have an Azure subscription that contains 50 virtual machines.
You plan to deploy Microsoft Defender for Cloud.
You need to enable agentless scanning for 40 virtual machines. The solution must create disk snapshots of the virtual machines and perform out-of-band analysis of the snapshots.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 165
Open question ↗You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains two users named User1 and User2.
You need to ensure that the users can perform searches by using the Microsoft Purview portal. The solution must meet the following requirements:
• Ensure that User1 can search the Microsoft Purview Audit service logs and review the Microsoft Purview Audit service configuration.
• Ensure that User2 can search Microsoft Exchange Online mailboxes.
• Follow the principle of least privilege.
To which Microsoft Purview role group should you add each user? To answer, select the appropriate options in the answer area
NOTE: Each correct selection is worth one point.
Question 166
Open question ↗You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint and contains a user named User1 and a Microsoft 365 group named Group1. All users are assigned a Defender for Endpoint Plan 1 license.
You enable Microsoft Defender XDR Unified role-based access control (RBAC) for Endpoints & Vulnerability Management.
You need to ensure that User1 can configure alerts that will send email notifications to Group1. The solution must follow the principle of least privilege.
Which permissions should you assign to User1?
Question 167
Open question ↗Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that uses Microsoft Defender XDR.
From the Microsoft Defender portal, you perform an audit search and export the results as a file named File1.csv that contains 10,000 rows.
You use Microsoft Excel to perform Get & Transform Data operations to parse the AuditData column from File1.csv. The operations fail to generate columns for specific JSON properties.
You need to ensure that Excel generates columns for the specific JSON properties in the audit search results.
Solution: From Excel, you apply filters to the existing columns in File1.csv to reduce the number of JSON properties, and then you perform the Get 8t Transform Data operations to parse the AuditData column.
Does this meet the requirement?
Question 168
Open question ↗You have a Microsoft 365 E5 subscription that contains two users named User1 and User2 and uses Microsoft Copilot for Security.
From the Copilot for Security portal, User1 starts a session and creates the following prompts:
• Prompt1: Provides access to the Entra plugin
• Prompt2: Provides access to the Intune plugin
• Prompt3: Provides access to the Entra plugin
User1 shares the session with User2.
User2 does NOT have access to Microsoft Intune.
For which prompts can User2 view results during the shared session?
Question 169
Open question ↗You have a Microsoft 365 E5 subscription that uses Microsoft Copilot for Security. Copilot for Security has the default settings configured.
You need to ensure that a user named User can use Copilot for Security to perform the following tasks:
• Upload files.
• View the usage dashboard.
• Share promptbooks with all users.
The solution must follow the principle of least privilege
Which role should you assign to User?
Question 170
Open question ↗You have a Microsoft 365 E5 subscription.
You have a PowerShell script that queries the unified audit log.
You discover that the query returns only the first page of results due to server-side paging.
You need to ensure that you get all the results.
Which property should you query in the results?