Question 1

You need to configure Microsoft Defender for Cloud Apps to generate alerts and trigger remediation actions in response to external sharing of confidential files.

Which two actions should you perform in the Microsoft 365 Defender portal? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options :

A : From Settings, select Information Protection, select Azure Information Protection, and then select Only scan files for Azure Information Protection classification labels and content inspection warnings from this tenant.

B : From Cloud apps, select Files, and then filter File Type to Document.

C : From Settings, select Information Protection, select Files, and then enable file monitoring.

D : From Cloud apps, select Files, and then filter App to Office 365.

E : From Cloud apps, select Files, and then select New policy from search.

F : From Settings, select Information Protection, select Azure Information Protection, and then select Automatically scan new files for Azure Information Protection classification labels and content inspection warnings.

Answer: B,F

Question 2

You have two Azure subscriptions that use Microsoft Defender for Cloud.

You need to ensure that specific Defender for Cloud security alerts are suppressed at the root management group level. The solution must minimize administrative effort.

What should you do in the Azure portal?

Options :

A : Create an Azure Policy assignment.

B : Modify the Workload protections settings in Defender for Cloud.

C : Create an alert rule in Azure Monitor.

D : Modify the alert settings in Defender for Cloud.

Answer: D

Question 3

You plan to review Microsoft Defender for Cloud alerts by using a third-party security information and event management (SIEM) solution.

You need to locate alerts that indicate the use of the Privilege Escalation MITRE ATT&CK tactic.

Which JSON key should you search?

Options :

A : Description

B : Intent

C : ExtendedProperies

D : Entities

Answer: A

Question 4

You need to implement the Defender for Cloud requirements. Which subscription-level role should you assign to Group1?

Options :

A : Security Assessment Contributor

B : Contributor

C : Security Admin

D : Owner

Answer: D

Question 5

Your company uses Azure Security Center and Azure Defender.

The security operations team at the company informs you that it does NOT receive email notifications for security alerts.
What should you configure in Security Center to enable the email notifications?

Options :

A : Security solutions

B : Security policy

C : Pricing & settings

D : Security alerts

E : Azure Defender

Answer: C