Question 1

You have a Microsoft Sentinel workspace named Workspace1.

You need to exclude a built-in, source-specific Advanced Security information Model (ASIM) parse from a built-in unified ASIM parser.

What should you create in Workspace1?

Options :

A : a watch list

B : an analytic rule

C : a hunting query

D : a workbook

Answer: A

Question 2

You have an Azure subscription that uses Microsoft Defender for Servers Plan 1 and contains a server named Server1. You enable agentless scanning. You need to prevent Server1 from being scanned. The solution must minimize administrative effort. What should you do?

Options :

A : Create an exclusion tag.

B : Upgrade the subscription to Defender for Servers Plan 2.

C : Create a governance rule.

D : Create an exclusion group.

Answer: D

Question 3

You have an Azure subscription that uses Microsoft Defender fof Ctoud.

You have an Amazon Web Services (AWS) account that contains an Amazon Elastic Compute Cloud (EC2)

instance named EC2-1.

You need to onboard EC2-1 to Defender for Cloud.

What should you install on EC2-1?

Options :

A : the Log Analytics agent

B : the Azure Connected Machine agent

C : the unified Microsoft Defender for Endpoint solution package

D : Microsoft Monitoring Agent

Answer: A

Question 4

You have an Azure subscription that uses Microsoft Defender for Cloud and contains 100 virtual machines

that run Windows Server.

You need to configure Defender for Cloud to collect event data from the virtual machines. The solution must

minimize administrative effort and costs.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options :

A : From the workspace created by Defender for Cloud, set the data collection level to Common

B : From the Microsoft Endpoint Manager admin center, enable automatic enrollment.

C : From the Azure portal, create an Azure Event Grid subscription.

D : From the workspace created by Defender for Cloud, set the data collection level to All Events

E : From Defender for Cloud in the Azure portal, enable automatic provisioning for the virtual machines.

Answer: D,E

Question 5

You have five on-premises Linux servers.

You have an Azure subscription that uses Microsoft Defender for Cloud.

You need to use Defender for Cloud to protect the Linux servers.

What should you install on the servers first?

Options :

A : the Dependency agent

B : the Log Analytics agent

C : the Azure Connected Machine agent

D : the Guest Configuration extension

Answer: B