A company named Contoso Ltd. has a main office and five branch offices located throughout North America. The main office is in Seattle. The branch offices are in Toronto, Miami, Houston, Los

Angeles, and Vancouver.

Contoso has a subsidiary named Fabrikam, Ltd. that has offices in New York and San Francisco.

Existing Environment -

End-User Environment -

All users at Contoso use Windows 10 devices. Each user is licensed for Microsoft 365. In addition, iOS devices are distributed to the members of the sales team at Contoso.

Cloud and Hybrid Infrastructure -

All Contoso applications are deployed to Azure.

You enable Microsoft Cloud App Security.

Contoso and Fabrikam have different Azure Active Directory (Azure AD) tenants. Fabrikam recently purchased an Azure subscription and enabled Azure Defender for all supported resource types.

Current Problems -

The security team at Contoso receives a large number of cybersecurity alerts. The security team spends too much time identifying which cybersecurity alerts are legitimate threats, and which are not.

The Contoso sales team uses only iOS devices. The sales team members exchange files with customers by using a variety of third-party tools. In the past, the sales team experienced phishing attacks

on their devices.

The marketing team at Contoso has several Microsoft SharePoint Online sites for collaborating with external vendors. The marketing team has had several incidents in which vendors uploaded files

that contain malware.

The executive team at Contoso suspects a security breach. The executive team requests that you identify which files had more than five activities during the past

48 hours, including data access, download, or deletion for Microsoft Cloud App Security-protected applications.

Requirements -

Planned Changes -

Contoso plans to integrate the security operations of both companies and manage all security operations centrally.

Technical Requirements -

Contoso identifies the following technical requirements:

Receive alerts if an Azure virtual machine is under brute force attack.

Use Azure Sentinel to reduce organizational risk by rapidly remediating active attacks on the environment.

Implement Azure Sentinel queries that correlate data across the Azure AD tenants of Contoso and Fabrikam.

Develop a procedure to remediate Azure Defender for Key Vault alerts for Fabrikam in case of external attackers and a potential compromise of its own Azure

AD applications.

Identify all cases of users who failed to sign in to an Azure resource for the first time from a given country. A junior security administrator provides you with the following incomplete query.

BehaviorAnalytics -

| where ActivityType == "FailedLogOn"

| where ________ == True

The issue for which team can be resolved by using Microsoft Defender for Endpoint?

一家名为Contoso有限公司的公司在北美有一个总办事处和五个分办事处。主要办公室在西雅图。分公司位于多伦多、迈阿密、休斯顿、洛杉矶和温哥华。Contoso在纽约和旧金山设有办事处的子公司Fabrikam,Ltd。

现有环境-

最终用户环境-Contoso的所有用户都使用Windows10设备。每个用户都有微软365的授权。此外，iOS的设备被分配给Contoso的销售团队的成员。

云和混合基础设施一所有Contoso应用程序都部署到Azure。

您启用微软云应用程序安全性。

contoso和Fabrikam拥有不同的Azure Active Directory(AzureAD)租户。Fabrikam最近购买了Azure订阅，并为所有受支持的资源类型启用了Azure Defender。

目前存在的问题一

Contoso的安全团队收到大量网络安全警报。安全团队花费了太多的时间来确定哪些网络安全警报是合法的威物，哪些不是，康多索的销售团队只使用iOS的设备。销售团队成员通过使用各种第三方工具与客户交换文件。在过去，销售团队经历过网络钓鱼攻击在他们的设备上。

Contoso的营销团队有几个微软sharePoint online网站，用于与外部供应商合作。营销团队曾发生过几起供应商上传包含恶意软件的文件的事件。Contoso的管理团队怀疑有安全漏洞。执行团队要求您确定哪些文件在过去48小时内有超过5个活动，包括Microsoft cloudApp安全保护应用程序的数据访问、下载或删除。

所需资源-

计划中的变化一

Contoso计划整合两家公司的安全运营，并集中管理所有的安全运营。

技术要求--

Contoso确定了以下技术要求:

如果Azure虚拟机受到暴力攻击，则接收警报。使用Azure Sentinel快速修复对环境的主动攻击，从而降低组织风险。实现Azure Sentinel查询，将Contoso和Fabrikam的Azure AD租户之间的数据关联起来。制定针对Fabrikam的密钥保管库警报的Azure Defender补救程序，以防外部攻击者及其自身Azure受到潜在威胁

AD的应用程序。

识别从给定国家/地区首次登录Azure资源失败的用户的所有情况。初级安全管理员为您提供了以下不完整的查询。

BehaviorAnalytics -

| where ActivityType == "FailedLogOn"

| where ________ == True

The issue for which team can be resolved by using Microsoft Defender for Endpoint?

A company named Contoso Ltd. has a main office and five branch offices located throughout North America. The main office is in Seattle. The branch offices are in Toronto, Miami, Houston, Los

Angeles, and Vancouver.

Contoso has a subsidiary named Fabrikam, Ltd. that has offices in New York and San Francisco.

Existing Environment -

End-User Environment -

All users at Contoso use Windows 10 devices. Each user is licensed for Microsoft 365. In addition, iOS devices are distributed to the members of the sales team at Contoso.

Cloud and Hybrid Infrastructure -

All Contoso applications are deployed to Azure.

You enable Microsoft Cloud App Security.

Contoso and Fabrikam have different Azure Active Directory (Azure AD) tenants. Fabrikam recently purchased an Azure subscription and enabled Azure Defender for all supported resource types.

Current Problems -

The security team at Contoso receives a large number of cybersecurity alerts. The security team spends too much time identifying which cybersecurity alerts are legitimate threats, and which are not.

The Contoso sales team uses only iOS devices. The sales team members exchange files with customers by using a variety of third-party tools. In the past, the sales team experienced phishing attacks

on their devices.

The marketing team at Contoso has several Microsoft SharePoint Online sites for collaborating with external vendors. The marketing team has had several incidents in which vendors uploaded files

that contain malware.

The executive team at Contoso suspects a security breach. The executive team requests that you identify which files had more than five activities during the past

48 hours, including data access, download, or deletion for Microsoft Cloud App Security-protected applications.

Requirements -

Planned Changes -

Contoso plans to integrate the security operations of both companies and manage all security operations centrally.

Technical Requirements -

Contoso identifies the following technical requirements:

Receive alerts if an Azure virtual machine is under brute force attack.

Use Azure Sentinel to reduce organizational risk by rapidly remediating active attacks on the environment.

Implement Azure Sentinel queries that correlate data across the Azure AD tenants of Contoso and Fabrikam.

Develop a procedure to remediate Azure Defender for Key Vault alerts for Fabrikam in case of external attackers and a potential compromise of its own Azure

AD applications.

Identify all cases of users who failed to sign in to an Azure resource for the first time from a given country. A junior security administrator provides you with the following incomplete query.

BehaviorAnalytics -

| where ActivityType == "FailedLogOn"

| where ________ == True

The issue for which team can be resolved by using Microsoft Defender for Office 365?

一家名为Contoso有限公司的公司在北美有一个总办事处和五个分办事处。主要办公室在西雅图。分公司位于多伦多、迈阿密、休斯顿、洛杉矶和温哥华。Contoso在纽约和旧金山设有办事处的子公司Fabrikam,Ltd。

现有环境-

最终用户环境-Contoso的所有用户都使用Windows10设备。每个用户都有微软365的授权。此外，iOS的设备被分配给Contoso的销售团队的成员。

云和混合基础设施一所有Contoso应用程序都部署到Azure。

您启用微软云应用程序安全性。

contoso和Fabrikam拥有不同的Azure Active Directory(AzureAD)租户。Fabrikam最近购买了Azure订阅，并为所有受支持的资源类型启用了Azure Defender。

目前存在的问题一

Contoso的安全团队收到大量网络安全警报。安全团队花费了太多的时间来确定哪些网络安全警报是合法的威物，哪些不是，康多索的销售团队只使用iOS的设备。销售团队成员通过使用各种第三方工具与客户交换文件。在过去，销售团队经历过网络钓鱼攻击在他们的设备上。

Contoso的营销团队有几个微软sharePoint online网站，用于与外部供应商合作。营销团队曾发生过几起供应商上传包含恶意软件的文件的事件。Contoso的管理团队怀疑有安全漏洞。执行团队要求您确定哪些文件在过去48小时内有超过5个活动，包括Microsoft cloudApp安全保护应用程序的数据访问、下载或删除。

所需资源-

计划中的变化一

Contoso计划整合两家公司的安全运营，并集中管理所有的安全运营。

技术要求--

Contoso确定了以下技术要求:

如果Azure虚拟机受到暴力攻击，则接收警报。使用Azure Sentinel快速修复对环境的主动攻击，从而降低组织风险。实现Azure Sentinel查询，将Contoso和Fabrikam的Azure AD租户之间的数据关联起来。制定针对Fabrikam的密钥保管库警报的Azure Defender补救程序，以防外部攻击者及其自身Azure受到潜在威胁

AD的应用程序。

识别从给定国家/地区首次登录Azure资源失败的用户的所有情况。初级安全管理员为您提供了以下不完整的查询。

BehaviorAnalytics -

| where ActivityType == "FailedLogOn"

| where ________ == True

The issue for which team can be resolved by using Microsoft Defender for Office365?

Litware Inc. is a renewable energy company.

Litware has offices in Boston and Seattle. Litware also has remote users located across the United States. To access Litware resources, including cloud resources, the remote users establish a VPN

connection to either office.

Existing Environment -

Identity Environment -

The network contains an Active Directory forest named litware.com that syncs to an Azure Active Directory (Azure AD) tenant named litware.com.

Microsoft 365 Environment -

Litware has a Microsoft 365 E5 subscription linked to the litware.com Azure AD tenant. Microsoft Defender for Endpoint is deployed to all computers that run

Windows 10. All Microsoft Cloud App Security built-in anomaly detection policies are enabled.

Azure Environment -

Litware has an Azure subscription linked to the litware.com Azure AD tenant. The subscription contains resources in the East US Azure region as shown in the following table.

（含图）

Network Environment -

Each Litware office connects directly to the internet and has a site-to-site VPN connection to the virtual networks in the Azure subscription.

On-premises Environment -

The on-premises network contains the computers shown in the following table.

（含图）

Current problems -

Cloud App Security frequently generates false positive alerts when users connect to both offices simultaneously.

Planned Changes and Requirements

Planned Changes -

Litware plans to implement the following changes:

Create and configure Azure Sentinel in the Azure subscription.

Validate Azure Sentinel functionality by using Azure AD test user accounts.

Business Requirements -

Litware identifies the following business requirements:

The principle of least privilege must be used whenever possible.

Costs must be minimized, as long as all other requirements are met.

Logs collected by Log Analytics must provide a full audit trail of user activities.

All domain controllers must be protected by using Microsoft Defender for Identity.

Azure Information Protection Requirements

All files that have security labels and are stored on the Windows 10 computers must be available from the Azure Information Protection ג€" Data

discovery dashboard.

Microsoft Defender for Endpoint requirements

All Cloud App Security unsanctioned apps must be blocked on the Windows 10 computers by using Microsoft Defender for Endpoint.

Microsoft Cloud App Security requirements

Cloud App Security must identify whether a user connection is anomalous based on tenant-level data.

Azure Defender Requirements -

All servers must send logs to the same Log Analytics workspace.

Azure Sentinel Requirements -

Litware must meet the following Azure Sentinel requirements:

Integrate Azure Sentinel and Cloud App Security.

Ensure that a user named admin1 can configure Azure Sentinel playbooks.

Create an Azure Sentinel analytics rule based on a custom query. The rule must automatically initiate the execution of a playbook.

Add notes to events that represent data access from a specific IP address to provide the ability to reference the IP address when navigating

through an investigation graph while hunting.

Create a test rule that generates alerts when inbound access to Microsoft Office 365 by the Azure AD test user accounts is detected. Alerts

generated by the rule must be grouped into individual incidents, with one incident per test user account.

You need to implement the Azure Information Protection requirements.

What should you configure first?

Litware公司是一家可再生能源公司。

Litware在波士顿和西雅图设有办事处。Litware也有位于美国各地的远程用户。要访问Litware资源，包括云资源，远程用户建立VPN连接到任一办公室。

现有环境-

身份识别环境--

该网络包含一个名为litware.com的Active Directory林，该林同步到名为litware.com的AzureActiveDirectory(Azure AD)租户

微软365环境-

Liware有一个微软365E5订阅链接到itware,.comAzureAD租户。Microsot Defenderfor Endpoint部署到运行Windows 10的所有计算机上。所有微软云应用安全内置异常检测策略都已启用。

Azure环境

Litware有一个Azure订阅链接到litware.com Azure AD租户。订阅包含下表所示的East US Azure区域中的资源。

（含图）

网络环境一.

每个Litware办公室都直接连接到互联网，并通过站点到站点的VPN连接到Azure订阅中的虚拟网络。

内部环境-

本地网络包含下表所示的计算机。

（含图）

目前存在的问题-当用户同时连接到两个办公室时，Cloud App Security经常会生成误报警报。计划变更和要求

计划中的变化--

Litware计划实施以下变化:

在Azure订阅中创建和配置Azure Sentinel.

使用Azure AD测试用户帐户验证Azure Sentinel功能。

业务需求-

Litware确定了以下业务要求:

只要有可能，就必须使用最小特权原则

必须尽可能降低成本，只要满足所有其他要求。

由LogAnalytics收集的日志必须提供用户活动的完整审计跟踪。

所有域控制器都必须使用微软Defender forldentity进行保护。Azure信息保护要求存储在Windows 10计算机上的所有带有安全标签的文件必须可从Azure信息保护中使用。““数据发现仪表板。

Microsoft Defender for Endpoint需求

所有云应用程序安全未经批准的应用程序必须通过使用Microsoft Defender for Endpoint在Windows 10计算机上被阳止。微软云应用安全需求Cloud App Security必须根据租户级别的数据识别用户连接是否异常。

Azure Defender的需求

所有服务器都必须将日志发送到相同的日志分析工作区。

Azure Sentinel的要求一

Litware必须满足以下Azure Sentinel要求:

集成Azure Sentinel和云应用程序安全性。

确保名为admin1的用户可以配置Azure Sentinel剧本。

基于自定义查询创建Azure Sentinel分析规则。规则必须自动启动剧本的执行。向表示来自特定IP地址的数据访问的事件添加注释，以便在搜索时在调查图中导航时能够引用该IP地址。

创建测试规则，在检测到AzureAD测试用户帐户对Microsoft Office365的入站访问时生成警报。规则生成的警报必须分组为单个事件，每个测试用户帐户有一个事件。

您需要实现Azure信息保护要求。你应该先配置什么

Litware Inc. is a renewable energy company.

Litware has offices in Boston and Seattle. Litware also has remote users located across the United States. To access Litware resources, including cloud resources, the remote users establish a VPN

connection to either office.

Existing Environment -

Identity Environment -

The network contains an Active Directory forest named litware.com that syncs to an Azure Active Directory (Azure AD) tenant named litware.com.

Microsoft 365 Environment -

Litware has a Microsoft 365 E5 subscription linked to the litware.com Azure AD tenant. Microsoft Defender for Endpoint is deployed to all computers that run

Windows 10. All Microsoft Cloud App Security built-in anomaly detection policies are enabled.

Azure Environment -

Litware has an Azure subscription linked to the litware.com Azure AD tenant. The subscription contains resources in the East US Azure region as shown in the following table.

（含图）

Network Environment -

Each Litware office connects directly to the internet and has a site-to-site VPN connection to the virtual networks in the Azure subscription.

On-premises Environment -

The on-premises network contains the computers shown in the following table.

（含图）

Current problems -

Cloud App Security frequently generates false positive alerts when users connect to both offices simultaneously.

Planned Changes and Requirements

Planned Changes -

Litware plans to implement the following changes:

Create and configure Azure Sentinel in the Azure subscription.

Validate Azure Sentinel functionality by using Azure AD test user accounts.

Business Requirements -

Litware identifies the following business requirements:

The principle of least privilege must be used whenever possible.

Costs must be minimized, as long as all other requirements are met.

Logs collected by Log Analytics must provide a full audit trail of user activities.

All domain controllers must be protected by using Microsoft Defender for Identity.

Azure Information Protection Requirements

All files that have security labels and are stored on the Windows 10 computers must be available from the Azure Information Protection ג€" Data

discovery dashboard.

Microsoft Defender for Endpoint requirements

All Cloud App Security unsanctioned apps must be blocked on the Windows 10 computers by using Microsoft Defender for Endpoint.

Microsoft Cloud App Security requirements

Cloud App Security must identify whether a user connection is anomalous based on tenant-level data.

Azure Defender Requirements -

All servers must send logs to the same Log Analytics workspace.

Azure Sentinel Requirements -

Litware must meet the following Azure Sentinel requirements:

Integrate Azure Sentinel and Cloud App Security.

Ensure that a user named admin1 can configure Azure Sentinel playbooks.

Create an Azure Sentinel analytics rule based on a custom query. The rule must automatically initiate the execution of a playbook.

Add notes to events that represent data access from a specific IP address to provide the ability to reference the IP address when navigating

through an investigation graph while hunting.

Create a test rule that generates alerts when inbound access to Microsoft Office 365 by the Azure AD test user accounts is detected. Alerts

generated by the rule must be grouped into individual incidents, with one incident per test user account.

You need to modify the anomaly detection policy settings to meet the Cloud App Security requirements and resolve the reported problem.

Which policy should you modify?

Litware公司是一家可再生能源公司。

Litware在波士顿和西雅图设有办事处。Litware也有位于美国各地的远程用户。要访问Litware资源，包括云资源，远程用户建立VPN连接到任一办公室。

现有环境-

身份识别环境--

该网络包含一个名为litware.com的Active Directory林，该林同步到名为litware.com的AzureActiveDirectory(Azure AD)租户

微软365环境-

Liware有一个微软365E5订阅链接到itware,.comAzureAD租户。Microsot Defenderfor Endpoint部署到运行Windows 10的所有计算机上。所有微软云应用安全内置异常检测策略都已启用。

Azure环境

Litware有一个Azure订阅链接到litware.com Azure AD租户。订阅包含下表所示的East US Azure区域中的资源。

（含图）

网络环境一.

每个Litware办公室都直接连接到互联网，并通过站点到站点的VPN连接到Azure订阅中的虚拟网络。

内部环境-

本地网络包含下表所示的计算机。

（含图）

目前存在的问题-当用户同时连接到两个办公室时，Cloud App Security经常会生成误报警报。计划变更和要求

计划中的变化--

Litware计划实施以下变化:

在Azure订阅中创建和配置Azure Sentinel.

使用Azure AD测试用户帐户验证Azure Sentinel功能。

业务需求-

Litware确定了以下业务要求:

只要有可能，就必须使用最小特权原则

必须尽可能降低成本，只要满足所有其他要求。

由LogAnalytics收集的日志必须提供用户活动的完整审计跟踪。

所有域控制器都必须使用微软Defender forldentity进行保护。Azure信息保护要求存储在Windows 10计算机上的所有带有安全标签的文件必须可从Azure信息保护中使用。““数据发现仪表板。

Microsoft Defender for Endpoint需求

所有云应用程序安全未经批准的应用程序必须通过使用Microsoft Defender for Endpoint在Windows 10计算机上被阳止。微软云应用安全需求Cloud App Security必须根据租户级别的数据识别用户连接是否异常。

Azure Defender的需求

所有服务器都必须将日志发送到相同的日志分析工作区。

Azure Sentinel的要求一

Litware必须满足以下Azure Sentinel要求:

集成Azure Sentinel和云应用程序安全性。

确保名为admin1的用户可以配置Azure Sentinel剧本。

基于自定义查询创建Azure Sentinel分析规则。规则必须自动启动剧本的执行。向表示来自特定IP地址的数据访问的事件添加注释，以便在搜索时在调查图中导航时能够引用该IP地址。

创建测试规则，在检测到AzureAD测试用户帐户对Microsoft Office365的入站访问时生成警报。规则生成的警报必须分组为单个事件，每个测试用户帐户有一个事件。

您需要修改异常检测策略设置，以满足Cloud App Security要求并解决报告的问题。您应该修改哪个策略

Which anomaly detection policy should you use?

当用户尝试从组织中的其他用户从未使用过的位置登录时，您需要收到安全警报。您应该使用哪种异常检测策略?

You have Microsoft SharePoint Online sites that contain sensitive documents. The documents contain customer account numbers that each consists of 32 alphanumeric characters.

You need to create a data loss prevention (DLP) policy to protect the sensitive documents.

What should you use to detect which documents are sensitive?

您有一个使用Microsoft Defender for Office365的Microsoft 365订阅。您有包含敏感文档的MicrosoftSharePoint Online网站。文档包含客户帐户您需要创建数据丢失防护(DLP)策略来保护敏感文档。nt数字，每个数字由32个字母数字字符组成。你应该用什么来检测哪些文档是敏感的?

have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

Solution: From Entity tags, you add the accounts as Honeytoken accounts.

Does this meet the goal?

附注:这个问题是呈现相同场景的一系列问题的一部分。系列中的每一个问题都包含了一个可能达到既定目标的独特解决方案。有些问题集可能有一个以上的正确答案，而其他问题集可能没有一个正确答案

在您回答完本节中的一个问题后，您将无法返回到该问题。因此，这些问题将不会出现在审核屏幕中。

您正在为与Active Directory集成的身份配置Microsoft Defender。

从Microsoft Defenderforidentity门户，您需要配置多个帐户以供攻击者利用。

解决方案:从Entity标记中，将帐户添加为Honeytoken帐户。

这能达到目标吗

have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

Solution: From Azure AD Identity Protection, you configure the sign-in risk policy.

Does this meet the goal?

而其他问题集可能没有一个正确答案

附注，这个何题是呈现相同场景的一系列问题的一部分。系列中的每一个何歌都包含了一个可能达到既定目标的独特解决方案。

有些问题集可能有一个以上的正确答案。

在您回答完本节中的一个问题后，您将无法返回到该问题。因此，这些问题将不会出现在审核屏幕中

您正在为与Active Directory集成的身份配置Microsoft Defender。

从Microsoft Defender for identity门户，您需要配置多个帐户以供攻击者利用。

解决方案:通过Azure AD身份保护，您可以配置登录风险策略。

这能达到目标吗

have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

Solution: You add the accounts to an Active Directory group and add the group as a Sensitive group.

Does this meet the goal?

您正在为与Active Directory集成的身份配置Microsoft Defender。

从Microsoft Defender for identity门户，您需要配置多个帐户以供攻击者利用。

解决方案:将帐户添加到Active Directory组，并将该组添加为敏感组。

这能达到目标吗

Users report that email messages containing attachments take longer than expected to be received.

You need to reduce the amount of time it takes to deliver messages that contain attachments without compromising security. The attachments must be scanned for malware, and any messages that

contain malware must be blocked.

What should you configure in the Safe Attachments policies?

您在MicrosoftDefenderforOffice 365中实施安全附件策略

用户报告说，收到包含附件的电子邮件的时间比预期的要长。

需要在不影响安全性的情况下，减少传递包含附件的邮件所需的时间。必须对附件进行恶意软件扫描，并且必须阻止包含恶意软件的任何邮件。

您应该在安全附件策略中配置什么?

（含图）

You need to create an indicator of compromise (IoC) in Microsoft Defender for Endpoint to prevent the attack.

Which indicator type should you use?

您收到关于使用图像文件的潜在攻击的安全公告。您需要在Microsoft Defender forEndpoint中创建一个折衷指标(loC)以防止攻击。您应该使用哪种指标类型

（含图）

The company plans to use conditional access policies to enforce multi-factor authentication (MFA).

You need to enforce MFA for all users who work remotely.

What should you include in the solution?

您的公司在伊斯坦布尔只有一个办公室和一个微软365订阅。该公司计划使用条件访问策略来实施多因素身份验证(MFA)您需要对所有远程工作的用户强制执行MFA。解决方案中应该包括哪些内容?

（含图）

have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

Solution: You add each account as a Sensitive account.

Does this meet the goal?

附注:这个问题是呈现相同场景的一系列问题的-一部分。系列中的每个问题都包含了-一个可能达到既定目标的独特解决方案，

有些问额集可能有

个以上的正确答案，而其他问题集可能没有一个正确答案

在您回答完本节中的一个问题后，您将无法返回到该问题。因此，这些问题将不会出现在审核屏幕中，您正在为与Active Directory集成的身份配置Microsoft Defender。从Microsoft Defender for identity门户，您需要配置多个帐户以供攻击者利用。解决方案:您将每个帐户添加为敏感帐户。

这能达到目标吗

What should you use to identify whether zero-hour auto purge (ZAP) moved an email message from the mailbox of a user?

（含图）

You need to mitigate the following device threats:

✑ Microsoft Excel macros that download scripts from untrusted websites

✑ Users that open executable attachments in Microsoft Outlook

✑ Outlook rules and forms exploits

What should you use?

您有一个包含1,000个Windows 10设备的微软365订阅。这些设备安装了微软0ffice 365。您需要缓解以下设备威胁:

从不可信网站下载脚本的Microsoft Excel宏在Microsoft Outlook中打开可执行附件的用户EOutlook规则和窗体利用

你应该用什么

A.Microsoft Defender防病毒

B.Microsoft Defender for Endpoint中的攻击面减少规则

C.Windows Defender防火墙

D.Azure Defender中的自适应应用程序控制

You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD) sign-events in near real time.

What should you do to route events to the SIEM solution?

您拥有第三方安全信息和事件管理(SIEM)解决方案。您雲要确保SIEM解决方案可以近平实时地为Azure Active Directory(Azure AD)签名事件生成警报。您应该如何将事件路由到SIEM解决方案

A.创建具有安全事件连接器的Azure Sentinel工作区。

B.将Azure AD中的诊断设置配置为流式传输到事件中心。

C.创建具有Azure Active Directory连接器的Azure Sentinel工作区。

D.将Azure AD中的诊断设置配置为存档到存储帐户。