You have a Microsoft Sentinel workspace named Workspaces
You configure Workspace1 to collect DNS events and deploy the Advanced Security
information Model (ASIM) unifying parser for the DNS schema.
You need to query the ASIM DNS schema to list all the DNS events from the last 24 hours
that have a response code of 'NXDOMAIN' and were aggregated by the source IP address
in 15-minute intervals. The solution must maximize query performance.
How should you complete the query? To answer, select the appropriate options in the
answer area
NOTE: Each correct selection is worth one point.

You have an Azure Functions app that generates thousands of alerts in Azure Security
Center each day for normal activity.
You need to hide the alerts automatically in Security Center.
Which three actions should you perform in sequence in Security Center? Each correct
answer presents part of the solution.
NOTE: Each correct selection is worth one point.

You plan to connect an external solution that will send Common Event Format (CEF)
messages to Azure Sentinel. You need to deploy the log forwarder.
Which three actions should you perform in sequence? To answer, move the appropriate
actions form the list of actions to the answer area and arrange them in the correct order.

You have a Microsoft subscription that has Microsoft Defender for Cloud enabled You
configure the Azure logic apps shown in the following table.

You are investigating an incident by using Microsoft 365 Defender.
You need to create an advanced hunting query to detect failed sign-in authentications on
three devices named CFOLaptop, CEOLaptop, and COOLaptop.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription.
You plan to perform cross-domain investigations by using Microsoft 365 Defender.
You need to create an advanced hunting query to identify devices affected by a malicious
email attachment.
How should you complete the query? To answer, select the appropriate options in the
answer area.
NOTE: Each correct selection is worth one point.

Your on-premises network contains 100 servers that run Windows Server.
You have an Azure subscription that uses Microsoft Sentinel.
You need to upload custom logs from the on-premises servers to Microsoft Sentinel.
What should you do? To answer, select the appropriate options m the answer area.

You have 50 on-premises servers.
You have an Azure subscription that uses Microsoft Defender for Cloud. The Defender for
Cloud deployment has Microsoft Defender for Servers and automatic provisioning enabled.
You need to configure Defender for Cloud to support the on-premises servers. The solution
must meet the following requirements:
• Provide threat and vulnerability management.
• Support data collection rules.
Which three actions should you perform in sequence? To answer, move the appropriate
actions from the list of actions to the answer area and arrange them in the correct order.

You need to implement Azure Defender to meet the Azure Defender requirements and the
business requirements.
What should you include in the solution? To answer, select the appropriate options in the
answer area.
NOTE: Each correct selection is worth one point.

You need to add notes to the events to meet the Azure Sentinel requirements.
Which three actions should you perform in sequence? To answer, move the appropriate
actions from the list of action to the answer area and arrange them in the correct order.