Confidently Practice Online with Free SC-200 Exam Cram

You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1. You create a hunting query that detects a new attack vector. The attack vector maps to a tactic listed in the MITRE ATT&CK database. You need to ensure that an incident is created in WS1 when the new attack vector is detected. What should you configure?

You have a Microsoft Sentinel workspace named SW1. In SW1, you investigate an incident that is associated with the following entities: Host IP address User account Malware name Which entity can be labeled as an indicator of compromise (loC) directly from the incident s page?

You need to identify which mean time metrics to use to meet the Microsoft Sentinel requirements. Which workbook should you use?

You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure Sentinel requirements and the business requirements. Which role should you assign?

You have an on-premises network. You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Identity. From the Microsoft Defender portal, you investigate an incident on a device named Device1 of a user named User1. The incident contains the following Defender for Identity alert. Suspected identity theft (pass-the-ticket) (external ID 2018) You need to contain the incident without affecting users and devices. The solution must minimize administrative effort. What should you do?