Question 71
Hotspot Question
You have an Azure subscription. The subscription contains an Azure application gateway that use Azure Web Application Firewall (WAF).
You deploy new Azure App Services web apps. Each app is registered automatically in the DNS domain of your company and accessible from the Internet.
You need to recommend a security solution that meets the following requirements:
- Detects vulnerability scans of the apps
- Detects whether newly deployed apps are vulnerable to attack
What should you recommend using? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription. The subscription contains an Azure application gateway that use Azure Web Application Firewall (WAF).
You deploy new Azure App Services web apps. Each app is registered automatically in the DNS domain of your company and accessible from the Internet.
You need to recommend a security solution that meets the following requirements:
- Detects vulnerability scans of the apps
- Detects whether newly deployed apps are vulnerable to attack
What should you recommend using? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 72
You have a Microsoft 365 E5 subscription.
You need to recommend a solution to add a watermark to email attachments that contain sensitive dat a. What should you include in the recommendation?
You need to recommend a solution to add a watermark to email attachments that contain sensitive dat a. What should you include in the recommendation?
Question 73
You have a Microsoft 365 subscription that is protected by using Microsoft 365 Defender You are designing a security operations strategy that will use Microsoft Sentinel to monitor events from Microsoft 365 and Microsoft 365 Defender You need to recommend a solution to meet the following requirements:
* Integrate Microsoft Sentinel with a third-party security vendor to access information about known malware
* Automatically generate incidents when the IP address of a command-and control server is detected in the events What should you configure in Microsoft Sentinel to meet each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
* Integrate Microsoft Sentinel with a third-party security vendor to access information about known malware
* Automatically generate incidents when the IP address of a command-and control server is detected in the events What should you configure in Microsoft Sentinel to meet each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 74
Your company wants to optimize ransomware incident investigations.
You need to recommend a plan to investigate ransomware incidents based on the Microsoft Detection and Response Team (DART) approach.
Which three actions should you recommend performing in sequence in the plan? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to recommend a plan to investigate ransomware incidents based on the Microsoft Detection and Response Team (DART) approach.
Which three actions should you recommend performing in sequence in the plan? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Question 75
Your network contains an on-premises Active Directory Domain Services (AO DS) domain. The domain contains a server that runs Windows Server and hosts shared folders The domain syncs with Azure AD by using Azure AD Connect Azure AD Connect has group writeback enabled.
You have a Microsoft 365 subscription that uses Microsoft SharePoint Online.
You have multiple project teams. Each team has an AD DS group that syncs with Azure AD Each group has permissions to a unique SharePoint Online site and a Windows Server shared folder for its project. Users routinely move between project teams.
You need to recommend an Azure AD identity Governance solution that meets the following requirements:
* Project managers must verify that their project group contains only the current members of their project team
* The members of each project team must only have access to the resources of the project to which they are assigned
* Users must be removed from a project group automatically if the project manager has MOT verified the group s membership for 30 days.
* Administrative effort must be minimized.
What should you include in the recommendation? To answer select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 subscription that uses Microsoft SharePoint Online.
You have multiple project teams. Each team has an AD DS group that syncs with Azure AD Each group has permissions to a unique SharePoint Online site and a Windows Server shared folder for its project. Users routinely move between project teams.
You need to recommend an Azure AD identity Governance solution that meets the following requirements:
* Project managers must verify that their project group contains only the current members of their project team
* The members of each project team must only have access to the resources of the project to which they are assigned
* Users must be removed from a project group automatically if the project manager has MOT verified the group s membership for 30 days.
* Administrative effort must be minimized.
What should you include in the recommendation? To answer select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
