You deploy Azure Sentinel.
You need to implement connectors in Azure Sentinel to monitor Microsoft Teams and Linux virtual machines in Azure. The solution must minimize administrative effort.
Which data connector type should you use for each workload? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation
Graphical user interface, text, application Description automatically generated

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/connect-office-365
https://docs.microsoft.com/en-us/azure/sentinel/connect-syslog

Comment: *

Name: *

Email: *

Verification: *

You have a Microsoft Sentinel workspace named Workspaces
You configure Workspace1 to c
ollect DNS events and deploy the Advanced Security information Model (ASIM) unifying parser for the DNS schema.
You need to query the ASIM DNS schema to list all the DNS events from the last 24 hours that have a response code of 'NXDOMAIN' and were aggregated by the source IP address in 15-minute intervals. The solution must maximize query performance.
How should you complete the query? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:

Comment: *

Name: *

Email: *

Verification: *

You have an Azure subscription named Sub1 and a Microsoft 365 subscription. Sub1 is linked to an Azure Active Directory (Azure AD) tenant named contoso.com.
You create an Azure Sentinel workspace named workspace1. In workspace1, you activate an Azure AD connector for contoso.com and an Office 365 connector for the Microsoft 365 subscription.
You need to use the Fusion rule to detect multi-staged attacks that include suspicious sign-ins to contoso.com followed by anomalous Microsoft Office 365 activity.
Which two actions should you perform? Each correct answer present part of the solution NOTE: Each correct selection is worth one point.

• A.Create custom rule based on the Office 365 connector templates.
• B.Create a Microsoft incident creation rule based on Microsoft Defender for Cloud.
• C.Create a Microsoft Cloud App Security connector.
• D.Create an Azure AD Identity Protection connector.

Comment: *

Name: *

Email: *

Verification: *

You have a Microsoft Sentinel workspace named Workspace1 and 200 custom Advanced Security Information Model (ASIM) parsers based on the DNS schem a. You need to make the 200 parsers available in Workspace1. The solution must minimize administrative effort. What should you do first?

• A.Create a YAML file based on the DNS template.
• B.Create an XML file based on the DNS template.
• C.Copy the parsers to the Azure Monitor Logs page.
• D.Create a JSON file based on the DNS template.

Comment: *

Name: *

Email: *

Verification: *

You have the resources shown in the following table.

You have an Azure subscription that uses Mictosoft Defender for Cloud.
You need to use Defender for Cloud to protect VM1 and Server1. The solution must meet the following requirements:
* Support Advanced Threat Protection and vulnerability assessment
* Register each SQL Server 2022 instance as a SQL virtual machine.
* Minimize implementation and administrative effort
What should you deploy to each server? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:

For SQL Server on Azure VMs (VM1), Defender for Cloud's Advanced Threat Protection and Vulnerability Assessment for SQL "on machines" are enabled by registering the instance as a SQL virtual machine using the SQL IaaS Agent extension. This single Azure VM extension onboards the SQL workload, exposes SQL VM resource management, and lights up Defender for SQL (ATP + VA) with minimal admin effort-no separate agents are required on Azure VMs beyond this extension for these features.
For on-premises/Arc servers (Server1), the machine is already Arc-enabled. To protect SQL instances with Defender for Cloud and to surface vulnerability assessment and threat protection signals, you deploy the Azure Arc SQL Server extension (delivered as an Arc "virtual machine extension") to register the instance with Azure. In addition, Arc scenarios use the Azure Monitor Agent (AMA) for data collection and security signal ingestion in Defender for Cloud (the legacy Log Analytics agent is not recommended). This combination satisfies ATP/VA requirements while keeping operations simple and consistent with current agent guidance.
Therefore:
* VM1: only the Azure VM extension (SQL IaaS Agent extension).
* Server1: AMA + an Azure (Arc) extension (Arc SQL Server extension).

Comment: *

Name: *

Email: *

Verification: *