单选题
You receive an alert from Azure Defender for Key Vault.
You discover that the alert is generated from multiple suspicious IP addresses.
You need to reduce the potential of Key Vault secrets being leaked while you
Investigate the issue. The solution must be implemented as soon as possible and must
Minimize the impact on legitimate users.
What should you do first?

单选题
You need to receive a security alert when a user attempts to sign in from a location that
Was never used by the other users in your organization to sign in.
Which anomaly detection policy should you use?

单选题
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated goals.
Some question sets might have more than one correct solution, while others might not
Have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a
Result, these questions will not appear in the review screen.
You are configuring Microsoft Defender for Identity integration with Active Directory.
From the Microsoft Defender for identity portal, you need to configure several accounts
For attackers to exploit.
Solution: From Azure Identity Protection, you configure the sign-in risk policy.
Does this meet the goal?

单选题
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated goals.
Some question sets might have more than one correct solution, while others might not
Have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a
Result, these questions will not appear in the review screen.
You use Azure Security Center.
You receive a security alert in Security Center.
You need to view recommendations to resolve the alert in Security Center.
Solution: From Security alerts, you select the alert, select Take Action, and then expand
The Prevent future attacks section.
Does this meet the goal?

单选题
You receive a security bulletin about a potential attack that uses an image file.
You need to create an indicator of compromise (IoC) in Microsoft Defender for Endpoint
To prevent the attack.
Which indicator type should you use?

单选题
You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.
You have Microsoft SharePoint Online sites that contain sensitive documents. The
Documents contain customer account numbers that each consists of 32 alphanumeric
Characters.
You need to create a data loss prevention (DLP) policy to protect the sensitive
Documents.
What should you use to detect which documents are sensitive?

单选题
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated goals.
Some question sets might have more than one correct solution, while others might not
Have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a
Result, these questions will not appear in the review screen.
You are configuring Microsoft Defender for Identity integration with Active Directory.
From the Microsoft Defender for identity portal, you need to configure several accounts
For attackers to exploit.
Solution: From Entity tags, you add the accounts as Honeytoken accounts.
Does this meet the goal?

单选题
You implement Safe Attachments policies in Microsoft Defender for Office 365.
Users report that email messages containing attachments take longer than expected to
Be received.
You need to reduce the amount of time it takes to deliver messages that contain
Attachments without compromising security. The attachments must be scanned for
Malware, and any messages that contain malware must be blocked.
What should you configure in the Safe Attachments policies?