Hotspot Flashcards

1
Q

Question #7 Topic 1

HOTSPOT -

You have a Microsoft 365 E5 subscription.

You plan to perform cross-domain investigations by using Microsoft 365 Defender.

You need to create an advanced hunting query to identify devices affected by a malicious email attachment.

How should you complete the query? To answer, select the appropriate options in the answer area.

  • extend / join / project /union
  • extend / join / project /union
  • extend / join / project /union
A

join
project
project

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Question #14 Topic 1

HOTSPOT -

You are informed of an increase in malicious email being received by users.

You need to create an advanced hunting query in Microsoft 365 Defender to identify whether the accounts of the email recipients were compromised. The query must return the most recent 20 sign-ins performed by the recipients within an hour of receiving the known malicious email.

  • EmailAttachmentInfo / EmailEvents / IndentityLogonEvents
  • EmailAttachmentInfo / EmailEvents / IndentityLogonEvents
  • select 20 / take 20 / top 20
A

EmailEvents
IndentityLogonEvents
take 20

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Question #17 Topic 1

HOTSPOT -

You have a Microsoft 365 E5 subscription that uses Microsoft Defender and an Azure subscription that uses Azure Sentinel.
You need to identify all the devices that contain files in emails sent by a known malicious email sender. The query will be based on the match of the SHA256 hash.

  • DeviceId / RecipientEmailAddress / SenderFromAddress / SHA256
  • DeviceId / RecipientEmailAddress / SenderFromAddress / SHA256
A

SHA256
SHA256

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Question #19 Topic 1

HOTSPOT -

You purchase a Microsoft 365 subscription.
You plan to configure Microsoft Cloud App Security.
You need to create a custom template-based policy that detects connections to Microsoft 365 apps that originate from a botnet network.

  • Access policy / Activity policy / Anomaly detection policy
  • IP address tag / Source / User agent string
A

Anomaly detection policy
IP address tag

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Question #27 Topic 1

HOTSPOT -

You have a Microsoft 365 E5 subscription that contains 200 Windows 10 devices enrolled in Microsoft Defender for Endpoint.
You need to ensure that users can access the devices by using a remote shell connection directly from the Microsoft 365 Defender portal. The solution must use the principle of least privilege.
What should you do in the Microsoft 365 Defender portal? To answer, select the appropriate options in the answer area.

  • Turn on endpoint EDR in block mode / Turn on Live Response / Turn off Tamper Protection
  • Add a new assessment job / Create a device group that contains the devices and set Automation level to Full / Create a device group that contains the devices and set Automation level to No automated response
A

Turn on Live Response
Create a device group that contains the devices and set Automation level to Full

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Question #28 Topic 1

HOTSPOT -

You have a Microsoft 365 subscription that uses Microsoft 365 Defender and contains a user named User1.
You are notified that the account of User1 is compromised.
You need to review the alerts triggered on the devices to which User1 signed in.
How should you complete the query? To answer, select the appropriate options in the answer area.

  • extend / join / project
  • project / summarize / take
A

join
project

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly