Question 1

You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud.

You need to assign the PCI DSS 4.0 initiative to Sub1 and have the initiative displayed in the Defender for Cloud Regulatory compliance dashboard.

From Security policies in the Environment settings, you discover that the option to add more industry and regulatory standards is unavailable.

What should you do first?

AEnable the Cloud Security Posture Management (CSPM) plan for the subscription.

BDisable the Microsoft Cloud Security Benchmark (MCSB) assignment.

CConfigure the Continuous export settings for Azure Event Hubs.

DConfigure the Continuous export settings for Log Analytics.

Answer : A

Question 2

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 1 and contains a macOS device named Device1.

You need to investigate a Defender for Endpoint agent alert on Device1. The solution must meet the following requirements:

* Identify all the active network connections on Device1.

* Identify all the running processes on Device1.

* Retrieve the login history of Device1.

* Minimize administrative effort.

What should you do first from the Microsoft Defender portal?

AFrom Advanced features in Endpoints, disable Authenticated telemetry.

BFrom Advanced features in Endpoints, enable Live Response unsigned script execution.

CFrom Devices, click Collect investigation package for Device 1.

DFrom Devices, initiate a live response session on Device1.

Answer : C

Question 3

You have an on-premises network.

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Identity.

From the Microsoft Defender portal, you investigate an incident on a device named Device1 of a user named User1. The incident contains the following Defender for Identity alert.

Suspected identity theft (pass-the-ticket) (external ID 2018)

You need to contain the incident without affecting users and devices. The solution must minimize administrative effort.

What should you do?

ADisable User 1 only.

BQuarantine Device1 only.

CReset the password for all the accounts that previously signed in to Device1.

DDisableUser1 and quarantine Device1.

EDisable User1, quarantine Device1, and reset the password for all the accounts that previously signed in to Device1.

Answer : A

Question 4

You have a Microsoft 365 subscription that uses Microsoft Purview and Microsoft Teams.

You have a team named Team1 that has a project named Project 1.

You need to identify any Project1 files that were stored on the team site of Team1 between February 1, 2023, and February 10, 2023.

Which KQL query should you run?

AOption A

BOption B

COption C

DOption D

Answer : D

Question 5

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan Z and contains 1,000 Windows devices.

You have a PowerShell script named Script Vps1 that is signed digitally.

You need to ensure that you can run Script1.psl in a live response session on one of the devices.

What should you do first from the live response session?

ARun the library command.

BRun the putfile command

CModify the PowerShell execution policy of the device.

DUpload Script1.ps 1 to the library.