Microsoft Defender

Question 1

Your organization has a Microsoft 365 tenant. The organization has the offices shown below. 📷 The Microsoft 365 tenant has the following users. 📷 Your tenant has the following Microsoft Cloud App Security policy. 📷 📷 Select Yes for every true statement. Select No for every false statement.

Accepted Answer

Yes. No. No.

Question 2

A colleague has been asked to deploy several Microsoft Defender for Identity sensors. He's asked you to give him the Azure information required to deploy the sensors. What information should you provide?

Accepted Answer

The URL of the Microsoft Defender for Identity admin center.

Question 3

Your organization has a Microsoft 365 tenant with a primary domain of Gitbit.org. Your organization also has an on-premises Active Directory environment that's synced through AD Connect to Microsoft 365. Your organization has an on-premises Active Directory domain with a Windows Server 2019 server named Chicago1. Chicago1 has the Remote Access server role installed. Chicago1 is configured as a Virtual Private Network (VPN) server. Your manager has tasked you with deploying Microsoft Defender for Identity and integrating the VPN with Defender for Identity. You install the Microsoft Defender for Identity sensor on a server named Win2019A. Win2019A is running Windows Server 2019. What should you do?

Accepted Answer

Enable the following inbound port: 1813. Configure an accounting provider.

Question 4

You have an on-premises infrastructure that contains the following: An Active Directory domain with a domain controller named ServerA. A server named ServerB that's not a domain controller. A security policy is configured that prevents ServerA from connecting to the Internet. ServerB can connect to the Internet. You've been tasked with implementing Microsoft Defender for Identity to monitor ServerA. How should you configure the servers?

Accepted Answer

Configure a port mirroring source on ServerA. Install the Microsoft Defender for Identity standalone sensor on ServerB. Configure an event subscription on ServerB.

Question 5

Your organization has a Microsoft 365 tenant and has Microsoft Defender for Identity configured. Your manager is concerned about updates causing issues with the updates for Defender for Identity. He asks you if you can delay the updates for Defender for Identity. You explain you can configure the delayed deployment of updates option. You turn the delayed deployment of updates on for a server named ServerA. How long will the delay be for updates to ServerA?

Accepted Answer

72 hours.

Question 6

You have a Microsoft 365 tenant that's licensed for Microsoft Defender for Endpoint. You have the following devices enrolled in Microsoft Endpoint Manager. You've integrated Endpoint Manager and Microsoft Defender for Endpoint. You've been tasked with evaluating the risk level for all the devices but before you do your manager asks you a question. Which devices can be evaluated?

Accepted Answer

All three devices: DeviceA, DeviceB and DeviceC.

Question 7

You have a Microsoft 365 tenant. You have 500 computers that run Windows 10. You plan to monitor the computers by using Microsoft Defender for Endpoint after the computers are enrolled in Microsoft Intune. You need to ensure that the computers connect to Microsoft Defender for Endpoint. How should you prepare Intune for Microsoft Defender for Endpoint?

Accepted Answer

Create a device configuration profile.

Question 8

Your network contains an on-premises Active Directory domain. The domain contains the servers shown in the following table. 📷 You plan to implement Defender for Identity for the domain. You install a Defender for Identity standalone sensor on Server1. You need to monitor the domain by using Defender for Identity. What should you do?

Accepted Answer

Configure port mirroring for DC1.

Question 9

One of your Microsoft 365 users stores the following files in Microsoft OneDrive. File1.docx ImportantFile2.docx File_Important3.docx Your Microsoft 365 tenant has a Microsoft Cloud App Security file policy that has the filter shown below. Your manager asks you which files with the above policy apply. Check the box next to each file the policy will apply.

Accepted Answer

File1.docx. File_Important3.docx. ImportantFile2.docx.

Question 10

A user calls the help desk and informs you that changes were made to several files on his Microsoft OneDrive. He's asked you to get a report of everyone that's modified files in his OneDrive. What do you do?

Accepted Answer

Open the Microsoft Cloud App Security. Open the activity log.

Question 11

Your organization has a Microsoft 365 tenant with a SharePoint Online site named Accounting. Accounting has the following files/folders. 📷 At 10:00, you create a Microsoft Cloud App Security policy named PolicyA shown below. 📷 Then you upload the files to the Accounting site Click Yes for each true statement. Click No if the statement is false.

Accepted Answer

No. No. Yes.

Question 12

Your organization has a Microsoft Defender for Endpoint deployment with custom network indicators turned on. The table below shows two Windows 10 computers that are protected by Microsoft Defender for Endpoint. 📷 Computer1 has a tag of Kiosk1 Computer2 has a tag of Tag1 The following table shows the machine groups in Microsoft Defender for Endpoint. 📷 Group1 has a rank of 1 and a membership rule of Tag contains a 1 Group2 has a rank of 2 and a membership rule of Name ends with 2 and a tag that equals Tag1 In the following table, you can see the URLs/Domains indicators created from the Microsoft Defender admin center http://www.gitbit.org has a scope of Group1 and is set to alert and block http://microsoft.com has a scope of Group2 and is set to alert and block http://microsoft.com/public has a scope of all machines and is set to allow. For each of the following statements, click yes if the statement is true. If the statement is false click No.

Accepted Answer

No. No. Yes.

Question 13

Your organization has an on-premises Active Directory domain that runs Windows Server 2022 servers and has advanced auditing enabled. Your organization is already collecting the servers' security logs using a third-party SIEM solution. Your organization has purchased a Microsoft 365 tenant and your manager has asked you to deploy Microsoft Defender for identity by using standalone sensors. You need to configure the Defender for Identity standalone sensor to detect when certain sensitive groups are updated and any time malicious services are created. How can you fulfill your manager's request?

Accepted Answer

Integrate the third-party SIEM solution with Microsoft Defender for identity.

Question 14

Your organization has a Microsoft 365 tenant with all computers running Windows 10 and are onboarded to Microsoft Defender for Endpoint. Your organization has a device group named DeviceGroupA. Your manager has asked you to enable delegation for the security settings of the devices in DeviceGroupA. What do you need to do?

Accepted Answer

Go to the Microsoft Azure admin center. Create an Azure AD group. Go to the Microsoft Defender admin center. Create a role. Configure the permissions for DeviceGroupA.

Question 15

Your organization has a Microsoft 365 tenant with Microsoft 365 E5 licenses assigned to each active user. Your organization is currently using Microsoft Defender for Endpoint. You've deployed Defender for Endpoint to each of your computers using Microsoft Intune. Your manager learns that Microsoft Defender for Office 365 and Microsoft Defender for Endpoint can be integrated. He loves the idea. He has asked you to integrate Microsoft Defender for Office 365 and Microsoft Defender for Endpoint. Where do you configure the integration?

Accepted Answer

In the Microsoft Defender admin center > Threat management > Explorer.

Question 16

Your organization has a Microsoft 365 tenant with the following users. UserA is a member of Group1 UserB is a member of Group2 UserC is a member of Group3 Your organization implements Microsoft Defender for Endpoint. Microsoft Defender for Endpoint is configured with the following roles. 📷 Microsoft Defender for Endpoints contains the following device groups. 📷 Select Yes if the statement is true. Click No if the statement is false.

Accepted Answer

No. Yes. Yes.

Question 17

You have a Microsoft 365 tenant. In the tenant, you have a user named John Gruber. Inside the tenant you have a conditional access policy with the following settings: Users or workload identities: John Gruber Cloud apps or actions: Office 365 Exchange Online Session: Use Conditional Access App Control. Your manager has asked you to block John Gruber's ability to print. Your manager knows you need a Microsoft Defender for Cloud Apps policy but doesn't know what type. What type of policy should you create in the Microsoft Defender for Cloud Apps admin center?

Accepted Answer

A session policy.

Question 18

Your organization is using Microsoft 365 and has 500 computers. You need to protect all the computers using Microsoft Defender for Endpoint. Ten of the devices are used by executives. Your manager explains the requirements to you as follows: Administrators must manually approve all remediation for any of the executives. All other users must have remediation performed automatically. What should you recommend?

Accepted Answer

Create two machine groups in Microsoft Defender admin center.

GitBit

Microsoft Defender

Questions for this test