Question 311
You have an Azure subscription that uses Microsoft Defender for Cloud.
You have accounts for the following cloud services:
• Alibaba Cloud
• Amazon Web Services (AWS)
• Google Cloud Platform (GCP)
What can you add to Defender for Cloud?
A. AWS only
B. Alibaba Cloud and AWS only
C. Alibaba Cloud and GCP only
D. AWS and GCP only
E. Alibaba Cloud, AWS, and GCP
Question 312
You have an Azure subscription.
You plan to map an online infrastructure and perform vulnerability scanning for the following:
• ASNs
• Hostnames
• IP addresses
• SSL certificates
What should you use?
A. Microsoft Defender for Cloud
B. Microsoft Defender External Attack Surface Management (Defender EASM)
C. Microsoft Defender for Identity
D. Microsoft Defender for Endpoint
Question 313
HOTSPOT
-
You have an Azure subscription that uses Microsoft Defender for Cloud.
You plan to use the Secure Score Over Time workbook.
You need to configure the Continuous export settings for the Defender for Cloud data.
Which two settings should you configure? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Question 314
You are troubleshooting a security issue for an Azure Storage account.
You enable Azure Storage Analytics logs and archive it to a storage account.
What should you use to retrieve the diagnostics logs?
A. Azure Cosmos DB explorer
B. SQL query editor in Azure
C. AzCopy
D. File Explorer in Windows
Question 315
You have an Azure subscription that uses Microsoft Defender for Cloud.
You have an Amazon Web Services (AWS) account.
You need to ensure that when you deploy a new AWS Elastic Compute Cloud (EC2) instance, the Microsoft Defender for Servers agent installs automatically.
What should you configure first?
A. the classic cloud connector
B. the Azure Monitor agent
C. the Log Analytics agent
D. the native cloud connector
Question 316
HOTSPOT
-
You have an Azure subscription that contains a Microsoft Defender External Attack Surface Management (Defender EASM) resource named EASM1. EAMS1 contains the inventory assets shown in the following table.
Which assets are scanned daily, and which assets will display in the default dashboard charts? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 317
You have an Azure subscription that uses Microsoft Defender for Cloud.
You have an Amazon Web Services (AWS) account named AWS1 that is connected to Defender for Cloud.
You need to ensure that AWS1 uses AWS Foundational Security Best Practices. The solution must minimize administrative effort.
What should you do in Defender for Cloud?
A. Assign a built-in compliance standard.
B. Create a new custom standard.
C. Assign a built-in assessment.
D. Create a new custom assessment.
Question 318
HOTSPOT
-
You plan to deploy a custom policy initiative for Microsoft Defender for Cloud.
You need to identify all the resource groups that have a Delete lock.
How should you complete the policy definition? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 319
You are troubleshooting a security issue for an Azure Storage account.
You enable Azure Storage Analytics logs and archive it to a storage account.
What should you use to retrieve the diagnostics logs?
A. the Microsoft 365 Defender portal
B. SQL query editor in Azure
C. Azure Monitor
D. Azure Storage Explorer
Question 320
You have an Azure subscription that contains a Microsoft Defender External Attack Surface Management (Defender EASM) resource named EASM1.
You review the Attack Surface Summary dashboard.
You need to identify the following insights:
• Deprecated technologies that are no longer supported
• Infrastructure that will soon expire
Which section of the dashboard should you review?
A. Securing the Cloud
B. Sensitive Services
C. Attack Surface Priorities
D. attack surface composition
