All Coursera Quiz Answers

Module quiz: Configure and monitor Microsoft Sentinel Quiz Answers

In this article i am gone to share Coursera Course: Manage Security Operations by Microsoft | Week 3 Quiz | Module quiz: Configure and monitor Microsoft Sentinel Quiz Answers with you..

Enrol Link:ย  Manage Security Operations

 

Module quiz: Configure and monitor Microsoft Sentinel Quiz Answers

Question 1)
You are a security analyst working with Microsoft Sentinel, a cloud-native security information and event management (SIEM) system. You receive an alert about a suspicious login attempt from an unknown IP address to a critical server in your organization. You investigated further and found that the user account associated with the login attempt has administrative privileges. You suspected a possible compromise and wanted to take immediate action. Which of the following should be your initial step while handling such a suspicious login attempt in Microsoft Sentinel?

  • Restart the critical server to terminate any active sessions.
  • Collect and analyze additional relevant logs and events.
  • Disable the user account associated with the login attempt.
  • Report the incident to your manager and escalate it to the incident response team.

Question 2)
You are a security analyst at a large organization using Microsoft Sentinel. As a part of your role, you need to transform or customize data at ingestion time to ensure it is properly formatted and enriched before entering the Sentinel environment. To perform this task, which of the following is correct regarding the primary method and query language to transform and customize data at ingestion time in Microsoft Sentinel? Select all that apply.

  • Data connectors
  • Structured Query Language (SQL)
  • Playbooks
  • Kusto Query Language (KQL)

Question 3)
You are a cybersecurity analyst working for a large organization. Your team has recently implemented a new analytics tool that helps detect anomalies in the network. You want to find anomaly rules covering the “Execution” technique in the MITRE ATT&CK framework. Which filter criteria should you use to narrow down the list of anomaly rules?

  • Tactics: Credential Access
  • Data sources: Firewall logs
  • Azure Status: Enabled
  • Techniques: Lateral Movement

Question 4)
In Microsoft Sentinel, imagine you want to create incidents to track and investigate security events in your organization’s environment. Which of the following statement is true to achieve this?

  • Delete incidents after they are generated to free up storage space.
  • Configure rules to generate incidents based on predefined conditions automatically.
  • Manually create incidents by providing details about the security events.
  • Import incidents from third-party security tools into Microsoft Sentinel.

Question 5)
You are responsible for configuring playbooks in Microsoft Sentinel, a cloud-native security information and event management (SIEM) system. Playbooks allow you to automate and orchestrate responses to security incidents. While configuring the playbook, which of the following step did you find inappropriate?

  • Assigning a playbook to a data connector
  • Defining a trigger condition
  • Configuring custom alert rules
  • Creating a logic app or Azure function

Question 6)
When deleting and recreating a watchlist, when should you submit a support ticket?

  • When you see deleted and recreated entries together in Log Analytics for a longer period of time
  • When you don’t see both deleted and recreated the entries within the SLA for data ingestion
  • When you see both deleted and recreated entries within the SLA for data ingestion
  • When you see only one of deleted and recreated entries within the SLA for data ingestion

Question 7)
You are a security analyst at a large organization using Microsoft Sentinel. As a part of your role, you must ensure that health events are logged in the SentinelHealth table. One such event is a Data health status change, which is logged hourly. Which of the following are some ways this health event is useful? Select all that apply.

  • It provides details regarding the polling errors during the given hour.
  • It allows Microsoft Sentinel to overcome a transient issue in the backend and catch up with the data.
  • Monitoring hourly helps to prevent redundant auditing and reduce table size.
  • It allows your team to take proactive and immediate action.

Question 8)
You are a cybersecurity analyst tasked with hunting and investigating potential breaches in Microsoft Sentinel. During your investigation, you see an alert indicating a suspicious login attempt from an unrecognized IP address. What should be your immediate course of action?

  • Immediately block the IP address to prevent further unauthorized access.
  • Report the alert to the system administrator and await further instructions.
  • Analyze the log data associated with the login attempt to gather more information.
  • Ignore the alert since unrecognized IP addresses are common and usually harmless.

Question 9)
Claiming not to have deleted database records is a threat example that refers to which element In the STRIDE framework?

  • Information disclosure
  • Tampering
  • Repudiation
  • Spoofing

Question 10)
A space where you can drag and drop elements to quickly and efficiently build a model refers to which element of the Threat Modeling Tool?

  • Canvas
  • Diagram
  • Report
  • Stencil