How well do you know Azure Sentinel Question Title * 1. What is the first deployment pre-requisite for Azure Sentinel Azure Event hub configured to get logs from Azure Security center. Azure Log analytics workspace. Enable Azure Activity logs OK Question Title * 2. Identity the default configuration for log retention. Min:-15 days minimum retention Min:- 45 days minimum retention Min:-30 days minimum retention Max:-Max data retention on 730 days Max:- Unlimited number of days Max:-Max data retention on 365 days None of the above OK Question Title * 3. Identity ideal long term to store log over 90 days at the same time able to run KQL Queries Azure Blob Storage ADX Azure Files Azure Netapp Files None of the above OK Question Title * 4. If you want to collect Firewalls, IPS, network devices logs which of the connectors you need to configure. Logic App playbooks Logstash collector Log Analytics agent None of the above OK Question Title * 5. When you use the Syslog log forwarder for ingesting Syslog - Identify the incorrect statement from the following list. Syslog messages will be stored in Syslog table. There is no need to create custom log parser for ingesting syslog entries into Azure Sentinel Customers can any control the volume or type of log ingested. There is no way to control the volume or type of log ingested. Customers need to create of log parsers in Azure Sentinel. OK Question Title * 6. Which of the following logs needs the creation of log parsers in the sentinel Common event format (CEF) log forwarder Sys log forwarder Azure diagnostics OK Question Title * 7. When you ingest Data from AWS into Azure sentinel - identity the correct parsing mechanism. CloudTrail table already parsed Custom parser to be created for CloudTrail Its not possible to ingest AWS CloudTrail OK Question Title * 8. Where does Azure store the logs of creation and deletion of Azure resources? AzureDiagnostics AuditLogs AzureActivity Azure Sentinel None of the above OK Question Title * 9. What are the out-of-the-box RBAC available for Azure Sentinel? Azure Sentinel Contributor Azure Sentinel Reader Azure Sentinel Responder Azure Sentinel Owner Azure Sentinel Log reader Azure Sentinel Automation Contributor OK Question Title * 10. If you need to create SOAR playbooks what access you need based on Least privilege access model Contributor Logic App Contributor Owner Azure Sentinel Contributor OK Question Title * 11. What are the pre-requests to get Azure Sentinel started (Pick the most appropriate) Azure Subscription. Resource groups to hos the required resource for monitoring sentinel. Log Analytics workspace. Automation rules/playbooks. Alert rules Workbooks(Logic App) Firewall Devices to configure security Load balancer OK Question Title * 12. Azure sentinel provides a PowerShell automation library called Az.SecurityInsights. Identify what are the actions you can accomplish using the Library. Analytics Rules (Alert Rules) Analytics Rules Templates Analytics Rules Actions (like attaching an Azure Logic Apps Playbooks to your rule) List secureScores Bookmarks Get secureScore Data Connectors Comments OK Question Title * 13. Which are the logs used for building the Entity insights? Syslog (Linux) SecurityEvent (Windows) SigninLogs (Azure AD) OfficeActivity (Office 365) BehaviorAnalytics (Azure Sentinel UEBA) Heartbeat (Azure Monitor Agent) CommonSecurityLog (Azure Sentinel) ThreatIntelligenceIndicators (Azure Sentinel) Azure Security Logs All the above Logs OK Question Title * 14. Which of the following role is not an Azure Role but an Azure AD Role Azure Sentinel Responder role. Azure Monitor Role Azure Sentinel None of the above OK Question Title * 15. IF you want to share data with 3rd party SIEM which of the Azure Resource is an ideal fit. Azure Event Hubs Azure Service Bus Azure Blob Storage Azure log analytics OK Question Title * 16. For Creating and managing SOAR playbooks - what is exact RBAC is required in accordance with the least access privilege model Azure Sentinel Contributor Logic App Contributor Owner Contributor OK Question Title * 17. What is the most secure way to store secrets Blob storage with Azure AD Integration Azure Key vault. Azure SQL OK Question Title * 18. Azure Sentinel provides options to create custom logs. From the list below identity the correct format from the list below. customlogname_CL customlognameCL customlogname OK Question Title * 19. Which of the Azure Sentinel workbooks Enables you to explore, audit, and speed up Windows Event Log analysis. Microsoft Cloud App Security - discovery logs Event Analyzer Cybersecurity Maturity Model Certification (CMMC) OK Question Title * 20. BYO-ML platform makes use of the following technology to enable customers to build custom ML models: Azure Databricks/Apache Spark. Azure HDinsight Kafka and Log analytics workspace Azure Synapse None of the above OK DONE