You have a custom Microsoft Sentinel workbook named Workbooks.
You need to add a grid to Workbook1. The solution must ensure that the grid contains a maximum of 100 rows.
What should you do?

You have an Azure subscription.
You plan to implement an Microsoft Sentinel workspace. You anticipate that you will ingest
20 GB of security log data per day.
You need to configure storage for the workspace. The solution must meet the following
requirements:
• Minimize costs for daily ingested data.
• Maximize the data retention period without incurring extra costs.
What should you do for each requirement? To answer, select the appropriate options in the
answer area. NOTE Each correct selection is worth one point.

Your company stores the data for every project in a different Azure subscription. All the
subscriptions use the same Azure Active Directory (Azure AD) tenant.
Every project consists of multiple Azure virtual machines that run Windows Server. The
Windows events of the virtual machines are stored in a Log Analytics workspace in each
machine’s respective subscription.
You deploy Azure Sentinel to a new Azure subscription.
You need to perform hunting queries in Azure Sentinel to search across all the Log
Analytics workspaces of all the subscriptions.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

You have a Microsoft Sentinel workspace named Workspaces
You need to exclude a built-in. source-specific Advanced Security Information Model
(ASIM) parser from a built-in unified ASIM parser.
What should you create in Workspace1?

You have an Azure subscription that contains a Microsoft Sentinel workspace. The
workspace contains a Microsoft Defender for Cloud data connector. You need to customize
which details will be included when an alert is created for a specific event. What should you
do?

Note: This question is part of a series of questions that present the same scenario. Each
question in the series contains a unique solution that might meet the stated goals. Some
question sets might have more than one correct solution, while others might not have a
correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result,
these questions will not appear in the review screen.
You are configuring Microsoft Defender for Identity integration with Active Directory.
From the Microsoft Defender for identity portal, you need to configure several accounts for
attackers to exploit.
Solution: You add the accounts to an Active Directory group and add the group as a
Sensitive group.
Does this meet the goal?

You use Azure Sentinel.
You need to use a built-in role to provide a security analyst with the ability to edit the
queries of custom Azure Sentinel workbooks. The solution must use the principle of least
privilege.
Which role should you assign to the analyst?

You have an Azure subscription that uses Microsoft Sentinel.
You detect a new threat by using a hunting query.
You need to ensure that Microsoft Sentinel automatically detects the threat. The solution
must minimize administrative effort.
What should you do?