Which two actions should you perform? Each correct answer present part of the solution.

Last Updated on November 14, 2021 by Admin 3

You have an Azure subscription named Sub1 and a Microsoft 365 subscription. Sub1 is linked to an Azure Active Directory (Azure AD) tenant named contoso.com.

You create an Azure Sentinel workspace named workspace1. In workspace1, you activate an Azure AD connector for contoso.com and an Office 365 connector for the Microsoft 365 subscription.

You need to use the Fusion rule to detect multi-staged attacks that include suspicious sign-ins to contoso.com followed by anomalous Microsoft Office 365 activity.

Which two actions should you perform? Each correct answer present part of the solution.

NOTE: Each correct selection is worth one point.

  • Create custom rule based on the Office 365 connector templates.
  • Create a Microsoft incident creation rule based on Azure Security Center.
  • Create a Microsoft Cloud App Security connector.
  • Create an Azure AD Identity Protection connector.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments