Security Operations & Monitoring

Which Microsoft service provides a unified secure score, security recommendations, and regulatory compliance assessments across your Azure subscriptions?

• A Microsoft Defender for Cloud ✓
• B Azure Monitor Workbooks
• C Microsoft Entra ID Protection
• D Microsoft Sentinel

Answer: Microsoft Defender for Cloud is the cloud security posture management and workload protection platform that surfaces secure score, recommendations, and compliance assessments. Microsoft Sentinel is the SIEM for threat detection and response.

You want a cloud-native SIEM and SOAR solution to collect security logs from Azure and third-party sources, run analytics rules, and automate response with playbooks. Which service should you deploy?

• A Microsoft Sentinel ✓
• B Azure Network Watcher
• C Azure Monitor metrics
• D Microsoft Defender for Cloud

Answer: Microsoft Sentinel is the cloud-native SIEM and SOAR that ingests data via connectors, applies analytics rules to generate incidents, and automates response with Logic Apps playbooks. Defender for Cloud focuses on posture and workload protection rather than SIEM correlation.

In Microsoft Sentinel, which component allows you to ingest sign-in and audit logs from Microsoft Entra ID?

• A A data connector ✓
• B A workbook
• C A hunting query
• D A watchlist

Answer: Data connectors are the configurable integrations that bring logs, such as Microsoft Entra ID sign-in and audit logs, into the Sentinel workspace. Workbooks visualize data and hunting queries proactively search it once it is ingested.

You must retain Azure resource activity logs and route them to a Log Analytics workspace for long-term querying and alerting. What should you configure?

• A A diagnostic setting that sends the activity log to Log Analytics ✓
• B A backup vault
• C A network security group flow log only
• D A budget alert in Cost Management

Answer: A diagnostic setting routes the Azure activity log and resource logs to a Log Analytics workspace, enabling long-term retention, queries, and alerts. Flow logs capture network traffic, not control-plane activity.

Which Microsoft Defender for Cloud plan provides advanced threat protection alerts for suspicious activity such as anomalous access patterns on Azure Storage accounts?

• A Azure Policy
• B Network Watcher Connection Monitor
• C Microsoft Defender for Storage ✓
• D Microsoft Defender for DNS only

Answer: Microsoft Defender for Storage analyzes telemetry to detect threats such as anomalous access, suspicious uploads, and potential data exfiltration on storage accounts. The other options do not provide storage-specific threat detection.

To capture and inspect IP traffic flowing through a network security group for forensic analysis, which Azure Network Watcher feature should you enable?

• A IP flow verify
• B NSG flow logs ✓
• C Connection troubleshoot
• D Topology view

Answer: NSG flow logs record information about inbound and outbound IP traffic through a network security group and store it for analysis, including with traffic analytics. IP flow verify only checks whether a specific packet would be allowed or denied.