Microsoft Sentinel

Overview

Rewards

FAQs

Overview

Microsoft Sentinel, also known as Azure Sentinel, is a cloud-native security information and event management (SIEM), and security orchestration, automation, and response (SOAR) solution offered by Microsoft. It is designed to help organizations detect, investigate, and respond to security threats and incidents across their entire IT infrastructure.

Azure Sentinel integrates with various data sources, including cloud services, on-premises systems, network devices, and security solutions, allowing it to collect and analyze vast amounts of security event data in real-time. It leverages machine learning algorithms and advanced analytics to detect anomalies, identify potential threats, and generate actionable insights.

Take this assessment to know how good you are with Microsoft Sentinel.

Click the Rewards tab for eligibility requirements.

Read the FAQs tab carefully for Instructions before beginning the assessment.

Rewards

NYXPoints are used to generate the Leaderboard (coming soon). They are awarded for achieving a certain score.

200 nyxpoints for a passing score of 80% or more
300 nyxpoints for a perfect score of 100%
Didn’t pass? You still get 30 nyxpoints for attempting the assesment

FAQs

IMPORTANT instructions for taking the Assessment

The timer starts when you click Start Assessment
DO NOT refresh/reload the page or use the back button to navigate away from the page.
Navigating away from the assessment page DOES NOT stop/pause the timer and the will restart the assessment when you come back to it. The answers are NOT saved.

General

There are NO pre-requisites to take this assessment. Take this assessment even if you are completely new to Linux.
The assessment is completely FREE.
Preferably take it in a closed book mode.
DO NOT copy/paste, share or upload questions elsewhere.

Eligible Rewards

300 NyxCoins*

* NyxCoins vary on score

Questions

Minutes

1 %

Passing Score

Time limit: 0

Assessment Summary

0 of 30 Questions completed

Questions:

Information

You have already completed the assessment before. Hence you can not start it again.

Assessment is loading…

You must sign in or sign up to start the assessment.

You must first complete the following:

Results

Assessment complete. Results are being recorded.

Results

0 of 30 Questions answered correctly

Your time:

Time has elapsed

You have reached 0 of 0 point(s), (0)

Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)

Average score
Your score

Categories

Not categorized 0%

Current
Review
Answered
Correct
Incorrect

Question 1 of 30

1. Question
What are the four stages of Microsoft Sentinel?
- Collect, Detect, Investigate and Respond.
- Collect, Detect, Respond and Report.
- Detect, Respond, Report and Improve.
- Collect, Detect, Correlate and Report.
Correct

Incorrect
Question 2 of 30

2. Question
In Microsoft Sentinel, how many days of data retention are provided free of cost?
- 60 days
- 90 days
- 180 days
- 30 days
Correct

Incorrect
Question 3 of 30

3. Question
Which language is used in Microsoft Sentinel to query data?
- Ariel Query Language.
- Structured Query Language.
- Kusto Query Language.
- PL-SQL.
Correct

Incorrect
Question 4 of 30

4. Question
Which Microsoft Sentinel component is used to generate alerts?
- Analytic rules.
- KQL Queries.
- Data Collection.
- Microsoft Update Rules.
Correct

Incorrect
Question 5 of 30

5. Question
How do you control permissions in Microsoft Sentinel?
- Through MFA.
- By using Azure RBAC.
- By using Active Directory.
- Through AAA servers.
Correct

Incorrect
Question 6 of 30

6. Question
Which of the following are the core capabilities of Microsoft Sentinel?
- Attack Detection.
- Patching Applications.
- Risk management.
- Compliance Management.
Correct

Incorrect
Question 7 of 30

7. Question
What is the use of playbooks in Microsoft Sentinel?
- To describe the order analyst’s complete tasks.
- To optimize manual processes.
- It is a plan an analyst creates to complete a task manually.
- To automate actions that an analyst typically would have to complete manually.
Correct

Incorrect
Question 8 of 30

8. Question
From the choices below, what is the best description of Microsoft Sentinel S.O.A.R?
- Combines the processes and the security tools available to exploit opportunities given a particular situation.
- Connects all tools in your security stack together into defined workflows which can run automatically.
- Correctly orients the security team to address the cyber threat according to the situation.
- None of the above.
Correct

Incorrect
Question 9 of 30

9. Question
What is alert fatigue in terms of SOAR environment?
- When a SOAR solution is overloaded with alerts.
- When a team reduces the number of alerts coming in using SOAR.
- When an analyst is overwhelmed with the number of alerts coming in.
- When the number of alerts decline.
Correct

Incorrect
Question 10 of 30

10. Question
What does the acronym SOAR stand for?
- Situation, Opportunity, Action, & Result.
- Single out, On the board, Asked, & Repeated.
- Security Orchestration, Automation, & Response.
- Situation, Orientation, Adroit, & Replication.
Correct

Incorrect
Question 11 of 30

11. Question
Identify a benefit of Microsoft Sentinel as a security tool?
- Increases your security team’s efficiency by automating repetitive manual processes.
- Analyzes and generates a security score to better measure improvements in network security.
- Reports about all endpoints that require patching.
- Elevates the security team’s sense of success.
Correct

Incorrect
Question 12 of 30

12. Question
How does Microsoft Sentinel help evolve the way security monitoring works?
- As an information platform only.
- From an information platform to a threat intelligence center.
- From an information platform to a fully integrated and automated center for security and network operations.
- As a threat intelligence center only.
Correct

Incorrect
Question 13 of 30

13. Question
Businesses, hospitals, and other organizations must comply with which of the below regulatory standards and acts? (Multiple Choice)
- HIPAA
- PCI
- SPML
- GDPR
Correct

Incorrect
Question 14 of 30

14. Question
Which of the three tasks must be performed by technology to satisfy network security compliance requirements in security monitoring platforms like Microsoft Sentinel? (Multiple Choice)
- Monitor, correlate, and notify events in real-time.
- Aggregate logs from many network sources.
- Prevent employees from accessing the internet.
- Store log data for a length of time that satisfies auditing requirements.
Correct

Incorrect
Question 15 of 30

15. Question
What is the purpose of the incident management process in SOAR environment?
- It supports the agreed quality of a service by handling all pre-defined, user-initiated service requests in an effect and user-friendly manner.
- Ensuring that services deliver agreed levels of availability and the change can be assessed.
- Ensuring that all the organizational incidents are successfully created.
- It minimizes the negative impact of incidents by restoring normal service operation as quickly as possible.
Correct

Incorrect
Question 16 of 30

16. Question
What is meant by the normalization of logs in SOC monitoring tools like Microsoft Sentinel?
- Processing the logs into a readable and structured format, extracting important data from them, and mapping the different fields they contain.
- Programming SIEM rules to extract data from logs.
- Log management and search capabilities.
- Event filtering from logs on basis of Threat intelligence feeds.
Correct

Incorrect
Question 17 of 30

17. Question
What is meant by IoC in the Microsoft Sentinel environment?
- Indicators of Companies.
- Indicators of Compromise.
- Indicate and Compromise.
- Insist and Compare.
Correct

Incorrect
Question 18 of 30

18. Question
In security monitoring deployments, what is meant by the term “correlation”?
- Statistical technique to find most severe threats.
- Correlation is a technique that relates various events to identifiable patterns.
- Finding relationship between various processes of SOC.
- It is a way of connecting devices together in SOC environment.
Correct

Incorrect
Question 19 of 30

19. Question
Microsoft Sentinel is a cloud-native SOAR solution.
- True
- False
Correct

Incorrect
Question 20 of 30

20. Question
You have a suppression rule in Azure Security Center for 15 virtual machines that are used for testing purpose. The virtual machines are running Windows Server OS. You are troubleshooting an issue on the virtual machines. In Security Center, you need to view the alerts generated by the virtual machines during the last six days. What should you do?
- Modify the rule expiration date of the suppression rule.
- Change the state of the suppression rule to Disabled.
- Change the filter for the Security alerts page.
- View the Windows event logs on the virtual machines.
Correct

Incorrect
Question 21 of 30

21. Question
When performing threat hunting in Microsoft Sentinel, you come across results you want to use later, what would you use to save them for later?
- Notebook.
- Playbook.
- Analytics rule.
- Bookmark.
Correct

Incorrect
Question 22 of 30

22. Question
You receive a security news about a potential attack that uses an image file. You are required to create an indicator of compromise (IoC) in Microsoft Defender for Endpoint to circumvent the attack. Which indicator type should you use?
- A URL/domain indicator that has Action set to Alert and Block.
- A URL/domain indicator that has Action set to Alert only.
- A file hash indicator that has Action set to Alert and block.
- A certificate indicator that has Action set to Alert only.
Correct

Incorrect
Question 23 of 30

23. Question
What does Microsoft Sentinel provide?
- A Solution for checking your security status in the cloud.
- An end-to-end cloud-native solution for security operations.
- A solution to store keys and secrets securely in the cloud.
- A vulnerability scanning tool from Microsoft to analyze attack surface.
Correct

Incorrect
Question 24 of 30

24. Question
Which Azure service stores the log data that is ingested into Microsoft Sentinel?
- Azure Data Factory.
- Log Analytics.
- Azure Monitor.
- Azure Storage.
Correct

Incorrect
Question 25 of 30

25. Question
Which Microsoft Sentinel security role can create workbooks?
- Microsoft Sentinel Responder.
- Microsoft Sentinel Reader.
- Microsoft Sentinel Contributor.
- Microsoft Sentinel Guest.
Correct

Incorrect
Question 26 of 30

26. Question
Why is it important to set the region when creating the Log Analytics workspace?
- It specifies where the log data will be stored.
- It specifies the time-zone the data will be displayed in.
- It specifies the log retention period.
- It specifies the location from where Threat Intelligence feeds will come.
Correct

Incorrect
Question 27 of 30

27. Question
Which table stores Defender for Endpoint logon events?
- DeviceLogonEvents
- OfficeActivity.
- SigninLogs.
- SecurityEvent.
Correct

Incorrect
Question 28 of 30

28. Question
Which table contains logs from Windows hosts collected directly to Microsoft Sentinel?
- SecurityEvent.
- AuditLogs.
- SecurityAlert.
- SigninLogs.
Correct

Incorrect
Question 29 of 30

29. Question
Which of the following operations is a typical scenario for using a Microsoft Sentinel watchlist?
- Creating more alerts to help identify issues.
- Export business data as a watchlist.
- Responding to incidents quickly with the rapid import of IP addresses.
- To import alerts to identify incidents from external log sources.
Correct

Incorrect
Question 30 of 30

30. Question
How do you access a new watchlist named OurList in KQL?
- _Watchlist('OurList ').
- _GetWatchlist('OurList').
- _Getlist('OurList ').
- _GetlistWatch(‘OurList’).
Correct

Incorrect

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.