You have an Azure subscription that contains two users named User1 and User2 and a Microsoft Sentinel workspace named workspace1. You need to ensure that the users can perform the following tasks in workspace1:
* User1 must be able to dismiss incidents and assign incidents to users.
* User2 must be able to modify analytics rules.
The solution must use the principle of least privilege.
Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

You have a Microsoft Sentinel workspace that contains a custom workbook.
You need to query the number of daily security alerts. The solution must meet the following requirements:
* Identify alerts that occurred during the last 30 days.
* Display the results in a timechart.
How should you complete the query? To answer, select the appropriate options in the answer area. NOTE:
Each correct selection is worth one point.

You have an Azure subscription.
You need to stream the Microsoft Graph activity logs to a third-party security information and event management (SIEM) tool. The solution must minimize administrative effort.
To where should you stream the logs?

You have a Microsoft 365 E5 subscription.
Automated investigation and response (AIR) is enabled in Microsoft Defender for Office 365 and devices use full automation in Microsoft Defender for Endpoint.
You have an incident involving a user that received maIware-infected email messages on a managed device.
Which action requires manual remediation of the incident?

You need to meet the Microsoft Sentinel requirements for App1. What should you configure for App1?