Microsoft SC-200 Practice Test - Questions Answers, Page 2
List of questions
Question 11
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You have an Azure subscription that contains a Log Analytics workspace.
You need to enable just-in-time (JIT) VM access and network detections for Azure resources.
Where should you enable Azure Defender?
at the subscription level
at the workspace level
at the resource level
Explanation:
Reference:
https://do cs. microsoft.com/en-us/azu re/sec urit y-center/e na bl e-azu re-defender
Question 12
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You use Azure Defender.
You have an Azure Storage account that contains sensitive information.
You need to run a PowerShell script if someone accesses the storage account from a suspicious IP address.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
From Azure Security Center, enable workflow automation.
Create an Azure logic app that has a manual trigger.
Create an Azure logic app that has an Azure Security Center alert trigger.
Create an Azure logic app that has an HTTP trigger.
From Azure Active Directory (Azure AD), add an app registration.
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/storaqe/common/azure-defender-storaqe-confiqure?tabs=azure-security-center
https: //docs. m ic rosoft. com/en -us/azu re/sec urity-ce rite r/workflow-a uto mation
Question 13
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
HOTSPOT
You manage the security posture of an Azure subscription that contains two virtual machines name vm1 and vm2.
The secure score in Azure Security Center is shown in the Security Center exhibit. (Click the Security Center tab.)
Azure Policy assignments are configured as shown in the Policies exhibit. (Click the Policies tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Explanation:
Reference:
https://techcommunity.microsoft.com/t5/azure-security-center/security-control-restrict-unauthorized-network-access/ba-p/1593833
https://techcommunity.microsoft.com/t5/azure-security-center/security-control-secure-management-ports/ba-p/1505770
Question 14
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
DRAG DROP
You are informed of a new common vulnerabilities and exposures (CVE) vulnerability that affects your environment.
You need to use Microsoft Defender Security Center to request remediation from the team responsible for the affected systems if there is a documented active exploit available.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Reference:
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/microsoft-defender-atp-remediate-apps-using-mem/ba-p/1599271
Question 15
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
HOTSPOT
You have an Azure subscription that has Azure Defender enabled for all supported resource types.
You create an Azure logic app named LA1.
You plan to use LA1 to automatically remediate security risks detected in Azure Security Center.
You need to test LA1 in Security Center.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/workflow-automation#create-a-logic-app-and-define-when-it-should-automatically-run
Question 16
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
DRAG DROP
You create a new Azure subscription and start collecting logs for Azure Monitor.
You need to configure Azure Security Center to detect possible threats related to sign-ins from suspicious IP addresses to Azure virtual machines. The solution must validate the configuration.
Which three actions should you perform in a sequence? To answer, move the appropriate actions from the list of action to the answer area and arrange them in the correct order.
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-alert-validation
Question 17
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
DRAG DROP
You have resources in Azure and Google cloud.
You need to ingest Google Cloud Platform (GCP) data into Azure Defender.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/quickstart-onboard-gcp
Question 18
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
HOTSPOT
You need to use an Azure Resource Manager template to create a workflow automation that will trigger an automatic remediation when specific security alerts are received by Azure Security Center.
How should you complete the portion of the template that will provision the required Azure resources? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/quickstart-automation-alert
Question 19
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You use Azure Security Center.
You receive a security alert in Security Center.
You need to view recommendations to resolve the alert in Security Center.
What should you do?
From Security alerts, select the alert, select Take Action, and then expand the Prevent future attacks section.
From Security alerts, select Take Action, and then expand the Mitigate the threat section.
From Regulatory compliance, download the report.
From Recommendations, download the CSV report.
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alerts
Question 20
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
You have a suppression rule in Azure Security Center for 10 virtual machines that are used for testing. The virtual machines run Windows Server.
You are troubleshooting an issue on the virtual machines.
In Security Center, you need to view the alerts generated by the virtual machines during the last five days.
What should you do?
Change the rule expiration date of the suppression rule.
Change the state of the suppression rule to Disabled.
Modify the filter for the Security alerts page.
View the Windows event logs on the virtual machines.
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/alerts-suppression-rules
Question