Home / Microsoft / SC-200 / List of questions

Ask Question

Microsoft SC-200 Practice Test - Questions Answers, Page 2

List of questions

Question 11

You have an Azure subscription that contains a Log Analytics workspace.

You need to enable just-in-time (JIT) VM access and network detections for Azure resources.

Where should you enable Azure Defender?

at the subscription level

at the workspace level

at the resource level

Show Answer Comment (0)

Question 12

You use Azure Defender.

You have an Azure Storage account that contains sensitive information.

You need to run a PowerShell script if someone accesses the storage account from a suspicious IP address.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

From Azure Security Center, enable workflow automation.

Create an Azure logic app that has a manual trigger.

Create an Azure logic app that has an Azure Security Center alert trigger.

Create an Azure logic app that has an HTTP trigger.

From Azure Active Directory (Azure AD), add an app registration.

Show Answer Comment (0)

Question 13

HOTSPOT

You manage the security posture of an Azure subscription that contains two virtual machines name vm1 and vm2.

The secure score in Azure Security Center is shown in the Security Center exhibit. (Click the Security Center tab.)

Microsoft SC-200 image Question 13 107827 10052024010847000000

Azure Policy assignments are configured as shown in the Policies exhibit. (Click the Policies tab.)

Microsoft SC-200 image Question 13 107827 10052024010847000000

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Microsoft SC-200 image Question 13 107827 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 13 107827 10052024010847000

Explanation:

Reference:

https://techcommunity.microsoft.com/t5/azure-security-center/security-control-restrict-unauthorized-network-access/ba-p/1593833

https://techcommunity.microsoft.com/t5/azure-security-center/security-control-secure-management-ports/ba-p/1505770

asked 05/10/2024

RAHULREDDY BIRADAVOLU

42 questions

Question 14

DRAG DROP

You are informed of a new common vulnerabilities and exposures (CVE) vulnerability that affects your environment.

You need to use Microsoft Defender Security Center to request remediation from the team responsible for the affected systems if there is a documented active exploit available.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Microsoft SC-200 image Question 14 107828 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 14 107828 10052024010847000

Explanation:

Reference:

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/microsoft-defender-atp-remediate-apps-using-mem/ba-p/1599271

asked 05/10/2024

Tim Baas

42 questions

Question 15

HOTSPOT

You have an Azure subscription that has Azure Defender enabled for all supported resource types.

You create an Azure logic app named LA1.

You plan to use LA1 to automatically remediate security risks detected in Azure Security Center.

You need to test LA1 in Security Center.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Microsoft SC-200 image Question 15 107829 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 15 107829 10052024010847000

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/security-center/workflow-automation#create-a-logic-app-and-define-when-it-should-automatically-run

asked 05/10/2024

EduBP srl De Sanctis

35 questions

Question 16

DRAG DROP

You create a new Azure subscription and start collecting logs for Azure Monitor.

You need to configure Azure Security Center to detect possible threats related to sign-ins from suspicious IP addresses to Azure virtual machines. The solution must validate the configuration.

Which three actions should you perform in a sequence? To answer, move the appropriate actions from the list of action to the answer area and arrange them in the correct order.

Microsoft SC-200 image Question 16 107830 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 16 107830 10052024010847000

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/security-center/security-center-alert-validation

asked 05/10/2024

Haleem SHITOU OGUNGBEMI

42 questions

Question 17

DRAG DROP

You have resources in Azure and Google cloud.

You need to ingest Google Cloud Platform (GCP) data into Azure Defender.

In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.

Microsoft SC-200 image Question 17 107831 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 17 107831 10052024010847000

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/security-center/quickstart-onboard-gcp

asked 05/10/2024

Prabith Balagopalan

37 questions

Question 18

HOTSPOT

You need to use an Azure Resource Manager template to create a workflow automation that will trigger an automatic remediation when specific security alerts are received by Azure Security Center.

How should you complete the portion of the template that will provision the required Azure resources? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Microsoft SC-200 image Question 18 107832 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 18 107832 10052024010847000

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/security-center/quickstart-automation-alert

asked 05/10/2024

Ricardson Albuquerque

35 questions

Question 19

You use Azure Security Center.

You receive a security alert in Security Center.

You need to view recommendations to resolve the alert in Security Center.

What should you do?

From Security alerts, select the alert, select Take Action, and then expand the Prevent future attacks section.

From Security alerts, select Take Action, and then expand the Mitigate the threat section.

From Regulatory compliance, download the report.

From Recommendations, download the CSV report.

Show Answer Comment (0)

Question 20

You have a suppression rule in Azure Security Center for 10 virtual machines that are used for testing. The virtual machines run Windows Server.

You are troubleshooting an issue on the virtual machines.

In Security Center, you need to view the alerts generated by the virtual machines during the last five days.

What should you do?

Change the rule expiration date of the suppression rule.

Change the state of the suppression rule to Disabled.

Modify the filter for the Security alerts page.

View the Windows event logs on the virtual machines.

Show Answer Comment (0)

Question

Case Study

Question 11 (0)

You have an Azure subscription that contains a Log Analytics workspace. You need to enable just-in-time (JIT) VM access and network detections for Azure resources. Where should you enable Azure De

Question 12 (0)

You use Azure Defender. You have an Azure Storage account that contains sensitive information. You need to run a PowerShell script if someone accesses the storage account from a suspicious IP addr

Question 13 (0)

HOTSPOT You manage the security posture of an Azure subscription that contains two virtual machines name vm1 and vm2. The secure score in Azure Security Center is shown in the Security Center exhi

Question 14 (0)

DRAG DROP You are informed of a new common vulnerabilities and exposures (CVE) vulnerability that affects your environment. You need to use Microsoft Defender Security Center to request remediatio

Question 15 (0)

HOTSPOT You have an Azure subscription that has Azure Defender enabled for all supported resource types. You create an Azure logic app named LA1. You plan to use LA1 to automatically remediate se

Question 16 (0)

DRAG DROP You create a new Azure subscription and start collecting logs for Azure Monitor. You need to configure Azure Security Center to detect possible threats related to sign-ins from suspiciou

Question 17 (0)

DRAG DROP You have resources in Azure and Google cloud. You need to ingest Google Cloud Platform (GCP) data into Azure Defender. In which order should you perform the actions? To answer, move all

Question 18 (0)

HOTSPOT You need to use an Azure Resource Manager template to create a workflow automation that will trigger an automatic remediation when specific security alerts are received by Azure Security Ce

Question 19 (0)

You use Azure Security Center. You receive a security alert in Security Center. You need to view recommendations to resolve the alert in Security Center. What should you do?

Question 20 (0)

You have a suppression rule in Azure Security Center for 10 virtual machines that are used for testing. The virtual machines run Windows Server. You are troubleshooting an issue on the virtual mach

Related questions

You have a Microsoft 365 subscription that contains 1,000 Windows 10 devices. The devices have Microsoft Office 365 installed. You need to mitigate the following device threats: Microsoft Excel macros that download scripts from untrusted websites Users that open executable attachments in Microsoft Outlook Outlook rules and forms exploits What should you use?

HOTSPOT You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have an Azure DevOps organization named AzDO1. You need to integrate Sub! and AzDO1. The solution must meet the following requirements: * Detect secrets exposed in pipelines by using Defender for Cloud. * Minimize administrative effort.

DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

HOTSPOT You have an Azure DevOps organization that uses Microsoft Defender for DevOps. The organization contains an Azure DevOps repository named Repo1 and an Azure Pipelines pipeline named Pipeline1. Pipeline1 is used to build and deploy code stored in Repo1. You need to ensure that when Pipeline1 runs, Microsoft Defender for Cloud can perform secret scanning of the code in Repo1. What should you install in the organization, and what should you add to the YAML file of Pipeline'!? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscription. You need to use Defender for Cloud to protect on-premises computers. What should you do on the on-premises computers?

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a user named User1. You need to ensure that User1 can manage Microsoft Defender XDR custom detection rules and Endpoint security policies. The solution must follow the principle of least privilege. Which role should you assign to User1?

HOTSPOT You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours. how should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

DRAG DROP You have a Microsoft Sentinel workspace that contains the following Advanced Security Information Model (ASIM) parsers: * _Im_ProcessCreate * InProceessCreate You create a new source-specific parser named vimProcessCreate. You need to modify the parsers to meet the following requirements: * Call all the ProcessCreate parsers. * Standardize fields to the Process schema. Which parser should you modify to meet each requirement? To answer, drag the appropriate parsers to the correct requirements. tach parser may be used once, more than once, or not at all You may need to drag the split bar between panes or scroll to view content. NOTE Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that contains 100 Linux devices. The devices are onboarded to Microsoft Defender 365. You need to initiate the collection of investigation packages from the devices by using the Microsoft 365 Defender portal. Which response action should you use?

HOTSPOT You have a Microsoft Sentinel workspace. You need to create a KQL query that will identify successful sign-ins from multiple countries during the last three hours. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point

Export

with questions and answers will be exported as:

VPLUS file

PDF file (Demo 30 questions)

Highest scored 'comment-votes'

Your question list is being generated. We”ll email you once it’s ready.

If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].