ExamGecko
Login
Home / Microsoft / SC-200 / List of questions
Ask Question

Microsoft SC-200 Practice Test - Questions Answers, Page 11

List of questions

Question 101

Report
Export
Collapse

HOTSPOT

You need to implement Azure Sentinel queries for Contoso and Fabrikam to meet the technical requirements.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Microsoft SC-200 image Question 101 107843 10052024010847000
Correct answer: Microsoft SC-200 image answer Question 101 107843 10052024010847000

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/sentinel/extend-sentinel-across-workspaces-tenants

asked 05/10/2024
TANVIR ANJUM
37 questions

Question 102

Report
Export
Collapse

You need to complete the query for failed sign-ins to meet the technical requirements.

Where can you find the column name to complete the where clause?

Security alerts in Azure Security Center

Security alerts in Azure Security Center

Activity log in Azure

Activity log in Azure

Azure Advisor

Azure Advisor

the query windows of the Log Analytics workspace

the query windows of the Log Analytics workspace
Suggested answer: D

Explanation:

asked 05/10/2024
Jeffrey Cayao
36 questions

Question 103

Report
Export
Collapse

The issue for which team can be resolved by using Microsoft Defender for Endpoint?

executive

executive

sales

sales

marketing

marketing
Suggested answer: C

Explanation:

Reference:

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios

asked 05/10/2024
Shaharyar Chaudhry
42 questions

Question 104

Report
Export
Collapse

The issue for which team can be resolved by using Microsoft Defender for Office 365?

executive

executive

marketing

marketing

security

security

sales

sales
Suggested answer: B

Explanation:

Reference:

https://docs.mic rosoft. co m/en-us/microsoft-365/securitv/office-365-security/atp-for-spo-odb-and-teams?view=o365-worldwide

asked 05/10/2024
Nazarii Bybyk
36 questions

Question 105

Report
Export
Collapse

You need to recommend a solution to meet the technical requirements for the Azure virtual machines.

What should you include in the recommendation?

just-in-time (JIT) access

just-in-time (JIT) access

Azure Defender

Azure Defender

Azure Firewall

Azure Firewall

Azure Application Gateway

Azure Application Gateway
Suggested answer: B

Explanation:

Reference:

https://docsmicrosoft.com/en-us/azure/security-center/azure-defender

asked 05/10/2024
DANIEL DOYEN
33 questions

Question 106

Report
Export
Collapse

HOTSPOT

You need to recommend remediation actions for the Azure Defender alerts for Fabrikam.

What should you recommend for each threat? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Microsoft SC-200 image Question 106 107814 10052024010847000
Correct answer: Microsoft SC-200 image answer Question 106 107814 10052024010847000

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/key-vault/general/security-features

https://docs.microsoft.com/en-us/azure/key-vault/general/secure-your-key-vault

asked 05/10/2024
Igor Vasiliev
44 questions

Question 107

Report
Export
Collapse

You need to assign a role-based access control (RBAC) role to admin! to meet the Azure Sentinel requirements and the business requirements.

Which role should you assign?

Automation Operator

Automation Operator

Automation Run book Operator

Automation Run book Operator

Azure Sentinel Contributor

Azure Sentinel Contributor

Logic App Contributor

Logic App Contributor
Suggested answer: C

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/sentinel/roles

asked 05/10/2024
Oliver Buss
29 questions

Question 108

Report
Export
Collapse

You need to create the test rule to meet the Azure Sentinel requirements.

What should you do when you create the rule?

From Set rule logic, turn off suppression.

From Set rule logic, turn off suppression.

From Analytics rule details, configure the tactics.

From Analytics rule details, configure the tactics.

From Set rule logic, map the entities.

From Set rule logic, map the entities.

From Analytics rule details, configure the severity.

From Analytics rule details, configure the severity.
Suggested answer: C

Explanation:

Reference: https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-custom

asked 05/10/2024
Mehr Khan
37 questions

Question 109

Report
Export
Collapse

DRAG DROP

You need to add notes to the events to meet the Azure Sentinel requirements.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of action to the answer area and arrange them in the correct order.


Microsoft SC-200 image Question 109 107847 10052024010847000
Correct answer: Microsoft SC-200 image answer Question 109 107847 10052024010847000

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/sentinel/bookmarks

asked 05/10/2024
Reza Mirabrishami
39 questions

Question 110

Report
Export
Collapse

HOTSPOT

You need to configure the Azure Sentinel integration to meet the Azure Sentinel requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Microsoft SC-200 image Question 110 107848 10052024010847000
Correct answer: Microsoft SC-200 image answer Question 110 107848 10052024010847000

Explanation:

Reference:

https://docs.microsoft.com/en-us/cloud-app-security/siem-sentinel

asked 05/10/2024
RALPH KOH
28 questions
Total 307 questions
Go to page: of 31
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have a Microsoft 365 subscription that contains 1,000 Windows 10 devices. The devices have Microsoft Office 365 installed. You need to mitigate the following device threats: Microsoft Excel macros that download scripts from untrusted websites Users that open executable attachments in Microsoft Outlook Outlook rules and forms exploits What should you use?
HOTSPOT You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have an Azure DevOps organization named AzDO1. You need to integrate Sub! and AzDO1. The solution must meet the following requirements: * Detect secrets exposed in pipelines by using Defender for Cloud. * Minimize administrative effort.
DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
HOTSPOT You have an Azure DevOps organization that uses Microsoft Defender for DevOps. The organization contains an Azure DevOps repository named Repo1 and an Azure Pipelines pipeline named Pipeline1. Pipeline1 is used to build and deploy code stored in Repo1. You need to ensure that when Pipeline1 runs, Microsoft Defender for Cloud can perform secret scanning of the code in Repo1. What should you install in the organization, and what should you add to the YAML file of Pipeline'!? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscription. You need to use Defender for Cloud to protect on-premises computers. What should you do on the on-premises computers?
You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a user named User1. You need to ensure that User1 can manage Microsoft Defender XDR custom detection rules and Endpoint security policies. The solution must follow the principle of least privilege. Which role should you assign to User1?
HOTSPOT You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours. how should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.
DRAG DROP You have a Microsoft Sentinel workspace that contains the following Advanced Security Information Model (ASIM) parsers: * _Im_ProcessCreate * InProceessCreate You create a new source-specific parser named vimProcessCreate. You need to modify the parsers to meet the following requirements: * Call all the ProcessCreate parsers. * Standardize fields to the Process schema. Which parser should you modify to meet each requirement? To answer, drag the appropriate parsers to the correct requirements. tach parser may be used once, more than once, or not at all You may need to drag the split bar between panes or scroll to view content. NOTE Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that contains 100 Linux devices. The devices are onboarded to Microsoft Defender 365. You need to initiate the collection of investigation packages from the devices by using the Microsoft 365 Defender portal. Which response action should you use?
HOTSPOT You have a Microsoft Sentinel workspace. You need to create a KQL query that will identify successful sign-ins from multiple countries during the last three hours. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point