Home / Microsoft / SC-200

Microsoft SC-200 Practice Test - Questions Answers, Page 13

Question list

List of questions

Question 121

(0)

Note: This question-is part of a series of questions that present the same scenario. Each question-in the series contains a unique solution that might meet the stated goals. Some question-sets might

Question 122

(0)

Note: This question-is part of a series of questions that present the same scenario. Each question-in the series contains a unique solution that might meet the stated goals. Some question-sets might

Question 123

(0)

HOTSPOT You need to create a query for a workbook. The query must meet the following requirements: List all incidents by incident number. Only include the most recent log for each incident. How

Question 124

(0)

DRAG DROP You have the resources shown in the following table. You need to prevent duplicate events from occurring in SW1. What should you use for each action? To answer, drag the appropriate r

Question 125

(0)

DRAG DROP You have an Azure subscription linked to an Azure Active Directory (Azure AD) tenant. The tenant contains two users named User1 and User2. You plan to deploy Azure Defender. You need to

Question 126

(0)

HOTSPOT You have a Microsoft 365 E5 subscription that contains 200 Windows 10 devices enrolled in Microsoft Defender for Endpoint. You need to ensure that users can access the devices by using a r

Question 127

(0)

You have a Microsoft 365 E5 subscription that uses Microsoft SharePoint Online. You delete users from the subscription. You need to be notified if the deleted users downloaded numerous documents f

Question 128

(0)

You have a Microsoft 365 subscription that has Microsoft 365 Defender enabled. You need to identify all the changes made to sensitivity labels during the past seven days. What should you use?

Question 129

(0)

You have a Microsoft 365 subscription that uses Microsoft 365 Defender. You need to identify all the entities affected by an incident. Which tab should you use in the Microsoft 365 Defender portal

Question 130

(0)

You have five on-premises Linux servers. You have an Azure subscription that uses Microsoft Defender for Cloud. You need to use Defender for Cloud to protect the Linux servers. What should you in

Related questions

HOTSPOT You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have an Azure DevOps organization named AzDO1. You need to integrate Sub! and AzDO1. The solution must meet the following requirements: * Detect secrets exposed in pipelines by using Defender for Cloud. * Minimize administrative effort.

DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

HOTSPOT You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours. how should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

HOTSPOT You have an Azure DevOps organization that uses Microsoft Defender for DevOps. The organization contains an Azure DevOps repository named Repo1 and an Azure Pipelines pipeline named Pipeline1. Pipeline1 is used to build and deploy code stored in Repo1. You need to ensure that when Pipeline1 runs, Microsoft Defender for Cloud can perform secret scanning of the code in Repo1. What should you install in the organization, and what should you add to the YAML file of Pipeline'!? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscription. You need to use Defender for Cloud to protect on-premises computers. What should you do on the on-premises computers?

You have a Microsoft 365 subscription that uses Microsoft 365 Defender. You plan to create a hunting query from Microsoft Defender. You need to create a custom tracked query that will be used to assess the threat status of the subscription. From the Microsoft 365 Defender portal, which page should you use to create the query?

HOTSPOT You have an Azure subscription that uses Microsoft Defender for Cloud and contains an Azure logic app named app1. You need to ensure that app1 launches when a specific Defender for Cloud security alert is generated. How should you complete the Azure Resource Manager (ARM) template? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR. You need to ensure that you can investigate threats by using data in the unified audit log of Microsoft Defender for Cloud Apps. What should you configure first?

DRAG DROP You have a Microsoft Sentinel workspace that contains the following Advanced Security Information Model (ASIM) parsers: * _Im_ProcessCreate * InProceessCreate You create a new source-specific parser named vimProcessCreate. You need to modify the parsers to meet the following requirements: * Call all the ProcessCreate parsers. * Standardize fields to the Process schema. Which parser should you modify to meet each requirement? To answer, drag the appropriate parsers to the correct requirements. tach parser may be used once, more than once, or not at all You may need to drag the split bar between panes or scroll to view content. NOTE Each correct selection is worth one point.

HOTSPOT You have a Microsoft Sentinel workspace that has a default data retention period of 30 days. The workspace contains two custom tables as shown in the following table. Each table ingested two records per day during the past 365 days. You build KQL statements for use in analytic rules as shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Question 121

Note: This question-is part of a series of questions that present the same scenario. Each question-in the series contains a unique solution that might meet the stated goals. Some question-sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question-in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have Linux virtual machines on Amazon Web Services (AWS).

You deploy Azure Defender and enable auto-provisioning.

You need to monitor the virtual machines by using Azure Defender.

Solution: You enable Azure Arc and onboard the virtual machines to Azure Arc.

Does this meet the goal?

Yes

Show Answer Comment (0)

Question 122

After you answer a question-in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have Linux virtual machines on Amazon Web Services (AWS).

You deploy Azure Defender and enable auto-provisioning.

You need to monitor the virtual machines by using Azure Defender.

Solution: You manually install the Log Analytics agent on the virtual machines.

Does this meet the goal?

Yes

Show Answer Comment (0)

Question 123

HOTSPOT

You need to create a query for a workbook. The query must meet the following requirements:

List all incidents by incident number.

Only include the most recent log for each incident.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Answer Comment (0)

Question 124

DRAG DROP

You have the resources shown in the following table.

You need to prevent duplicate events from occurring in SW1.

What should you use for each action? To answer, drag the appropriate resources to the correct actions. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Show Answer Comment (0)

Question 125

DRAG DROP

You have an Azure subscription linked to an Azure Active Directory (Azure AD) tenant. The tenant contains two users named User1 and User2.

You plan to deploy Azure Defender.

You need to enable User1 and User2 to perform tasks at the subscription level as shown in the following table.

The solution must use the principle of least privilege.

Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Show Answer Comment (0)

Question 126

HOTSPOT

You have a Microsoft 365 E5 subscription that contains 200 Windows 10 devices enrolled in Microsoft Defender for Endpoint.

You need to ensure that users can access the devices by using a remote shell connection directly from the Microsoft 365 Defender portal. The solution must use the principle of least privilege.

What should you do in the Microsoft 365 Defender portal? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Answer Comment (0)

Question 127

You have a Microsoft 365 E5 subscription that uses Microsoft SharePoint Online.

You delete users from the subscription.

You need to be notified if the deleted users downloaded numerous documents from SharePoint Online sites during the month before their accounts were deleted.

What should you use?

a file policy in Microsoft Defender for Cloud Apps

an access review policy

an alert policy in Microsoft Defender for Office 365

an insider risk policy

Show Answer Comment (0)