Home / Microsoft / SC-200 / List of questions

Ask Question

Microsoft SC-200 Practice Test - Questions Answers, Page 13

Add to Whishlist

List of questions

Question 121

You have a Microsoft 365 E5 subscription that uses Microsoft Copilot for Security. You plan to run the following code to create a custom Copilot for Security plugin.

Microsoft SC-200 image Question 3 63875591094112013860295

You need to specify a format and complete the code segment. Which format should you use for the <target> variable?

API

GPT

KQL

SQL

Show Answer Comment (0)

Suggested answer: A

asked 19/02/2025

Rafael Pabon

53 questions

Question 122

You have a Microsoft 365 B5 subscription that contains two groups named Group! and Group2 and uses Microsoft Copilot for Security. You need to configure Copilot for Security role assignments to meet the following requirements:

* Ensure that members of Group1 can run prompts and respond to Microsoft Defender XDR security incidents.

* Ensure that members of Group2 can run prompts.

* Follow the principle of least privilege.

You remove Everyone from the Copilot Contributor role.

Which two actions should you perform next? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Assign the Copilot Contributor role to Group2.

Assign the Security Operator role to Group1.

Assign the Copilot Owner role to Group1.

Assign the Security Operator role to Group2.

Assign the Copilot Owner role to Group2.

Show Answer Comment (0)

Question 123

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.

You are investigating an incident.

You need to review the incident tasks that were performed. The solution must include a query that will display the incidents in a workbook, and then display the tasks of each incident in another grid.

Which table should you target in the query?

Securitylncident

SecurityEvent

Sentine1Audit

SecurityAlert

Show Answer Comment (0)

Suggested answer: A

asked 19/02/2025

JoÃ£o Faria

48 questions

Question 124

HOTSPOT

You have a Microsoft 365 subscription that contains three users named User1. User2 and User3 and the resources shown in the following table.

Microsoft SC-200 image Question 6 63875591094127638596175

You have a Microsoft Defender XDR detection rule named Rule1 that has the following configurations:

* Scope: DevGroup1

* File hash: File1.exe

* Actions

o Devices: Collect investigation package

o User: Mark as compromised o Files: Block

Each user attempts to run File1.exe on their device.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Microsoft SC-200 image Question 124 138936 02192025074454000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 124 138936 02192025074454000

Explanation:

Microsoft SC-200 image Question 6 explanation 63875591094127638596175

asked 19/02/2025

Abigail Bormann

50 questions

Question 125

You have 1,000 on-premises Windows 11 Pro devices that are onboarded to Microsoft Defender for Endpoint. You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You identify that an attacker performed the following actions on a device:

* Modified the file system path of a registry-based antivirus exclusion

* Downloaded a malicious file to the file system path

You initiate a live response session on the device. You need to undo the registry change. Which command should you run?

analyze

registry

remediate

scan

Show Answer Comment (0)

Question 126

You have a Microsoft 365 B5 subscription. You have a PowerShell script that queries the unified audit log.

You discover that the query returns only the first page of results due to server-side paging. You need to ensure that you get all the results. Which property should you query in the results?

@odata.nextlink

@odata.deltaLink

@odata.context

@odata.count

Show Answer Comment (0)

Suggested answer: A

asked 19/02/2025

William Dalgo

35 questions

Question 127

HOTSPOT

You have a Microsoft Sentinel workbook that contains the following KQL query.

Microsoft SC-200 image Question 9 63875591094143263132056

You need to create a visual that will change the color of the errCount column based on the value returned. How should you configure the visual? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

Microsoft SC-200 image Question 127 138939 02192025074454000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 127 138939 02192025074454000

asked 19/02/2025

Alan How

41 questions

Question 128

HOTSPOT

You have an Azure subscription named Sub1 that contains the resources shown in the following table.

Microsoft SC-200 image Question 10 63875591094158887715694

You plan to configure Rule1 to trigger Lapp1 when an incident is generated.

You need to recommend the role-based access control (RBAC) role that you should assign to WS1, and the scope at which should you assign the role. The solution must follow the principle of least privilege.

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Microsoft SC-200 image Question 128 138940 02192025074454000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 128 138940 02192025074454000

asked 19/02/2025

Jagatnata Gurusinga

45 questions

Question 129

You have an Azure subscription that contains a Microsoft Sentinel workspace named Workspace1 and a user named User1.

You need to ensure that User1 can investigate incidents by using Workspace1. The solution must follow the principle of least privilege.

Which role should you assign to User1?

Microsoft Sentinel Responder

Microsoft Sentinel Reader

Microsoft Sentinel Automation Contributor

Microsoft Sentinel Contributor

Show Answer Comment (0)

Suggested answer: A

asked 19/02/2025

Fatmata Kabba

58 questions

Question 130

You have a Microsoft 365 B5 subscription that contains a user named User1. The subscription uses Microsoft 365 Copilot for Security. Copilot for Security uses the Sentinel plugin. User1 is assigned the Copilot Contributor role.

During an investigation, User1 submits a prompt and receives a notification that Copilot for Security cannot respond to requests because the security compute unit (SCU) usage is nearing the provisioned capacity limit.

You need to ensure that User1 can use Copilot for Security to generate a successful response.

What should User1 do?

Open a second Copilot for Security session and submit the prompt.

Wait one hour and resubmit the prompt.

Run the Microsoft Sentinel Optimization Workbook.

Update the provisioned SCUs.

Show Answer Comment (0)

Question

Case Study

Question 121 (0)

You have a Microsoft 365 E5 subscription that uses Microsoft Copilot for Security. You plan to run the following code to create a custom Copilot for Security plugin. You need to specify a format

Question 122 (0)

You have a Microsoft 365 B5 subscription that contains two groups named Group! and Group2 and uses Microsoft Copilot for Security. You need to configure Copilot for Security role assignments to meet

Question 123 (0)

You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You are investigating an incident. You need to review the incident tasks that were performed. The solution must include a qu

Question 124 (0)

HOTSPOT You have a Microsoft 365 subscription that contains three users named User1. User2 and User3 and the resources shown in the following table. You have a Microsoft Defender XDR detection r

Question 125 (0)

You have 1,000 on-premises Windows 11 Pro devices that are onboarded to Microsoft Defender for Endpoint. You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You identify that an

Question 126 (0)

You have a Microsoft 365 B5 subscription. You have a PowerShell script that queries the unified audit log. You discover that the query returns only the first page of results due to server-side pagi

Question 127 (0)

HOTSPOT You have a Microsoft Sentinel workbook that contains the following KQL query. You need to create a visual that will change the color of the errCount column based on the value returned. H

Question 128 (0)

HOTSPOT You have an Azure subscription named Sub1 that contains the resources shown in the following table. You plan to configure Rule1 to trigger Lapp1 when an incident is generated. You need

Question 129 (0)

You have an Azure subscription that contains a Microsoft Sentinel workspace named Workspace1 and a user named User1. You need to ensure that User1 can investigate incidents by using Workspace1. The

Question 130 (0)

You have a Microsoft 365 B5 subscription that contains a user named User1. The subscription uses Microsoft 365 Copilot for Security. Copilot for Security uses the Sentinel plugin. User1 is assigned

Related questions

You have a Microsoft 365 subscription that contains 1,000 Windows 10 devices. The devices have Microsoft Office 365 installed. You need to mitigate the following device threats: Microsoft Excel macros that download scripts from untrusted websites Users that open executable attachments in Microsoft Outlook Outlook rules and forms exploits What should you use?

HOTSPOT You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have an Azure DevOps organization named AzDO1. You need to integrate Sub! and AzDO1. The solution must meet the following requirements: * Detect secrets exposed in pipelines by using Defender for Cloud. * Minimize administrative effort.

DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

HOTSPOT You have an Azure DevOps organization that uses Microsoft Defender for DevOps. The organization contains an Azure DevOps repository named Repo1 and an Azure Pipelines pipeline named Pipeline1. Pipeline1 is used to build and deploy code stored in Repo1. You need to ensure that when Pipeline1 runs, Microsoft Defender for Cloud can perform secret scanning of the code in Repo1. What should you install in the organization, and what should you add to the YAML file of Pipeline'!? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscription. You need to use Defender for Cloud to protect on-premises computers. What should you do on the on-premises computers?

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a user named User1. You need to ensure that User1 can manage Microsoft Defender XDR custom detection rules and Endpoint security policies. The solution must follow the principle of least privilege. Which role should you assign to User1?

HOTSPOT You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours. how should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

DRAG DROP You have a Microsoft Sentinel workspace that contains the following Advanced Security Information Model (ASIM) parsers: * _Im_ProcessCreate * InProceessCreate You create a new source-specific parser named vimProcessCreate. You need to modify the parsers to meet the following requirements: * Call all the ProcessCreate parsers. * Standardize fields to the Process schema. Which parser should you modify to meet each requirement? To answer, drag the appropriate parsers to the correct requirements. tach parser may be used once, more than once, or not at all You may need to drag the split bar between panes or scroll to view content. NOTE Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that contains 100 Linux devices. The devices are onboarded to Microsoft Defender 365. You need to initiate the collection of investigation packages from the devices by using the Microsoft 365 Defender portal. Which response action should you use?

HOTSPOT You have a Microsoft Sentinel workspace. You need to create a KQL query that will identify successful sign-ins from multiple countries during the last three hours. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point

Export

with questions and answers will be exported as:

VPLUS file

PDF file (Demo 30 questions)

Highest scored 'comment-votes'

Your question list is being generated. We'll email you once it’s ready.

If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].