Home / Microsoft / SC-200 / List of questions

Ask Question

Microsoft SC-200 Practice Test - Questions Answers, Page 14

Add to Whishlist

List of questions

Question 131

You have a Microsoft 365 E5 subscription.

You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode.

All Windows devices are on boarded to Microsoft Defender for Endpoint.

You need to ensure that the devices are protected from malicious artifacts that were undetected by the third-party antivirus product.

Solution: You enable Live Response.

Does this meet the goal?

Yes

Show Answer Comment (0)

Question 132

You have a Microsoft 365 subscription. You have the following KQL query.

DeviceEvents

| where ActionType == 'AntivirusDetection*

You need to ensure that you can create a Microsoft Defender XDR custom detection rule by using the query.

What should you add to the query?

summarize (Timestamp, DeviceHanw)=arg_min(Timestampf DeviceName), count() by Deviceld

sumarize (Timestamp, ReportId)>arg_max(Timestanp, Reportld), count{) by Deviceld

summarize (Timestamp)=range(Timestatip), count() by Deviceld

sumarize (ReportId)=make_set(ReportId), count() by Deviceld

Show Answer Comment (0)

Suggested answer: B

asked 19/02/2025

Carlos John Ricafort

46 questions

Question 133

HOTSPOT

You have a Microsoft Sentinel workspace that contains a custom workbook.

You need to query for a summary of security events. The solution must meet the following requirements:

* Identify the number of security events ingested during the past week.

* Display the count of events by day in a chart.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Microsoft SC-200 image Question 133 138945 02192025074454000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 133 138945 02192025074454000

asked 19/02/2025

Nabil BENIKHLEF

46 questions

Question 134

HOTSPOT

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR.

You have a Microsoft Sentinel workspace.

Microsoft Sentinel connectors are configured as shown in the following table.

Microsoft SC-200 image Question 16 63875591094174512251574

You use Microsoft Sentinel to investigate suspicious Microsoft Graph API activity related to Conditional Access policies. You need to search for the following activities:

* Downloads of the Conditional Access policies by using PowerShell

* Updates to the Conditional Access policies by using the Microsoft Entra admin center

Which tables should you query for each activity? lo answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Microsoft SC-200 image Question 134 138946 02192025074454000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 134 138946 02192025074454000

asked 19/02/2025

Muhammad Waheed

45 questions

Question 135

You have a third-party security information and event management (SIEM) solution.

You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD) sign-events in near real time.

What should you do to route events to the SIEM solution?

Create an Azure Sentinel workspace that has a Security Events connector.

Configure the Diagnostics settings in Azure AD to stream to an event hub.

Create an Azure Sentinel workspace that has an Azure Active Directory connector.

Configure the Diagnostics settings in Azure AD to archive to a storage account.

Show Answer Comment (0)

Suggested answer: B

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/overview-monitoring

asked 05/10/2024

Luis Campoy

43 questions

Question 136

You have an Azure subscription that contains a virtual machine named VM1 and uses Azure Defender. Azure Defender has automatic provisioning enabled.

You need to create a custom alert suppression rule that will supress false positive alerts for suspicious use of PowerShell on VM1.

What should you do first?

From Azure Security Center, add a workflow automation.

On VM1, run the Get-MPThreatCatalog cmdlet.

On VM1 trigger a PowerShell alert.

From Azure Security Center, export the alerts to a Log Analytics workspace.

Show Answer Comment (0)

Question 137

Note: This question-is part of a series of questions that present the same scenario. Each question-in the series contains a unique solution that might meet the stated goals. Some question-sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question-in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have Linux virtual machines on Amazon Web Services (AWS).

You deploy Azure Defender and enable auto-provisioning.

You need to monitor the virtual machines by using Azure Defender.

Solution: You enable Azure Arc and onboard the virtual machines to Azure Arc.

Does this meet the goal?

Yes

Show Answer Comment (0)

Suggested answer: B

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-machines?pivots=azure-arc

asked 05/10/2024

Andres Montero

42 questions

Question 138

After you answer a question-in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have Linux virtual machines on Amazon Web Services (AWS).

You deploy Azure Defender and enable auto-provisioning.

You need to monitor the virtual machines by using Azure Defender.

Solution: You manually install the Log Analytics agent on the virtual machines.

Does this meet the goal?

Yes

Show Answer Comment (0)

Suggested answer: B

Explanation:

Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-machines?pivots=azure-arc

asked 05/10/2024

Michael Costello

42 questions

Question 139

HOTSPOT

You need to create a query for a workbook. The query must meet the following requirements:

List all incidents by incident number.

Only include the most recent log for each incident.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Microsoft SC-200 image Question 139 107892 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 139 107892 10052024010847000

Explanation:

Reference:

https://www.drware.com/whats-new-soc-operational-metrics-now-available-in-sentinel/

asked 05/10/2024

Rowan Cele

51 questions

Question 140

DRAG DROP

You have the resources shown in the following table.

Microsoft SC-200 image Question 6 107893 10052024010847000000

You need to prevent duplicate events from occurring in SW1.

What should you use for each action? To answer, drag the appropriate resources to the correct actions. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Microsoft SC-200 image Question 140 107893 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 140 107893 10052024010847000

Explanation:

Reference: https://docs.microsoft.com/en-us/azure/sentinel/connect-log-forwarder?tabs=rsyslog

asked 05/10/2024

Samuel Benevides

34 questions

Total 323 questions

12 13 14 15 16

Go to page: of 33

Question

Case Study

Question 131 (0)

You have a Microsoft 365 E5 subscription. You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode. All Windows devices a

Question 132 (0)

You have a Microsoft 365 subscription. You have the following KQL query. DeviceEvents | where ActionType == 'AntivirusDetection* You need to ensure that you can create a Microsoft Defender XDR cu

Question 133 (0)

HOTSPOT You have a Microsoft Sentinel workspace that contains a custom workbook. You need to query for a summary of security events. The solution must meet the following requirements: * Identify

Question 134 (0)

HOTSPOT You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR. You have a Microsoft Sentinel workspace. Microsoft Sentinel connectors are configured as shown in the following

Question 135 (0)

You have a third-party security information and event management (SIEM) solution. You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD) sign-events in

Question 136 (0)

You have an Azure subscription that contains a virtual machine named VM1 and uses Azure Defender. Azure Defender has automatic provisioning enabled. You need to create a custom alert suppression ru

Question 137 (0)

Note: This question-is part of a series of questions that present the same scenario. Each question-in the series contains a unique solution that might meet the stated goals. Some question-sets might

Question 138 (0)

Note: This question-is part of a series of questions that present the same scenario. Each question-in the series contains a unique solution that might meet the stated goals. Some question-sets might

Question 139 (0)

HOTSPOT You need to create a query for a workbook. The query must meet the following requirements: List all incidents by incident number. Only include the most recent log for each incident. How

Question 140 (0)

DRAG DROP You have the resources shown in the following table. You need to prevent duplicate events from occurring in SW1. What should you use for each action? To answer, drag the appropriate r

Related questions

You have a Microsoft 365 subscription that contains 1,000 Windows 10 devices. The devices have Microsoft Office 365 installed. You need to mitigate the following device threats: Microsoft Excel macros that download scripts from untrusted websites Users that open executable attachments in Microsoft Outlook Outlook rules and forms exploits What should you use?

HOTSPOT You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have an Azure DevOps organization named AzDO1. You need to integrate Sub! and AzDO1. The solution must meet the following requirements: * Detect secrets exposed in pipelines by using Defender for Cloud. * Minimize administrative effort.

DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

HOTSPOT You have an Azure DevOps organization that uses Microsoft Defender for DevOps. The organization contains an Azure DevOps repository named Repo1 and an Azure Pipelines pipeline named Pipeline1. Pipeline1 is used to build and deploy code stored in Repo1. You need to ensure that when Pipeline1 runs, Microsoft Defender for Cloud can perform secret scanning of the code in Repo1. What should you install in the organization, and what should you add to the YAML file of Pipeline'!? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscription. You need to use Defender for Cloud to protect on-premises computers. What should you do on the on-premises computers?

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a user named User1. You need to ensure that User1 can manage Microsoft Defender XDR custom detection rules and Endpoint security policies. The solution must follow the principle of least privilege. Which role should you assign to User1?

HOTSPOT You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours. how should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

DRAG DROP You have a Microsoft Sentinel workspace that contains the following Advanced Security Information Model (ASIM) parsers: * _Im_ProcessCreate * InProceessCreate You create a new source-specific parser named vimProcessCreate. You need to modify the parsers to meet the following requirements: * Call all the ProcessCreate parsers. * Standardize fields to the Process schema. Which parser should you modify to meet each requirement? To answer, drag the appropriate parsers to the correct requirements. tach parser may be used once, more than once, or not at all You may need to drag the split bar between panes or scroll to view content. NOTE Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that contains 100 Linux devices. The devices are onboarded to Microsoft Defender 365. You need to initiate the collection of investigation packages from the devices by using the Microsoft 365 Defender portal. Which response action should you use?

HOTSPOT You have a Microsoft Sentinel workspace. You need to create a KQL query that will identify successful sign-ins from multiple countries during the last three hours. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point

Export

with questions and answers will be exported as:

VPLUS file

PDF file (Demo 30 questions)

Highest scored 'comment-votes'

Your question list is being generated. We'll email you once it’s ready.

If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].