ExamGecko
Search Search Login
Home Home / Microsoft / SC-200

Microsoft SC-200 Practice Test - Questions Answers, Page 15

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have an Azure DevOps organization named AzDO1. You need to integrate Sub! and AzDO1. The solution must meet the following requirements: * Detect secrets exposed in pipelines by using Defender for Cloud. * Minimize administrative effort.
DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
HOTSPOT You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours. how should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.
HOTSPOT You have an Azure DevOps organization that uses Microsoft Defender for DevOps. The organization contains an Azure DevOps repository named Repo1 and an Azure Pipelines pipeline named Pipeline1. Pipeline1 is used to build and deploy code stored in Repo1. You need to ensure that when Pipeline1 runs, Microsoft Defender for Cloud can perform secret scanning of the code in Repo1. What should you install in the organization, and what should you add to the YAML file of Pipeline'!? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscription. You need to use Defender for Cloud to protect on-premises computers. What should you do on the on-premises computers?
HOTSPOT You have a Microsoft Sentinel workspace that has a default data retention period of 30 days. The workspace contains two custom tables as shown in the following table. Each table ingested two records per day during the past 365 days. You build KQL statements for use in analytic rules as shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 subscription that uses Microsoft 365 Defender. You plan to create a hunting query from Microsoft Defender. You need to create a custom tracked query that will be used to assess the threat status of the subscription. From the Microsoft 365 Defender portal, which page should you use to create the query?
HOTSPOT You have an Azure subscription that uses Microsoft Defender for Cloud. You create a Google Cloud Platform (GCP) organization named GCP1. You need to onboard GCP1 to Defender for Cloud by using the native cloud connector. The solution must ensure that all future GCP projects are onboarded automatically. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You have an Azure subscription that uses Microsoft Defender for Cloud and contains an Azure logic app named app1. You need to ensure that app1 launches when a specific Defender for Cloud security alert is generated. How should you complete the Azure Resource Manager (ARM) template? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR. You need to ensure that you can investigate threats by using data in the unified audit log of Microsoft Defender for Cloud Apps. What should you configure first?

Question 141

Report
Export
Collapse

HOTSPOT

You have the following SQL query.


Question 141
Correct answer: Question 141

Question 142

Report
Export
Collapse

You have a Microsoft 365 E5 subscription that is linked to a hybrid Azure AD tenant.

You need to identify all the changes made to Domain Admins group during the past 30 days.

What should you use?

A.

the Azure Active Directory Provisioning Analysis workbook

A.

the Azure Active Directory Provisioning Analysis workbook

Answers
B.

the Overview settings of Insider risk management

B.

the Overview settings of Insider risk management

Answers
C.

the Modifications of sensitive groups report in Microsoft Defender for Identity

C.

the Modifications of sensitive groups report in Microsoft Defender for Identity

Answers
D.

the identity security posture assessment in Microsoft Defender for Cloud Apps

D.

the identity security posture assessment in Microsoft Defender for Cloud Apps

Answers
Suggested answer: C

Question 143

Report
Export
Collapse

You have a Microsoft Sentinel workspace.

You need to prevent a built-in Advance Security information Model (ASIM) parse from being updated automatically.

What are two ways to achieve this goal? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A.

Redeploy the built-in parse and specify a CallerContext parameter of any and a SourceSpecificParse parameter of any.

A.

Redeploy the built-in parse and specify a CallerContext parameter of any and a SourceSpecificParse parameter of any.

Answers
B.

Create a hunting query that references the built-in parse.

B.

Create a hunting query that references the built-in parse.

Answers
C.

Redeploy the built-in parse and specify a CallerContext parameter of built-in.

C.

Redeploy the built-in parse and specify a CallerContext parameter of built-in.

Answers
D.

Build a custom unify parse and include the build- parse version

D.

Build a custom unify parse and include the build- parse version

Answers
E.

Create an analytics rule that includes the built-in parse

E.

Create an analytics rule that includes the built-in parse

Answers
Suggested answer: A, D

Question 144

Report
Export
Collapse

You have a Microsoft Sentinel workspace.

You receive multiple alerts for failed sign in attempts to an account.

You identify that the alerts are false positives.

You need to prevent additional failed sign-in alerts from being generated for the account. The solution must meet the following requirements.

• Ensure that failed sign-in alerts are generated for other accounts.

• Minimize administrative effort

What should do?

A.

Create an automation rule.

A.

Create an automation rule.

Answers
B.

Create a watchlist.

B.

Create a watchlist.

Answers
C.

Modify the analytics rule.

C.

Modify the analytics rule.

Answers
D.

Add an activity template to the entity behavior.

D.

Add an activity template to the entity behavior.

Answers
Suggested answer: A

Explanation:

An automation rule will allow you to specify which alerts should be suppressed, ensuring that failed sign-in alerts are generated for other accounts while minimizing administrative effort. To create an automation rule, navigate to the

Automation Rules page in the Microsoft Sentinel workspace and configure the rule parameters to suppress the false positive alerts.

Question 145

Report
Export
Collapse

DRAG DROP

A company wants to analyze by using Microsoft 365 Apps.

You need to describe the connected experiences the company can use.

Which connected experiences should you describe? To answer, drag the appropriate connected experiences to the correct description. Each connected experience may be used once, more than once, or not at all. You may need to drag the split between panes or scroll to view content.

NOTE: Each correct selection is worth one point.


Question 145
Correct answer: Question 145

Question 146

Report
Export
Collapse

You have a custom Microsoft Sentinel workbook named Workbooks.

You need to add a grid to Workbook1. The solution must ensure that the grid contains a maximum of 100 rows.

What should you do?

A.

In the query editor interface, configure Settings.

A.

In the query editor interface, configure Settings.

Answers
B.

In the query editor interface, select Advanced Editor

B.

In the query editor interface, select Advanced Editor

Answers
C.

In the grid query, include the project operator.

C.

In the grid query, include the project operator.

Answers
D.

In the grid query, include the take operator.

D.

In the grid query, include the take operator.

Answers
Suggested answer: B

Question 147

Report
Export
Collapse

You have an Azure subscription that uses Microsoft Defender for Cloud and contains a resource group named RG1. RG1. You need to configure just in time (JIT) VM access for the virtual machines in RG1.

The solution must meet the following

• Limit the maximum request time to two hours.

• Limit protocol access to Remote Desktop Protocol (RDP) only.

• Minimize administrative effort.

What should you use?

A.

Azure AD Privileged Identity Management (PIM)

A.

Azure AD Privileged Identity Management (PIM)

Answers
B.

Azure Policy

B.

Azure Policy

Answers
C.

Azure Front Door

C.

Azure Front Door

Answers
D.

Azure Bastion

D.

Azure Bastion

Answers
Suggested answer: A

Question 148

Report
Export
Collapse

You have a Microsoft Sentinel workspace named Workspace1.

You need to exclude a built-in, source-specific Advanced Security information Model (ASIM) parse from a built-in unified ASIM parser.

What should you create in Workspace1?

A.

a watch list

A.

a watch list

Answers
B.

an analytic rule

B.

an analytic rule

Answers
C.

a hunting query

C.

a hunting query

Answers
D.

a workbook

D.

a workbook

Answers
Suggested answer: A

Question 149

Report
Export
Collapse

You have an Azure subscription that uses Microsoft Defender for Endpoint.

You need to ensure that you can allow or block a user-specified range of IP addresses and URLs.

What should you enable first in the advanced features from the Endpoints Settings in the Microsoft 365 Defender portal?

A.

endpoint detection and response (EDR) in block mode

A.

endpoint detection and response (EDR) in block mode

Answers
B.

custom network indicators

B.

custom network indicators

Answers
C.

web content filtering

C.

web content filtering

Answers
D.

Live response for servers

D.

Live response for servers

Answers
Suggested answer: A

Question 150

Report
Export
Collapse

You have an Azure subscription that uses Microsoft Defender for Cloud and contains a storage account named storage1. You receive an alert that there was an unusually high volume of delete operations on the blobs in storage1.

You need to identify which blobs were deleted.

What should you review?

A.

the Azure Storage Analytics logs

A.

the Azure Storage Analytics logs

Answers
B.

the activity logs of storage1

B.

the activity logs of storage1

Answers
C.

the alert details

C.

the alert details

Answers
D.

the related entities of the alert

D.

the related entities of the alert

Answers
Suggested answer: B
Total 295 questions
Go to page: of 30
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms