ExamGecko
Home / Microsoft / SC-200 / List of questions
Ask Question

Microsoft SC-200 Practice Test - Questions Answers, Page 15

List of questions

Question 141

Report
Export
Collapse

HOTSPOT

You have the following SQL query.

Microsoft SC-200 image Question 23 107910 10052024010847000000


Microsoft SC-200 image Question 141 107910 10052024010847000
Correct answer: Microsoft SC-200 image answer Question 141 107910 10052024010847000
asked 05/10/2024
Wisit Luasomboon
28 questions

Question 142

Report
Export
Collapse

You have a Microsoft 365 E5 subscription that is linked to a hybrid Azure AD tenant.

You need to identify all the changes made to Domain Admins group during the past 30 days.

What should you use?

the Azure Active Directory Provisioning Analysis workbook

the Azure Active Directory Provisioning Analysis workbook

the Overview settings of Insider risk management

the Overview settings of Insider risk management

the Modifications of sensitive groups report in Microsoft Defender for Identity

the Modifications of sensitive groups report in Microsoft Defender for Identity

the identity security posture assessment in Microsoft Defender for Cloud Apps

the identity security posture assessment in Microsoft Defender for Cloud Apps

Suggested answer: C
asked 05/10/2024
Olga Trofimova
34 questions

Question 143

Report
Export
Collapse

You have a Microsoft Sentinel workspace.

You need to prevent a built-in Advance Security information Model (ASIM) parse from being updated automatically.

What are two ways to achieve this goal? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Redeploy the built-in parse and specify a CallerContext parameter of any and a SourceSpecificParse parameter of any.

Redeploy the built-in parse and specify a CallerContext parameter of any and a SourceSpecificParse parameter of any.

Create a hunting query that references the built-in parse.

Create a hunting query that references the built-in parse.

Redeploy the built-in parse and specify a CallerContext parameter of built-in.

Redeploy the built-in parse and specify a CallerContext parameter of built-in.

Build a custom unify parse and include the build- parse version

Build a custom unify parse and include the build- parse version

Create an analytics rule that includes the built-in parse

Create an analytics rule that includes the built-in parse

Suggested answer: A, D
asked 05/10/2024
Edwin Lebron
38 questions

Question 144

Report
Export
Collapse

You have a Microsoft Sentinel workspace.

You receive multiple alerts for failed sign in attempts to an account.

You identify that the alerts are false positives.

You need to prevent additional failed sign-in alerts from being generated for the account. The solution must meet the following requirements.

• Ensure that failed sign-in alerts are generated for other accounts.

• Minimize administrative effort

What should do?

Create an automation rule.

Create an automation rule.

Create a watchlist.

Create a watchlist.

Modify the analytics rule.

Modify the analytics rule.

Add an activity template to the entity behavior.

Add an activity template to the entity behavior.

Suggested answer: A

Explanation:

An automation rule will allow you to specify which alerts should be suppressed, ensuring that failed sign-in alerts are generated for other accounts while minimizing administrative effort. To create an automation rule, navigate to the

Automation Rules page in the Microsoft Sentinel workspace and configure the rule parameters to suppress the false positive alerts.

asked 05/10/2024
Paramdeep Saini
39 questions

Question 145

Report
Export
Collapse

DRAG DROP

A company wants to analyze by using Microsoft 365 Apps.

You need to describe the connected experiences the company can use.

Which connected experiences should you describe? To answer, drag the appropriate connected experiences to the correct description. Each connected experience may be used once, more than once, or not at all. You may need to drag the split between panes or scroll to view content.

NOTE: Each correct selection is worth one point.


Microsoft SC-200 image Question 145 107914 10052024010847000
Correct answer: Microsoft SC-200 image answer Question 145 107914 10052024010847000
asked 05/10/2024
Arun kumar
37 questions

Question 146

Report
Export
Collapse

You have a custom Microsoft Sentinel workbook named Workbooks.

You need to add a grid to Workbook1. The solution must ensure that the grid contains a maximum of 100 rows.

What should you do?

In the query editor interface, configure Settings.

In the query editor interface, configure Settings.

In the query editor interface, select Advanced Editor

In the query editor interface, select Advanced Editor

In the grid query, include the project operator.

In the grid query, include the project operator.

In the grid query, include the take operator.

In the grid query, include the take operator.

Suggested answer: B
asked 05/10/2024
Jose Alberto Vecino Pacheco
31 questions

Question 147

Report
Export
Collapse

You have an Azure subscription that uses Microsoft Defender for Cloud and contains a resource group named RG1. RG1. You need to configure just in time (JIT) VM access for the virtual machines in RG1.

The solution must meet the following

• Limit the maximum request time to two hours.

• Limit protocol access to Remote Desktop Protocol (RDP) only.

• Minimize administrative effort.

What should you use?

Azure AD Privileged Identity Management (PIM)

Azure AD Privileged Identity Management (PIM)

Azure Policy

Azure Policy

Azure Front Door

Azure Front Door

Azure Bastion

Azure Bastion

Suggested answer: A
asked 05/10/2024
Ryan Shannon
37 questions

Question 148

Report
Export
Collapse

You have a Microsoft Sentinel workspace named Workspace1.

You need to exclude a built-in, source-specific Advanced Security information Model (ASIM) parse from a built-in unified ASIM parser.

What should you create in Workspace1?

a watch list

a watch list

an analytic rule

an analytic rule

a hunting query

a hunting query

a workbook

a workbook

Suggested answer: A
asked 05/10/2024
Pedro Pereira
36 questions

Question 149

Report
Export
Collapse

You have an Azure subscription that uses Microsoft Defender for Endpoint.

You need to ensure that you can allow or block a user-specified range of IP addresses and URLs.

What should you enable first in the advanced features from the Endpoints Settings in the Microsoft 365 Defender portal?

endpoint detection and response (EDR) in block mode

endpoint detection and response (EDR) in block mode

custom network indicators

custom network indicators

web content filtering

web content filtering

Live response for servers

Live response for servers

Suggested answer: A
asked 05/10/2024
Rolf Johannesen
43 questions

Question 150

Report
Export
Collapse

You have an Azure subscription that uses Microsoft Defender for Cloud and contains a storage account named storage1. You receive an alert that there was an unusually high volume of delete operations on the blobs in storage1.

You need to identify which blobs were deleted.

What should you review?

the Azure Storage Analytics logs

the Azure Storage Analytics logs

the activity logs of storage1

the activity logs of storage1

the alert details

the alert details

the related entities of the alert

the related entities of the alert

Suggested answer: B
asked 05/10/2024
Kefash White
40 questions
Total 307 questions
Go to page: of 31
Search

Related questions