Microsoft SC-200 Practice Test - Questions Answers, Page 16
Question list
List of questions
Related questions
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You have a virtual machine that runs Windows 10 and has the Log Analytics agent installed.
You need to simulate an attack on the virtual machine that will generate an alert.
What should you do first?
Run the Log Analytics Troubleshooting Tool.
Copy a executable and rename the file as ASC_AlerTest_662jf10N,exe
Modify the settings of the Microsoft Monitoring Agent.
Run the MMASetup executable and specify the -foo argument
HOTSPOT
You have the following KQL query.
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint.
You need to add threat indicators for all the IP addresses in a range of 171.23.3432-171.2334.63. The solution must minimize administrative effort.
What should you do in the Microsoft 365 Defender portal?
Create an import file that contains the IP address of 171.23.34.32/27. Select Import and import the file.
Select Add indicator and set the IP address to 171.2334.32-171.23.34.63.
Select Add indicator and set the IP address to 171.23.34.32/27
Create an import file that contains the individual IP addresses in the range. Select Import and import the file.
Your company has an on-premises network that uses Microsoft Defender for Identity.
The Microsoft Secure Score for the company includes a security assessment associated with unsecure Kerberos delegation.
You need remediate the security risk.
What should you do?
Install the Local Administrator Password Solution (LAPS) extension on the computers listed as exposed entities.
Modify the properties of the computer objects listed as exposed entities.
Disable legacy protocols on the computers listed as exposed entities.
Enforce LDAP signing on the computers listed as exposed entities.
HOTSPOT
You have a Microsoft Sentinel workspace named Workspaces
You configure Workspace1 to collect DNS events and deploy the Advanced Security information Model (ASIM) unifying parser for the DNS schema.
You need to query the ASIM DNS schema to list all the DNS events from the last 24 hours that have a response code of 'NXDOMAIN' and were aggregated by the source IP address in 15-minute intervals.
The solution must maximize query performance.
How should you complete the query? To answer, select the appropriate options in the answer area
NOTE: Each correct selection is worth one point.
HOTSPOT
You have an Azure subscription that contains an Microsoft Sentinel workspace.
You need to create a hunting query using Kusto Query Language (KQL) that meets the following requirements:
• Identifies an anomalous number of changes to the rules of a network security group (NSG) made by the same security principal
• Automatically associates the security principal with an Microsoft Sentinel entity
How should you complete the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure subscription that uses Microsoft Sentinel.
You detect a new threat by using a hunting query.
You need to ensure that Microsoft Sentinel automatically detects the threat. The solution must minimize administrative effort.
What should you do?
Create a playbook.
Create a watchlist.
Create an analytics rule.
Add the query to a workbook.
You have an Azure subscription that uses Microsoft Defender for Cloud and contains a storage account named storage1. You receive an alert that there was an unusually high volume of delete operations on the blobs in storage1. You need to identify which blobs were deleted. What should you review?
the activity logs of storage1
the Azure Storage Analytics logs
the alert details
the related entities of the alert
You have a Microsoft Sentinel workspace.
You have a query named Query1 as shown in the following exhibit.
You plan to create a custom parser named Parser 1. You need to use Query1 in Parser1. What should you do first?
Remove line 2.
In line 4. remove the TimeGenerated predicate.
Remove line 5.
In line 3, replace the 'contains operator with the !has operator.
You have an Azure subscription that contains a Microsoft Sentinel workspace. The workspace contains a Microsoft Defender for Cloud data connector. You need to customize which details will be included when an alert is created for a specific event. What should you do?
Modify the properties of the connector.
Create a Data Collection Rule (DCR).
Create a scheduled query rule.
Enable User and Entity Behavior Analytics (UEBA)
Question