Home / Microsoft / SC-200 / List of questions

Ask Question

Microsoft SC-200 Practice Test - Questions Answers, Page 17

Add to Whishlist

List of questions

Question 161

DRAG DROP

A company wants to analyze by using Microsoft 365 Apps.

You need to describe the connected experiences the company can use.

Which connected experiences should you describe? To answer, drag the appropriate connected experiences to the correct description. Each connected experience may be used once, more than once, or not at all. You may need to drag the split between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Microsoft SC-200 image Question 161 107914 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 161 107914 10052024010847000

asked 05/10/2024

Arun kumar

41 questions

Question 162

You have a custom Microsoft Sentinel workbook named Workbooks.

You need to add a grid to Workbook1. The solution must ensure that the grid contains a maximum of 100 rows.

What should you do?

In the query editor interface, configure Settings.

In the query editor interface, select Advanced Editor

In the grid query, include the project operator.

In the grid query, include the take operator.

Show Answer Comment (0)

Suggested answer: B

asked 05/10/2024

Jose Alberto Vecino Pacheco

38 questions

Question 163

You have an Azure subscription that uses Microsoft Defender for Cloud and contains a resource group named RG1. RG1. You need to configure just in time (JIT) VM access for the virtual machines in RG1.

The solution must meet the following

• Limit the maximum request time to two hours.

• Limit protocol access to Remote Desktop Protocol (RDP) only.

• Minimize administrative effort.

What should you use?

Azure AD Privileged Identity Management (PIM)

Azure Policy

Azure Front Door

Azure Bastion

Show Answer Comment (0)

Question 164

You have a Microsoft Sentinel workspace named Workspace1.

You need to exclude a built-in, source-specific Advanced Security information Model (ASIM) parse from a built-in unified ASIM parser.

What should you create in Workspace1?

a watch list

an analytic rule

a hunting query

a workbook

Show Answer Comment (0)

Question 165

You have an Azure subscription that uses Microsoft Defender for Endpoint.

You need to ensure that you can allow or block a user-specified range of IP addresses and URLs.

What should you enable first in the advanced features from the Endpoints Settings in the Microsoft 365 Defender portal?

endpoint detection and response (EDR) in block mode

custom network indicators

web content filtering

Live response for servers

Show Answer Comment (0)

Question 166

You have an Azure subscription that uses Microsoft Defender for Cloud and contains a storage account named storage1. You receive an alert that there was an unusually high volume of delete operations on the blobs in storage1.

You need to identify which blobs were deleted.

What should you review?

the Azure Storage Analytics logs

the activity logs of storage1

the alert details

the related entities of the alert

Show Answer Comment (0)

Suggested answer: B

asked 05/10/2024

Kefash White

45 questions

Question 167

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You have a virtual machine that runs Windows 10 and has the Log Analytics agent installed.

You need to simulate an attack on the virtual machine that will generate an alert.

What should you do first?

Run the Log Analytics Troubleshooting Tool.

Copy a executable and rename the file as ASC_AlerTest_662jf10N,exe

Modify the settings of the Microsoft Monitoring Agent.

Run the MMASetup executable and specify the -foo argument

Show Answer Comment (0)

Suggested answer: B

asked 05/10/2024

Max Lenin Dos Santos Torres

52 questions

Question 168

HOTSPOT

You have the following KQL query.

Microsoft SC-200 image Question 34 107921 10052024010847000000

Microsoft SC-200 image Question 168 107921 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 168 107921 10052024010847000

asked 05/10/2024

James Valdivia

35 questions

Question 169

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint.

You need to add threat indicators for all the IP addresses in a range of 171.23.3432-171.2334.63. The solution must minimize administrative effort.

What should you do in the Microsoft 365 Defender portal?

Create an import file that contains the IP address of 171.23.34.32/27. Select Import and import the file.

Select Add indicator and set the IP address to 171.2334.32-171.23.34.63.

Select Add indicator and set the IP address to 171.23.34.32/27

Create an import file that contains the individual IP addresses in the range. Select Import and import the file.

Show Answer Comment (0)

Question 170

Your company has an on-premises network that uses Microsoft Defender for Identity.

The Microsoft Secure Score for the company includes a security assessment associated with unsecure Kerberos delegation.

You need remediate the security risk.

What should you do?

Install the Local Administrator Password Solution (LAPS) extension on the computers listed as exposed entities.

Modify the properties of the computer objects listed as exposed entities.

Disable legacy protocols on the computers listed as exposed entities.

Enforce LDAP signing on the computers listed as exposed entities.

Show Answer Comment (0)

Suggested answer: B

Explanation:

asked 05/10/2024

Tuukka Valkeasuo

40 questions

Total 323 questions

15 16 17 18 19

Go to page: of 33

Question

Case Study

Question 161 (0)

DRAG DROP A company wants to analyze by using Microsoft 365 Apps. You need to describe the connected experiences the company can use. Which connected experiences should you describe? To answer, d

Question 162 (0)

You have a custom Microsoft Sentinel workbook named Workbooks. You need to add a grid to Workbook1. The solution must ensure that the grid contains a maximum of 100 rows. What should you do?

Question 163 (0)

You have an Azure subscription that uses Microsoft Defender for Cloud and contains a resource group named RG1. RG1. You need to configure just in time (JIT) VM access for the virtual machines in RG1

Question 164 (0)

You have a Microsoft Sentinel workspace named Workspace1. You need to exclude a built-in, source-specific Advanced Security information Model (ASIM) parse from a built-in unified ASIM parser. What

Question 165 (0)

You have an Azure subscription that uses Microsoft Defender for Endpoint. You need to ensure that you can allow or block a user-specified range of IP addresses and URLs. What should you enable fir

Question 166 (0)

You have an Azure subscription that uses Microsoft Defender for Cloud and contains a storage account named storage1. You receive an alert that there was an unusually high volume of delete operations

Question 167 (0)

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You have a virtual machine that runs Windows 10 and has the Log Analytics agent installed. You need to simulate an att

Question 168 (0)

HOTSPOT You have the following KQL query.

Question 169 (0)

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint. You need to add threat indicators for all the IP addresses in a range of 171.23.3432-171.2334.63. The solution must

Question 170 (0)

Your company has an on-premises network that uses Microsoft Defender for Identity. The Microsoft Secure Score for the company includes a security assessment associated with unsecure Kerberos delega

Related questions

You have a Microsoft 365 subscription that contains 1,000 Windows 10 devices. The devices have Microsoft Office 365 installed. You need to mitigate the following device threats: Microsoft Excel macros that download scripts from untrusted websites Users that open executable attachments in Microsoft Outlook Outlook rules and forms exploits What should you use?

HOTSPOT You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have an Azure DevOps organization named AzDO1. You need to integrate Sub! and AzDO1. The solution must meet the following requirements: * Detect secrets exposed in pipelines by using Defender for Cloud. * Minimize administrative effort.

DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

HOTSPOT You have an Azure DevOps organization that uses Microsoft Defender for DevOps. The organization contains an Azure DevOps repository named Repo1 and an Azure Pipelines pipeline named Pipeline1. Pipeline1 is used to build and deploy code stored in Repo1. You need to ensure that when Pipeline1 runs, Microsoft Defender for Cloud can perform secret scanning of the code in Repo1. What should you install in the organization, and what should you add to the YAML file of Pipeline'!? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscription. You need to use Defender for Cloud to protect on-premises computers. What should you do on the on-premises computers?

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a user named User1. You need to ensure that User1 can manage Microsoft Defender XDR custom detection rules and Endpoint security policies. The solution must follow the principle of least privilege. Which role should you assign to User1?

HOTSPOT You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours. how should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

DRAG DROP You have a Microsoft Sentinel workspace that contains the following Advanced Security Information Model (ASIM) parsers: * _Im_ProcessCreate * InProceessCreate You create a new source-specific parser named vimProcessCreate. You need to modify the parsers to meet the following requirements: * Call all the ProcessCreate parsers. * Standardize fields to the Process schema. Which parser should you modify to meet each requirement? To answer, drag the appropriate parsers to the correct requirements. tach parser may be used once, more than once, or not at all You may need to drag the split bar between panes or scroll to view content. NOTE Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that contains 100 Linux devices. The devices are onboarded to Microsoft Defender 365. You need to initiate the collection of investigation packages from the devices by using the Microsoft 365 Defender portal. Which response action should you use?

HOTSPOT You have a Microsoft Sentinel workspace. You need to create a KQL query that will identify successful sign-ins from multiple countries during the last three hours. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point

Export

with questions and answers will be exported as:

VPLUS file

PDF file (Demo 30 questions)

Highest scored 'comment-votes'

Your question list is being generated. We'll email you once it’s ready.

If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].