Home / Microsoft / SC-200

Microsoft SC-200 Practice Test - Questions Answers, Page 19

Question list

List of questions

Question 181

(0)

You have an Azure subscription that contains a user named User1. User1 is assigned an Azure Active Directory Premium Plan 2 license You need to identify whether the identity of User1 was compromis

Question 182

(0)

You have an Azure subscription that uses Microsoft Defender fof Ctoud. You have an Amazon Web Services (AWS) account that contains an Amazon Elastic Compute Cloud (EC2) instance named EC2-1. You n

Question 183

(0)

You have a Microsoft Sentinel workspace named Workspace1 and 200 custom Advanced Security Information Model (ASIM) parsers based on the DNS schema. You need to make the 200 parsers available in Work

Question 184

(0)

You use Microsoft Sentinel. You need to receive an alert in near real-time whenever Azure Storage account keys are enumerated. Which two actions should you perform? Each correct answer presents pa

Question 185

(0)

You need to minimize the effort required to investigate the Microsoft Defender for Identity false positive alerts. What should you review?

Question 186

(0)

HOTSPOT You need to meet the Microsoft Defender for Cloud Apps requirements What should you do? To answer. select the appropriate options in the answer area. NOTE: Each correct selection is worth

Question 187

(0)

You need to deploy the native cloud connector to Account! to meet the Microsoft Defender for Cloud requirements. What should you do in Account! first?

Question 188

(0)

HOTSPOT You need to create a query to investigate DNS-related activity. The solution must meet the Microsoft Sentinel requirements. How should you complete the Query? To answer, select the appropri

Question 189

(0)

HOTSPOT You need to assign role-based access control (RBAQ roles to Group1 and Group2 to meet The Microsoft Defender for Cloud requirements and the business requirements Which role should you assig

Question 190

(0)

You need to ensure that you can run hunting queries to meet the Microsoft Sentinel requirements. Which type of workspace should you create?

Related questions

HOTSPOT You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have an Azure DevOps organization named AzDO1. You need to integrate Sub! and AzDO1. The solution must meet the following requirements: * Detect secrets exposed in pipelines by using Defender for Cloud. * Minimize administrative effort.

DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

HOTSPOT You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours. how should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

HOTSPOT You have an Azure DevOps organization that uses Microsoft Defender for DevOps. The organization contains an Azure DevOps repository named Repo1 and an Azure Pipelines pipeline named Pipeline1. Pipeline1 is used to build and deploy code stored in Repo1. You need to ensure that when Pipeline1 runs, Microsoft Defender for Cloud can perform secret scanning of the code in Repo1. What should you install in the organization, and what should you add to the YAML file of Pipeline'!? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscription. You need to use Defender for Cloud to protect on-premises computers. What should you do on the on-premises computers?

You have a Microsoft 365 subscription that uses Microsoft 365 Defender. You plan to create a hunting query from Microsoft Defender. You need to create a custom tracked query that will be used to assess the threat status of the subscription. From the Microsoft 365 Defender portal, which page should you use to create the query?

HOTSPOT You have an Azure subscription that uses Microsoft Defender for Cloud and contains an Azure logic app named app1. You need to ensure that app1 launches when a specific Defender for Cloud security alert is generated. How should you complete the Azure Resource Manager (ARM) template? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR. You need to ensure that you can investigate threats by using data in the unified audit log of Microsoft Defender for Cloud Apps. What should you configure first?

HOTSPOT You have a Microsoft Sentinel workspace that has a default data retention period of 30 days. The workspace contains two custom tables as shown in the following table. Each table ingested two records per day during the past 365 days. You build KQL statements for use in analytic rules as shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

HOTSPOT You have an Azure subscription that uses Microsoft Defender for Cloud. You create a Google Cloud Platform (GCP) organization named GCP1. You need to onboard GCP1 to Defender for Cloud by using the native cloud connector. The solution must ensure that all future GCP projects are onboarded automatically. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Question 181

You have an Azure subscription that contains a user named User1.

User1 is assigned an Azure Active Directory Premium Plan 2 license

You need to identify whether the identity of User1 was compromised during the last 90 days.

What should you use?

the risk detections report

the risky users report

Identity Secure Score recommendations

the risky sign-ins report

Show Answer Comment (0)

Question 182

You have an Azure subscription that uses Microsoft Defender fof Ctoud.

You have an Amazon Web Services (AWS) account that contains an Amazon Elastic Compute Cloud (EC2) instance named EC2-1.

You need to onboard EC2-1 to Defender for Cloud.

What should you install on EC2-1?

the Log Analytics agent

the Azure Connected Machine agent

the unified Microsoft Defender for Endpoint solution package

Microsoft Monitoring Agent

Show Answer Comment (0)

You have a Microsoft Sentinel workspace named Workspace1 and 200 custom Advanced Security Information Model (ASIM) parsers based on the DNS schema. You need to make the 200 parsers available in Workspace1. The solution must minimize administrative effort. What should you do first?

Copy the parsers to the Azure Monitor Logs page.

Create a JSON file based on the DNS template.

Create an XML file based on the DNS template.

Create a YAML file based on the DNS template.

Show Answer Comment (0)

Question 184

You use Microsoft Sentinel.

You need to receive an alert in near real-time whenever Azure Storage account keys are enumerated.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE:

Each correct selection is worth one point

Create a bookmark.

Create an analytics rule.

Create a livestream.

Create a hunting query.

Add a data connector.

Show Answer Comment (0)

Question 185

You need to minimize the effort required to investigate the Microsoft Defender for Identity false positive alerts. What should you review?

the status update time

the alert status

the certainty of the source computer

the resolution method of the source computer

Show Answer Comment (0)

Question 186

HOTSPOT

You need to meet the Microsoft Defender for Cloud Apps requirements

What should you do? To answer. select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Answer Comment (0)

Question 187

You need to deploy the native cloud connector to Account! to meet the Microsoft Defender for Cloud requirements. What should you do in Account! first?

Create an AWS user for Defender for Cloud.

Create an Access control (1AM) role for Defender for Cloud.

Configure AWS Security Hub.

Deploy the AWS Systems Manager (SSM) agent

Show Answer Comment (0)

Question 188

HOTSPOT

You need to create a query to investigate DNS-related activity. The solution must meet the Microsoft Sentinel requirements. How should you complete the Query? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point.

Show Answer Comment (0)

Question 189

HOTSPOT

You need to assign role-based access control (RBAQ roles to Group1 and Group2 to meet The Microsoft Defender for Cloud requirements and the business requirements Which role should you assign to each group? To answer, select the appropriate options in the answer area NOTE Eachcorrect selection is worth one point.