Home / Microsoft / SC-200 / List of questions

Ask Question

Microsoft SC-200 Practice Test - Questions Answers, Page 19

Add to Whishlist

List of questions

Question 181

You provision Azure Sentinel for a new Azure subscription.

You are configuring the Security Events connector.

While creating a new rule from a template in the connector, you decide to generate a new alert for every event.

You create the following rule query.

Microsoft SC-200 image Question 47 107934 10052024010847000000

By which two components can you group alerts into incidents? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

a workbook

a hunting query

a notebook

a playbook

Show Answer Comment (0)

Question 182

You create an Azure subscription.

You enable Microsoft Defender for Cloud for the subscription.

You need to use Defender for Cloud to protect on-premises computers.

What should you do on the on-premises computers?

Configure the Hybrid Runbook Worker role.

Install the Connected Machine agent.

Install the Log Analytics agent

Install the Dependency agent.

Show Answer Comment (0)

Question 183

DRAG DROP

You have a Microsoft Sentinel workspace that contains an Azure AD data connector.

You need to associate a bookmark with an Azure AD-related incident.

What should you do? To answer, drag the appropriate blades to the correct tasks. Each blade may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content

NOTE: Each correct selection is worth one point.

Microsoft SC-200 image Question 183 107936 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 183 107936 10052024010847000

asked 05/10/2024

Ahmed Dawoud

48 questions

Question 184

DRAG DROP

You have a Microsoft subscription that has Microsoft Defender for Cloud enabled You configure the Azure logic apps shown in the following table.

Microsoft SC-200 image Question 50 107937 10052024010847000000

You need to configure an automatic action that will run if a Suspicious process executed alert is triggered. The solution must minimize administrative effort.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Microsoft SC-200 image Question 184 107937 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 184 107937 10052024010847000

asked 05/10/2024

Peter Stones

42 questions

Question 185

DRAG DROP

You have 50 on-premises servers.

You have an Azure subscription that uses Microsoft Defender for Cloud. The Defender for Cloud deployment has Microsoft Defender for Servers and automatic provisioning enabled.

You need to configure Defender for Cloud to support the on-premises servers. The solution must meet the following requirements:

• Provide threat and vulnerability management.

• Support data collection rules.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Microsoft SC-200 image Question 185 107938 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 185 107938 10052024010847000

Explanation:

To configure Defender for Cloud to support the on-premises servers, you should perform the following three actions in sequence:

On the on-premises servers, install the Azure Connected Machine agent.

On the on-premises servers, install the Log Analytics agent.

From the Data controller settings in the Azure portal, create an Azure Arc data controller.

Once these steps are completed, the on-premises servers will be able to communicate with the

Azure Defender for Cloud deployment and will be able to support threat and vulnerability management as well as data collection rules. Reference: https://docs.microsoft.com/enus/azure/security-center/deploy-azure-security-center#on-premises-deployment

asked 05/10/2024

Mihai Stefanescu

36 questions

Question 186

HOTSPOT

You have a Microsoft Sentinel workspace.

You need to create a KQL query that will identify successful sign-ins from multiple countries during the last three hours.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE Each correct selection is worth one point

Microsoft SC-200 image Question 186 107939 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 186 107939 10052024010847000

asked 05/10/2024

Ahmed Otmani Amaoui

38 questions

Question 187

HOTSPOT

You have an Azure subscription that has Azure Defender enabled for all supported resource types.

You create an Azure logic app named LA1.

You plan to use LA1 to automatically remediate security risks detected in Defenders for Cloud.

You need to test LA1 in Defender for Cloud.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Microsoft SC-200 image Question 187 107940 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 187 107940 10052024010847000

asked 05/10/2024

Christopher Dawe

45 questions

Question 188

DRAG DROP

You are investigating an incident by using Microsoft 365 Defender.

You need to create an advanced hunting query to count failed sign-in authentications on three devices named CFOLaptop. CEOLaptop, and COOLaptop.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE Each correct selection is worth one point

Microsoft SC-200 image Question 188 107941 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 188 107941 10052024010847000

asked 05/10/2024

Ferran Ortega Torrabadell

39 questions

Question 189

HOTSPOT

You have an Azure subscription.

You plan to implement an Microsoft Sentinel workspace. You anticipate that you will ingest 20 GB of security log data per day.

You need to configure storage for the workspace. The solution must meet the following requirements:

• Minimize costs for daily ingested data.

• Maximize the data retention period without incurring extra costs.

What should you do for each requirement? To answer, select the appropriate options in the answer are a. NOTE Each correct selection is worth one point.

Microsoft SC-200 image Question 189 107942 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 189 107942 10052024010847000

asked 05/10/2024

soliman sallam

44 questions

Question 190

HOTSPOT

Your on-premises network contains 100 servers that run Windows Server.

You have an Azure subscription that uses Microsoft Sentinel.

You need to upload custom logs from the on-premises servers to Microsoft Sentinel.

What should you do? To answer, select the appropriate options m the answer area.

Microsoft SC-200 image Question 190 107943 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 190 107943 10052024010847000

Explanation:

To upload custom logs from the on-premises servers to Microsoft Sentinel, you should install the Log

Analytics agent on each of the 100 servers. The Log Analytics agent is a lightweight agent that runs on the server and allows it to connect to the cloud-based Microsoft Defender Security Center. Once installed, the agent will allow the Microsoft Sentinel service to collect and analyze the custom log data from the servers.

asked 05/10/2024

Jose Rodrigues

44 questions

Total 323 questions

17 18 19 20 21

Go to page: of 33

Question

Case Study

Question 181 (0)

You provision Azure Sentinel for a new Azure subscription. You are configuring the Security Events connector. While creating a new rule from a template in the connector, you decide to generate a n

Question 182 (0)

You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscription. You need to use Defender for Cloud to protect on-premises computers. What should you do on the on-p

Question 183 (0)

DRAG DROP You have a Microsoft Sentinel workspace that contains an Azure AD data connector. You need to associate a bookmark with an Azure AD-related incident. What should you do? To answer, drag

Question 184 (0)

DRAG DROP You have a Microsoft subscription that has Microsoft Defender for Cloud enabled You configure the Azure logic apps shown in the following table. You need to configure an automatic acti

Question 185 (0)

DRAG DROP You have 50 on-premises servers. You have an Azure subscription that uses Microsoft Defender for Cloud. The Defender for Cloud deployment has Microsoft Defender for Servers and automatic

Question 186 (0)

HOTSPOT You have a Microsoft Sentinel workspace. You need to create a KQL query that will identify successful sign-ins from multiple countries during the last three hours. How should you complete

Question 187 (0)

HOTSPOT You have an Azure subscription that has Azure Defender enabled for all supported resource types. You create an Azure logic app named LA1. You plan to use LA1 to automatically remediate se

Question 188 (0)

DRAG DROP You are investigating an incident by using Microsoft 365 Defender. You need to create an advanced hunting query to count failed sign-in authentications on three devices named CFOLaptop.

Question 189 (0)

HOTSPOT You have an Azure subscription. You plan to implement an Microsoft Sentinel workspace. You anticipate that you will ingest 20 GB of security log data per day. You need to configure storag

Question 190 (0)

HOTSPOT Your on-premises network contains 100 servers that run Windows Server. You have an Azure subscription that uses Microsoft Sentinel. You need to upload custom logs from the on-premises ser

Related questions

You have a Microsoft 365 subscription that contains 1,000 Windows 10 devices. The devices have Microsoft Office 365 installed. You need to mitigate the following device threats: Microsoft Excel macros that download scripts from untrusted websites Users that open executable attachments in Microsoft Outlook Outlook rules and forms exploits What should you use?

HOTSPOT You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have an Azure DevOps organization named AzDO1. You need to integrate Sub! and AzDO1. The solution must meet the following requirements: * Detect secrets exposed in pipelines by using Defender for Cloud. * Minimize administrative effort.

DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

HOTSPOT You have an Azure DevOps organization that uses Microsoft Defender for DevOps. The organization contains an Azure DevOps repository named Repo1 and an Azure Pipelines pipeline named Pipeline1. Pipeline1 is used to build and deploy code stored in Repo1. You need to ensure that when Pipeline1 runs, Microsoft Defender for Cloud can perform secret scanning of the code in Repo1. What should you install in the organization, and what should you add to the YAML file of Pipeline'!? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscription. You need to use Defender for Cloud to protect on-premises computers. What should you do on the on-premises computers?

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a user named User1. You need to ensure that User1 can manage Microsoft Defender XDR custom detection rules and Endpoint security policies. The solution must follow the principle of least privilege. Which role should you assign to User1?

HOTSPOT You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours. how should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

DRAG DROP You have a Microsoft Sentinel workspace that contains the following Advanced Security Information Model (ASIM) parsers: * _Im_ProcessCreate * InProceessCreate You create a new source-specific parser named vimProcessCreate. You need to modify the parsers to meet the following requirements: * Call all the ProcessCreate parsers. * Standardize fields to the Process schema. Which parser should you modify to meet each requirement? To answer, drag the appropriate parsers to the correct requirements. tach parser may be used once, more than once, or not at all You may need to drag the split bar between panes or scroll to view content. NOTE Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that contains 100 Linux devices. The devices are onboarded to Microsoft Defender 365. You need to initiate the collection of investigation packages from the devices by using the Microsoft 365 Defender portal. Which response action should you use?

HOTSPOT You have a Microsoft Sentinel workspace. You need to create a KQL query that will identify successful sign-ins from multiple countries during the last three hours. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point

Export

with questions and answers will be exported as:

VPLUS file

PDF file (Demo 30 questions)

Highest scored 'comment-votes'

Your question list is being generated. We'll email you once it’s ready.

If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].