Home / Microsoft / SC-200

Microsoft SC-200 Practice Test - Questions Answers, Page 20

Question list

List of questions

Question 191

(0)

You need to correlate data from the SecurityEvent Log Anarytks table to meet the Microsoft Sentinel requirements for using UEBA. Which Log Analytics table should you use?

Question 192

(0)

You need to identify which mean time metrics to use to meet the Microsoft Sentinel requirements. Which workbook should you use?

Question 193

(0)

You need to meet the Microsoft Sentinel requirements for App1. What should you configure for App1?

Question 194

(0)

HOTSPOT You need to meet the Microsoft Sentinel requirements for collecting Windows Security event logs. What should you do? To answer, select the appropriate options in the answer area. NOTE Each

Question 195

(0)

HOTSPOT You have 100 Azure subscriptions that have enhanced security features m Microsoft Defender for Cloud enabled. All the subscriptions are linked to a single Azure AD tenant. You need to strea

Question 196

(0)

HOTSPOT You have a Microsoft 365 E5 subscription that contains two users named User! and User2. You have the hunting query shown in the following exhibit. The users perform the following anions:

Question 197

(0)

You have an Azure subscription that uses resource type for Cloud . You need to filter the security alerts view to show the following alerts: • Unusual user accessed a key vault • Log on from an u

Question 198

(0)

HOTSPOT You need to implement Microsoft Sentinel queries for Contoso and Fabrikam to meet the technical requirements. What should you include in the solution? To answer, select the appropriate opt

Question 199

(0)

HOTSPOT You have a Microsoft 365 E5 subscription that uses Microsoft 365 Defender for Endpoint. You need to ensure that you can initiate remote shell connections to Windows servers by using the Mi

Question 200

(0)

You have an Azure subscription that contains an Microsoft Sentinel workspace. You need to create a playbook that will run automatically in response to an Microsoft Sentinel alert. What should you

Related questions

HOTSPOT You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have an Azure DevOps organization named AzDO1. You need to integrate Sub! and AzDO1. The solution must meet the following requirements: * Detect secrets exposed in pipelines by using Defender for Cloud. * Minimize administrative effort.

DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

HOTSPOT You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours. how should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

HOTSPOT You have an Azure DevOps organization that uses Microsoft Defender for DevOps. The organization contains an Azure DevOps repository named Repo1 and an Azure Pipelines pipeline named Pipeline1. Pipeline1 is used to build and deploy code stored in Repo1. You need to ensure that when Pipeline1 runs, Microsoft Defender for Cloud can perform secret scanning of the code in Repo1. What should you install in the organization, and what should you add to the YAML file of Pipeline'!? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscription. You need to use Defender for Cloud to protect on-premises computers. What should you do on the on-premises computers?

You have a Microsoft 365 subscription that uses Microsoft 365 Defender. You plan to create a hunting query from Microsoft Defender. You need to create a custom tracked query that will be used to assess the threat status of the subscription. From the Microsoft 365 Defender portal, which page should you use to create the query?

HOTSPOT You have an Azure subscription that uses Microsoft Defender for Cloud and contains an Azure logic app named app1. You need to ensure that app1 launches when a specific Defender for Cloud security alert is generated. How should you complete the Azure Resource Manager (ARM) template? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR. You need to ensure that you can investigate threats by using data in the unified audit log of Microsoft Defender for Cloud Apps. What should you configure first?

HOTSPOT You have a Microsoft Sentinel workspace that has a default data retention period of 30 days. The workspace contains two custom tables as shown in the following table. Each table ingested two records per day during the past 365 days. You build KQL statements for use in analytic rules as shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

HOTSPOT You have an Azure subscription that uses Microsoft Defender for Cloud. You create a Google Cloud Platform (GCP) organization named GCP1. You need to onboard GCP1 to Defender for Cloud by using the native cloud connector. The solution must ensure that all future GCP projects are onboarded automatically. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Question 191

You need to correlate data from the SecurityEvent Log Anarytks table to meet the Microsoft Sentinel requirements for using UEBA. Which Log Analytics table should you use?

SentwlAuoNt

AADRiskyUsers

IdentityOirectoryEvents

Identityinfo

Show Answer Comment (0)

Question 192

You need to identify which mean time metrics to use to meet the Microsoft Sentinel requirements.

Which workbook should you use?

Analytics Efficiency

Security Operations Efficiency

Event Analyzer

Investigation insights

Show Answer Comment (0)

Question 193

You need to meet the Microsoft Sentinel requirements for App1. What should you configure for App1?

an API connection

a trigger

an connector

authorization

Show Answer Comment (0)

Question 194

HOTSPOT

You need to meet the Microsoft Sentinel requirements for collecting Windows Security event logs.

What should you do? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

Show Answer Comment (0)

You have 100 Azure subscriptions that have enhanced security features m Microsoft Defender for Cloud enabled. All the subscriptions are linked to a single Azure AD tenant. You need to stream the Defender for Cloud togs to a syslog server. The solution must minimize administrative effort What should you do? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point

Show Answer Comment (0)

Question 196

HOTSPOT

You have a Microsoft 365 E5 subscription that contains two users named User! and User2. You have the hunting query shown in the following exhibit.

The users perform the following anions:

• User1 assigns User2 the Global administrator role.

• User1 creates a new user named User3 and assigns the user a Microsoft Teams license.

• User2 creates a new user named User4 and assigns the user the Security reader role.

• User2 creates a new user named User5 and assigns the user the Security operator role.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Answer Comment (0)

Question 197

You have an Azure subscription that uses resource type for Cloud. You need to filter the security alerts view to show the following alerts:

• Unusual user accessed a key vault

• Log on from an unusual location

• Impossible travel activity

Which severity should you use?

Informational

Low

Medium

High

Show Answer Comment (0)

Question 198

HOTSPOT

You need to implement Microsoft Sentinel queries for Contoso and Fabrikam to meet the technical requirements.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Answer Comment (0)

Question 199

HOTSPOT

You have a Microsoft 365 E5 subscription that uses Microsoft 365 Defender for Endpoint.

You need to ensure that you can initiate remote shell connections to Windows servers by using the Microsoft 365 Defender portal.

What should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Answer Comment (0)

Question 200

You have an Azure subscription that contains an Microsoft Sentinel workspace.

You need to create a playbook that will run automatically in response to an Microsoft Sentinel alert.

What should you create first?

a trigger in Azure Functions

an Azure logic app

a hunting query in Microsoft Sentinel

an automation rule in Microsoft Sentinel

Show Answer Comment (0)

Total 295 questions

18 19 20 21 22

Go to page: of 30