Microsoft SC-200 Practice Test - Questions Answers, Page 24
Question list
List of questions
Related questions
You have an Azure subscription that uses Microsoft Defender for Cloud.
You have an Amazon Web Services (AWS) subscription. The subscription contains multiple virtual machines that run Windows Server.
You need to enable Microsoft Defender for Servers on the virtual machines.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct answer is worth one point.
From Defender for Cloud, enable agentless scanning.
Install the Azure Virtual Machine Agent (VM Agent) on each virtual machine.
Onboard the virtual machines to Microsoft Defender for Endpoint.
From Defender for Cloud, configure auto-provisioning.
From Defender for Cloud, configure the AWS connector.
You have a Microsoft 365 E5 subscription that contains 100 Linux devices. The devices are onboarded to Microsoft Defender 365. You need to initiate the collection of investigation packages from the devices by using the Microsoft 365 Defender portal. Which response action should you use?
Run antivirus scan
Initiate Automated Investigation
Collect investigation package
Initiate Live Response Session
You have a Microsoft Sentinel workspace that uses the Microsoft 365 Defender data connector.
From Microsoft Sentinel, you investigate a Microsoft 365 incident.
You need to update the incident to include an alert generated by Microsoft Defender for Cloud Apps.
What should you use?
the entity side panel of the Timeline card in Microsoft Sentinel
the investigation graph on the Incidents page of Microsoft Sentinel
the Timeline tab on the Incidents page of Microsoft Sentinel
the Alerts page in the Microsoft 365 Defender portal
OTSPOT
You have four Azure subscriptions. One of the subscriptions contains a Microsoft Sentinel workspace.
You need to deploy Microsoft Sentinel data connectors to collect data from the subscriptions by using Azure Policy. The solution must ensure that the policy will apply to new and existing resources in the subscriptions.
Which type of connectors should you provision, and what should you use to ensure that all the resources are monitored? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft Sentinel playbook that is triggered by using the Azure Activity connector.
You need to create a new near-real-time (NRT) analytics rule that will use the playbook.
What should you configure for the rule?
the Incident automation settings
entity mapping
the query rule
the Alert automation settings
HOTSPOT
You have an Azure subscription that uses Microsoft Sentinel and contains a user named User1.
You need to ensure that User1 can enable User and Entity Behavior Analytics (UEBA) for entity behavior in the Microsoft Entra tenant. The solution must use the principle of least privilege.
Which roles should you assign to User1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
HOTSPOT
You have a Microsoft Sentinel workspace that contains a custom workbook.
You need to query the number of daily security alerts. The solution must meet the following requirements:
* Identify alerts that occurred during the last 30 days.
* Display the results in a timechart.
How should you complete the query? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
You have an Azure subscription that uses Microsoft Sentinel and contains 100 Linux virtual machines.
You need to monitor the virtual machines by using Microsoft Sentinel. The solution must meet the fallowing requirements:
* Minimize administrative effort
* Minimize the parsing required to read log data
What should you configure?
REST API integration
a SysJog connector
a Log Analytics Data Collector API
a Common Event Format (CEF) connector
HOTSPOT
You have an Microsoft Sentinel workspace named SW1.
You plan to create a custom workbook that will include a time chart.
You need to create a query that will identify the number of security alerts per day for each provider.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
HOTSPOT
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint. You need to create a detection rule that meets the following requirements:
* Is triggered when a device that has critical software vulnerabilities was active during the last hour
* Limits the number of duplicate results
How should you complete the KQL query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question