ExamGecko
Login
Home / Microsoft / SC-200 / List of questions
Ask Question

Microsoft SC-200 Practice Test - Questions Answers, Page 24

Add to Whishlist

List of questions

Question 231

Report Export Collapse

DRAG DROP

You have an Azure subscription that contains the users shown in the following table.

Microsoft SC-200 image Question 97 107984 10052024010847000000

You need to delegate the following tasks:

* Enable Microsoft Defender for Servers on virtual machines.

* Review security recommendations and enable server vulnerability scans.

The solution must use the principle of least privilege.

Which user should perform each task? To answer, drag the appropriate users to the correct tasks. Each user may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Microsoft SC-200 image Question 97 107984 10052024010847000000

Answer:

Microsoft SC-200 image Question 97 107984 10052024010847000000



Become a Premium Member for full access
  Unlock Premium Member

Question 232

Report Export Collapse

You have 50 Microsoft Sentinel workspaces.

You need to view all the incidents from all the workspaces on a single page in the Azure portal. The solution must minimize administrative effort.

Which page should you use in the Azure portal?

Become a Premium Member for full access
  Unlock Premium Member

Question 233

Report Export Collapse

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint

You need to identify any devices that triggered a malware alert and collect evidence related to the alert. The solution must ensure that you can use the results to initiate device isolation for the affected devices.

What should you use in the Microsoft 365 Defender portal?

Become a Premium Member for full access
  Unlock Premium Member

Question 234

Report Export Collapse

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint

You need to create a query that will link the Alertlnfo, AlertEvidence, and DeviceLogonEvents tables. The solution must return all the rows in the tables.

Which operator should you use?

Become a Premium Member for full access
  Unlock Premium Member

Question 235

Report Export Collapse

DRAG DROP

You have a Microsoft 365 E5 subscription that uses Microsoft Exchange Online.

You need to identify phishing email messages.

Which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.

Become a Premium Member for full access
  Unlock Premium Member

Question 236

Report Export Collapse

You haw the resources shown in the following Table.

Microsoft SC-200 image Question 102 107989 10052024010847000000

You have an Azure subscription that uses Microsoft Defender for Cloud.

You need to enable Microsoft Defender lot Servers on each resource.

Which resources will require the installation of the Azure Arc agent?

Become a Premium Member for full access
  Unlock Premium Member

Question 237

Report Export Collapse

HOTSPOT

You have a Microsoft 365 E5 subscription that uses Microsoft Defender 36S.

Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with Azure AD.

You need to identify the 100 most recent sign-in attempts recorded on devices and AD DS domain controllers.

How should you complete The KQL query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Become a Premium Member for full access
  Unlock Premium Member

Question 238

Report Export Collapse

HOTSPOT

You have a Microsoft Sentinel workspace.

A Microsoft Sentinel incident is generated as shewn in the following exhibit.

Microsoft SC-200 image Question 104 107991 10052024010847000000

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.


Become a Premium Member for full access
  Unlock Premium Member

Question 239

Report Export Collapse

HOTSPOT

You have an Azure subscription that uses Microsoft Defender for Cloud.

You create a Google Cloud Platform (GCP) organization named GCP1.

You need to onboard GCP1 to Defender for Cloud by using the native cloud connector. The solution must ensure that all future GCP projects are onboarded automatically.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Become a Premium Member for full access
  Unlock Premium Member

Question 240

Report Export Collapse

HOTSPOT

You have an Azure subscription that is linked to a hybrid Azure AD tenant and contains a Microsoft Sentinel workspace named Sentinel1.

You need to enable User and Entity Behavior Analytics (UEBA) for Sentinel 1 and configure UEBA to use data collected from Active Directory Domain Services (AD OS).

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Become a Premium Member for full access
  Unlock Premium Member
Total 323 questions
Go to page: of 33
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have a Microsoft 365 subscription that contains 1,000 Windows 10 devices. The devices have Microsoft Office 365 installed. You need to mitigate the following device threats: Microsoft Excel macros that download scripts from untrusted websites Users that open executable attachments in Microsoft Outlook Outlook rules and forms exploits What should you use?
HOTSPOT You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have an Azure DevOps organization named AzDO1. You need to integrate Sub! and AzDO1. The solution must meet the following requirements: * Detect secrets exposed in pipelines by using Defender for Cloud. * Minimize administrative effort.
DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
HOTSPOT You have an Azure DevOps organization that uses Microsoft Defender for DevOps. The organization contains an Azure DevOps repository named Repo1 and an Azure Pipelines pipeline named Pipeline1. Pipeline1 is used to build and deploy code stored in Repo1. You need to ensure that when Pipeline1 runs, Microsoft Defender for Cloud can perform secret scanning of the code in Repo1. What should you install in the organization, and what should you add to the YAML file of Pipeline'!? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscription. You need to use Defender for Cloud to protect on-premises computers. What should you do on the on-premises computers?
You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a user named User1. You need to ensure that User1 can manage Microsoft Defender XDR custom detection rules and Endpoint security policies. The solution must follow the principle of least privilege. Which role should you assign to User1?
HOTSPOT You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours. how should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.
DRAG DROP You have a Microsoft Sentinel workspace that contains the following Advanced Security Information Model (ASIM) parsers: * _Im_ProcessCreate * InProceessCreate You create a new source-specific parser named vimProcessCreate. You need to modify the parsers to meet the following requirements: * Call all the ProcessCreate parsers. * Standardize fields to the Process schema. Which parser should you modify to meet each requirement? To answer, drag the appropriate parsers to the correct requirements. tach parser may be used once, more than once, or not at all You may need to drag the split bar between panes or scroll to view content. NOTE Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that contains 100 Linux devices. The devices are onboarded to Microsoft Defender 365. You need to initiate the collection of investigation packages from the devices by using the Microsoft 365 Defender portal. Which response action should you use?
HOTSPOT You have a Microsoft Sentinel workspace. You need to create a KQL query that will identify successful sign-ins from multiple countries during the last three hours. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point