Microsoft SC-200 Practice Test - Questions Answers, Page 27

HOTSPOT

You have an Azure subscription that contains a user named User1 and a Microsoft Sentinel workspace named WS1.

You need to ensure that User1 can enable User and Entity Behavior Analytics (UEBA) for WS1. The solution must follow the principle of least privilege.

Which roles should you assign to User1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

HOTSPOT

You have an Azure DevOps organization that uses Microsoft Defender for DevOps. The organization contains an Azure DevOps repository named Repo1 and an Azure Pipelines pipeline named Pipeline1. Pipeline1 is used to build and deploy code stored in Repo1.

You need to ensure that when Pipeline1 runs, Microsoft Defender for Cloud can perform secret scanning of the code in Repo1.

What should you install in the organization, and what should you add to the YAML file of Pipeline'!? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft Sentinel workspace named SW1.

In SW1, you investigate an incident that is associated with the following entities:

* Host

* IP address

* User account

* Malware name

Which entity can be labeled as an indicator of compromise (loC) directly from the incident s page?

You have a Microsoft 365 subscription that contains the following resources:

* 100 users that are assigned a Microsoft 365 E5 license

* 100 Windows 11 devices that are joined to the Microsoft Entra tenant

The users access their Microsoft Exchange Online mailbox by using Outlook on the web.

You need to ensure that if a user account is compromised, the Outlook on the web session token can be revoked.

What should you configure?

HOTSPOT

You have a Microsoft Sentinel workspace that has a default data retention period of 30 days. The workspace contains two custom tables as shown in the following table.

Each table ingested two records per day during the past 365 days.

You build KQL statements for use in analytic rules as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Your on-premises network contains an Active Directory Domain Services (AD DS) forest.

You have a Microsoft Entra tenant that uses Microsoft Defender for Identity. The AD DS forest syncs with the tenant

You need to create a hunting query that will identify LDAP simple binds to the AD DS domain controllers.

Which table should you query?

You have a Microsoft Sentinel workspace that contains a custom workbook named Workbook1.

You need to create a visual based on the SecuntyEvent table. The solution must meet the following requirements:

* Identify the number of security events ingested during the past week.

* Display the count of events by day in a timechart

What should you add to Workbook1?

HOTSPOT

You have a Microsoft 365 subscription

You need to identify all the security principals that submitted requests to change or delete groups. How should you complete the KQL query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

DRAG DROP

You have a Microsoft Sentinel workspace that contains the following Advanced Security Information Model (ASIM) parsers:

* _Im_ProcessCreate

* InProceessCreate

You create a new source-specific parser named vimProcessCreate.

You need to modify the parsers to meet the following requirements:

* Call all the ProcessCreate parsers.

* Standardize fields to the Process schema.

Which parser should you modify to meet each requirement? To answer, drag the appropriate parsers to the correct requirements. tach parser may be used once, more than once, or not at all You may need to drag the split bar between panes or scroll to view content.

NOTE Each correct selection is worth one point.