ExamGecko
Search Search Login
Home Home / Microsoft / SC-200

Microsoft SC-200 Practice Test - Questions Answers, Page 3

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have an Azure DevOps organization named AzDO1. You need to integrate Sub! and AzDO1. The solution must meet the following requirements: * Detect secrets exposed in pipelines by using Defender for Cloud. * Minimize administrative effort.
DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
HOTSPOT You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours. how should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.
HOTSPOT You have an Azure DevOps organization that uses Microsoft Defender for DevOps. The organization contains an Azure DevOps repository named Repo1 and an Azure Pipelines pipeline named Pipeline1. Pipeline1 is used to build and deploy code stored in Repo1. You need to ensure that when Pipeline1 runs, Microsoft Defender for Cloud can perform secret scanning of the code in Repo1. What should you install in the organization, and what should you add to the YAML file of Pipeline'!? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR. You need to ensure that you can investigate threats by using data in the unified audit log of Microsoft Defender for Cloud Apps. What should you configure first?
HOTSPOT You have a Microsoft Sentinel workspace that has a default data retention period of 30 days. The workspace contains two custom tables as shown in the following table. Each table ingested two records per day during the past 365 days. You build KQL statements for use in analytic rules as shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscription. You need to use Defender for Cloud to protect on-premises computers. What should you do on the on-premises computers?
HOTSPOT You have an Azure subscription that uses Microsoft Defender for Cloud and contains an Azure logic app named app1. You need to ensure that app1 launches when a specific Defender for Cloud security alert is generated. How should you complete the Azure Resource Manager (ARM) template? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point.
You have a Microsoft 365 subscription that uses Microsoft 365 Defender. You plan to create a hunting query from Microsoft Defender. You need to create a custom tracked query that will be used to assess the threat status of the subscription. From the Microsoft 365 Defender portal, which page should you use to create the query?
HOTSPOT You have an Azure subscription that uses Microsoft Defender for Cloud. You create a Google Cloud Platform (GCP) organization named GCP1. You need to onboard GCP1 to Defender for Cloud by using the native cloud connector. The solution must ensure that all future GCP projects are onboarded automatically. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Question 21

Report
Export
Collapse

HOTSPOT

You have an Azure Storage account that will be accessed by multiple Azure Function apps during the development of an application.

You need to hide Azure Defender alerts for the storage account.

Which entity type and field should you use in a suppression rule? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 21
Correct answer: Question 21

Explanation:

Reference:

https://techcommunity.microsoft.com/t5/azure-security-center/suppression-rules-for-azure-security-center-alerts-are-now/ba-p/1404920

Question 22

Report
Export
Collapse

You create an Azure subscription.

You enable Azure Defender for the subscription.

You need to use Azure Defender to protect on-premises computers.

What should you do on the on-premises computers?

A.

Install the Log Analytics agent.

A.

Install the Log Analytics agent.

Answers
B.

Install the Dependency agent.

B.

Install the Dependency agent.

Answers
C.

Configure the Hybrid Runbook Worker role.

C.

Configure the Hybrid Runbook Worker role.

Answers
D.

Install the Connected Machine agent.

D.

Install the Connected Machine agent.

Answers
Suggested answer: A

Explanation:


Security Center collects data from your Azure virtual machines (VMs), virtual machine scale sets, IaaS containers, and non-Azure (including on-premises) machines to monitor for security vulnerabilities and threats.

Data is collected using:

The Log Analytics agent, which reads various security-related configurations and event logs from the machine and copies the data to your workspace for analysis. Examples of such data are: operating system type and version, operating system logs (Windows event logs), running processes, machine name, IP addresses, and logged in user.

Security extensions, such as the Azure Policy Add-on for Kubernetes, which can also provide data to Security Center regarding specialized resource types.

Reference:

https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection

Question 23

Report
Export
Collapse

A security administrator receives email alerts from Azure Defender for activities such as potential malware uploaded to a storage account and potential successful brute force attacks.

The security administrator does NOT receive email alerts for activities such as antimalware action failed and suspicious network activity. The alerts appear in Azure Security Center.

You need to ensure that the security administrator receives email alerts for all the activities.

What should you configure in the Security Center settings?

A.

the severity level of email notifications

A.

the severity level of email notifications

Answers
B.

a cloud connector

B.

a cloud connector

Answers
C.

the Azure Defender plans

C.

the Azure Defender plans

Answers
D.

the integration settings for Threat detection

D.

the integration settings for Threat detection

Answers
Suggested answer: A

Explanation:

Reference:

https://techcommunity.microsoft.com/t5/microsoft-365-defender/get-email-notifications-on-new-incidents-from-microsoft-365/ba-p/2012518

Question 24

Report
Export
Collapse

DRAG DROP

You have an Azure Functions app that generates thousands of alerts in Azure Security Center each day for normal activity.

You need to hide the alerts automatically in Security Center.

Which three actions should you perform in sequence in Security Center? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.


Question 24
Correct answer: Question 24

Explanation:

Reference:

https://techcommunity.microsoft.com/t5/azure-security-center/suppression-rules-for-azure-security-center-alerts-are-now/ba-p/1404920

Question 25

Report
Export
Collapse

DRAG DROP

You have an Azure subscription.

You need to delegate permissions to meet the following requirements:

Enable and disable Azure Defender.

Apply security recommendations to resource.

The solution must use the principle of least privilege.

Which Azure Security Center role should you use for each requirement? To answer, drag the appropriate roles to the correct requirements. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.


Question 25
Correct answer: Question 25

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/security-center/security-center-permissions

Question 26

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that uses Azure Defender.

You plan to use Azure Security Center workflow automation to respond to Azure Defender threat alerts.

You need to create an Azure policy that will perform threat remediation automatically.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 26
Correct answer: Question 26

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects

https://docs.microsoft.com/en-us/azure/security-center/workflow-automation

Question 27

Report
Export
Collapse

You plan to create a custom Azure Sentinel query that will track anomalous Azure Active Directory (Azure AD) sign-in activity and present the activity as a time chart aggregated by day.

You need to create a query that will be used to display the time chart.

What should you include in the query?

A.

extend

A.

extend

Answers
B.

bin

B.

bin

Answers
C.

makeset

C.

makeset

Answers
D.

workspace

D.

workspace

Answers
Suggested answer: B

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/loqs/qet-started-queries

Question 28

Report
Export
Collapse

You are configuring Azure Sentinel.

You need to send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected.

Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

Add a playbook.

A.

Add a playbook.

Answers
B.

Associate a playbook to an incident.

B.

Associate a playbook to an incident.

Answers
C.

Enable Entity behavior analytics.

C.

Enable Entity behavior analytics.

Answers
D.

Create a workbook.

D.

Create a workbook.

Answers
E.

Enable the Fusion rule.

E.

Enable the Fusion rule.

Answers
Suggested answer: A, B

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook

Question 29

Report
Export
Collapse

You need to visualize Azure Sentinel data and enrich the data by using third-party data sources to identify indicators of compromise (loC).

What should you use?

A.

notebooks in Azure Sentinel

A.

notebooks in Azure Sentinel

Answers
B.

Microsoft Cloud App Security

B.

Microsoft Cloud App Security

Answers
C.

Azure Monitor

C.

Azure Monitor

Answers
D.

hunting queries in Azure Sentinel

D.

hunting queries in Azure Sentinel

Answers
Suggested answer: A

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/sentinel/notebooks

Question 30

Report
Export
Collapse

You plan to create a custom Azure Sentinel query that will provide a visual representation of the security alerts generated by Azure Security Center.

You need to create a query that will be used to display a bar graph.

What should you include in the query?

A.

extend

A.

extend

Answers
B.

bin

B.

bin

Answers
C.

count

C.

count

Answers
D.

workspace

D.

workspace

Answers
Suggested answer: B

Explanation:


Total 295 questions
Go to page: of 30
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms