Microsoft SC-200 Practice Test - Questions Answers, Page 30

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint and contains a user named user1 and a Microsoft 365 group named Group1. All users are assigned a Defender for Endpoint Plan 1 license.

You enable Microsoft Defender XDR Unified role-based access control (RBAC) for Endpoints & Vulnerability Management.

You need to ensure that User1 can configure alerts that will send email notifications to Group1. The solution must follow the principle of least privilege.

Which permissions should you assign to User1?

You have a Microsoft Sentinel workspace named SW1.

You need to identify which anomaly rules are enabled in SW1.

What should you review in Microsoft Sentine1?

HOTSPOT

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains a Windows device named Device 1. You initiate a live response session on Device1 and launch an executable file named File1.exe in the background. You need to perform the following actions:

* Identify the command ID of File1 exe.

* lnteractwithFile1.exe.

Which live response command should you run for each action? To answer, select the appropriate options in the answer area.

NOTE Each correct selection is worth one point.

HOTSPOT

You have a Microsoft 365 subscription that uses Microsoft Purview and contains a Microsoft SharePoint Online site named Site1. Site1 contains the files shown in the following table.

From Microsoft Purview, you create the content search queries shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE; Each correct selection is worth one point.

HOTSPOT

You have a Microsoft Sentine1 workspace that contains a custom workbook named Workbook1.

You need to create a visual in Workbook1 that will display the logon count for accounts that have logon event IDs of 4624 and 4634.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE Each correct selection is worth one point.

You have an Azure subscription that contains a resource group named RG1. RG1 contains a Microsoft Sentinel workspace. The subscription is linked to a Microsoft Entra tenant that contains a user named User1.

You need to ensure that User1 can deploy and customize Microsoft Sentine1 workbook templates. The solution must follow the principle of least privilege.

Which role should you assign to User1 for RG1?

You have 500 on-premises Windows 11 devices that use Microsoft Defender for Endpoint

You enable Network device discovery.

You need to create a hunting query that will identify discovered network devices and return the identity of the onboarded device that discovered each network device.

Which built-in function should you use?

HOTSPOT

You have a Microsoft 365 E5 subscription that contains two users named User1 and User2. You have the hunting query shown in the following exhibit.

The users perform the following actions:

* User1 assigns User2 the Global Administrator role.

* User1 creates a new user named User3 and assigns the user a Microsoft Teams license.

* User2 creates a new user named User4 and assigns the user the Security Reader role.

* User2 creates a new user named User5 and assigns the user the Security Operator role.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

HOTSPOT

You have an Azure Storage account that will be accessed by multiple Azure Functions apps during the development of an application.

You need to hide Microsoft Defender for Cloud alerts for the storage account.

Which entity type and field should you use in a suppression rule? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.