Microsoft SC-200 Practice Test - Questions Answers, Page 31

You have an Azure subscription that contains a user named User1 and a Microsoft Sentinel workspace named WS1. WS1 uses Microsoft Defender for Cloud.

You have the Microsoft security analytics rules shown in the following table.

User1 performs an action that matches Rule1, Rule2, Rule3, and Rule4. How many incidents will be created in WS1?

HOTSPOT

You have an Azure subscription that contains 50 virtual machines.

You plan to deploy Microsoft [Defender for Cloud.

You need to enable agentless scanning for 40 virtual machines. The solution must create disk snapshots of the virtual machines and perform out-of-band analysis of the snapshots.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains 500 Windows devices. You plan to create a Microsoft Defender XDR custom deception rule. You need to ensure that the rule will be applied to only 10 specific devices. What should you do first?

You have an Azure subscription.

You need to stream the Microsoft Graph activity logs to a third-party security information and event management (SIEM) tool. The solution must minimize administrative effort.

To where should you stream the logs?

HOTSPOT

You have a Microsoft Sentinel workspace.

A Microsoft Sentinel incident is generated as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in [the graphic.

NOTE: Each correct selection is worth one point.

HOTSPOT

You have an on-premises datacenter that contains a custom web app named Appl. App1 uses Active Directory Domain Services (AD DS) authentication and is accessible by using Microsoft Entra application proxy.

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR.

You receive an alert that a user downloaded highly confidential documents.

You need to remediate the risk associated with the alert by requiring multi-factor authentication (MFA) when users use App1 to initiate the download of documents that have a Highly Confidential sensitivity label applied.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

HOTSPOT

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint.

You have the on-premises devices shown in the following table.

You are preparing an incident response plan for devices infected by malware. You need to recommend response actions that meet the following requirements:

* Block malware from communicating with and infecting managed devices.

* Do NOT affect the ability to control managed devices.

Which actions should you use for each device? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

HOTSPOT

You have a Microsoft Sentinel workspace.

You plan to visualize data from Microsoft SharePoint Online and OneDrive sites.

You need to create a KQL query for the visual. The solution must meet the following requirements:

* Select all workloads as a single operation.

* Include two parameters named Operations and Users.

* In the results, exclude empty values for the site URLs.

How should you complete the query? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

You have an Azure subscription that uses Microsoft Defender XDR.

From the Microsoft Defender portal, you perform an audit search and export the results as a file named Filel.csv that contains 10,000 rows.

You use Microsoft Excel to perform Get & Transform Data operations to parse the AuditData column from Filel.csv. The operations fail to generate columns for specific JSON properties.

You need to ensure that Excel generates columns for the specific JSON properties in the audit search results.

Solution: From Excel, you apply filters to the existing columns in Filel.csv to reduce the number of rows, and then you perform the Get & Transform Data operations to parse the AuditData column.

Does this meet the requirement?