Microsoft SC-200 Practice Test - Questions Answers, Page 32

You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to implement deception rules. The solution must ensure that you can limit the scope of the rules.

What should you create first?

HOTSPOT

You need to build a KQL query in a Microsoft Sentinel workspace. The query must return the SecurityEvent record for accounts that have the last record with an EventID value of 4624. How should you complete the query' To answer, select the appropriate options in the answer area.

NOTE: Each coned selection is worth one point

HOTSPOT

You have the resources shown in the following table.

You have an Azure subscription that uses Mictosoft Defender for Cloud.

You need to use Defender for Cloud to protect VM1 and Server1. The solution must meet the following requirements:

* Support Advanced Threat Protection and vulnerability assessment

* Register each SQL Server 2022 instance as a SQL virtual machine.

* Minimize implementation and administrative effort

What should you deploy to each server? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription.

You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode. You need to ensure that the devices are protected from malicious artifacts that were undetected by the third-party antivirus product Solution: You enable automated investigation and response (AIR) Does this meet the goal?

You have 500 on-premises devices.

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR.

You onboard 100 devices to Microsoft Defender XDR.

You need to identify any unmanaged on-premises devices. The solution must ensure that only specific onboarded devices perform the discovery.

What should you do first?

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint and contains the devices shown in the following table.

You initiate a live response session on each device.

You need to collect a Defender for Endpoint investigation package from each device.

On which devices can you collect the package by running advanced live response commands from the command-line interface (CLI)?

HOTSPOT

You have a Microsoft 365 E5 subscription that contains the hosts shown in the following table.

You have indicators in Microsoft Defender for Endpoint as shown in the following table.

D1 and ID2 reference the same tile as ID3

For each of the following statements, select Yes if the statement is true Otherwise, select No.

NOTE: Each correction selection is worth one point.

HOTSPOT

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR.

Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with a Microsoft Entra tenant.

You need to identify LDAP requests by AD DS users to enumerate AD DS objects.

How should you complete the KQL query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

HOTSPOT

You have an Azure subscription that contains a Log Analytics workspace named Workspace1.

You configure Azure activity logs and Microsoft Entra ID logs to be forwarded to Workspace1.

You need to query Workspace1 to identify all the requests that failed due to insufficient authorization.

How should you complete the KQL query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.