ExamGecko
Login
Home / Microsoft / SC-200 / List of questions
Ask Question

Microsoft SC-200 Practice Test - Questions Answers, Page 33

Add to Whishlist

List of questions

Question 321

Report Export Collapse

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.

You discover that when Microsoft Defender for Endpoint generates alerts for a commonly used executable file, it causes alert fatigue. You need to tune the alerts.

Which two actions can an alert tuning rule perform for the alerts?

Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Become a Premium Member for full access
  Unlock Premium Member

Question 322

Report Export Collapse

You have a Microsoft 365 subscription.

You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode.

You need to ensure that the devices are protected from malicious artifacts that were undetected by the third -party antivirus product.

Solution: You configure endpoint detection and response (EDR) in block mode.

Does this meet the goal?

Become a Premium Member for full access
  Unlock Premium Member

Question 323

Report Export Collapse

You have a Microsoft 365 subscription.

You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode. You need to ensure that the devices are protected from malicious artifacts that were undetected by the third-party antivirus product. Solution: You configure Controlled folder access. Does this meet the goal?

Become a Premium Member for full access
  Unlock Premium Member

Question 324

Report Export Collapse

You have a Microsoft 365 E5 subscription that contains two users named Userl and User2 and From the Copilot for Security portal, User1 starts a session and creates the following prompts:

* Prompt1: Provides access to the Entra plugin

* Prompt2: Provides access to the Intune plugin

* Prompt3: Provides access to the Entra plugin

User1 shares the session with User2.

User2 does NOT have access to Microsoft Intune.

For which prompts can User2 view results during the shared session?

Become a Premium Member for full access
  Unlock Premium Member

Question 325

Report Export Collapse

HOTSPOT

You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1.

You need to ensure that the incidents in WS1 include a list of actions that must be performed. The solution must meet the following requirements:

* Ensure that you can build a tailored list of actions for each type of incident.

* Minimize administrative effort.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Become a Premium Member for full access
  Unlock Premium Member

Question 326

Report Export Collapse

HOTSPOT

You have a Microsoft Sentinel workspace.

You need to configure the Fusion analytics rule to temporarily supress incidents generated by a Microsoft Defender connector. The solution must meet the following requirements:

* Minimize impact on the ability to detect multistage attacks.

* Minimize administrative effort.

How should you configure the rule? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Become a Premium Member for full access
  Unlock Premium Member

Question 327

Report Export Collapse

You have a Microsoft 365 E5 subscription that contains a device named Device1. From the Microsoft Defender portal, you discover that an alert was triggered for Device1. From the Device inventory page, you isolate Device1. You need to collect a list of installed programs on Device1. What should you do?

Become a Premium Member for full access
  Unlock Premium Member

Question 328

Report Export Collapse

You have a Microsoft 365 E5 subscription and a Microsoft Sentinel workspace. You need to create a KQL query that will combine data from the following sources:

* Microsoft Graph

* Risky users detected by using Microsoft Entra ID Protection

The solution must minimize the volume of data returned. How should the query start?

Become a Premium Member for full access
  Unlock Premium Member

Question 329

Report Export Collapse

You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1. WS1 has the Azure Activity connector and the Microsoft Entra ID connector configured.

You need to investigate which accounts have the most alerts and any corresponding incident information for each alert. The solution must minimize administrative effort What should you do first in WS1?

Become a Premium Member for full access
  Unlock Premium Member

Question 330

Report Export Collapse

HOTSPOT

You have a Microsoft Sentinel workspace.

You need to create playbooks that meet the following requirements:

* Use an automation rule to trigger actions on an entity.

* Call the Entities - Get Hosts action.

Which types of playbooks should you use, and which parameters should you specify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Become a Premium Member for full access
  Unlock Premium Member
Total 335 questions
Go to page: of 34
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have a Microsoft 365 subscription that contains 1,000 Windows 10 devices. The devices have Microsoft Office 365 installed. You need to mitigate the following device threats: Microsoft Excel macros that download scripts from untrusted websites Users that open executable attachments in Microsoft Outlook Outlook rules and forms exploits What should you use?
HOTSPOT You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have an Azure DevOps organization named AzDO1. You need to integrate Sub! and AzDO1. The solution must meet the following requirements: * Detect secrets exposed in pipelines by using Defender for Cloud. * Minimize administrative effort.
DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
HOTSPOT You have an Azure DevOps organization that uses Microsoft Defender for DevOps. The organization contains an Azure DevOps repository named Repo1 and an Azure Pipelines pipeline named Pipeline1. Pipeline1 is used to build and deploy code stored in Repo1. You need to ensure that when Pipeline1 runs, Microsoft Defender for Cloud can perform secret scanning of the code in Repo1. What should you install in the organization, and what should you add to the YAML file of Pipeline'!? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscription. You need to use Defender for Cloud to protect on-premises computers. What should you do on the on-premises computers?
You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a user named User1. You need to ensure that User1 can manage Microsoft Defender XDR custom detection rules and Endpoint security policies. The solution must follow the principle of least privilege. Which role should you assign to User1?
HOTSPOT You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours. how should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.
DRAG DROP You have a Microsoft Sentinel workspace that contains the following Advanced Security Information Model (ASIM) parsers: * _Im_ProcessCreate * InProceessCreate You create a new source-specific parser named vimProcessCreate. You need to modify the parsers to meet the following requirements: * Call all the ProcessCreate parsers. * Standardize fields to the Process schema. Which parser should you modify to meet each requirement? To answer, drag the appropriate parsers to the correct requirements. tach parser may be used once, more than once, or not at all You may need to drag the split bar between panes or scroll to view content. NOTE Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that contains 100 Linux devices. The devices are onboarded to Microsoft Defender 365. You need to initiate the collection of investigation packages from the devices by using the Microsoft 365 Defender portal. Which response action should you use?
HOTSPOT You have a Microsoft Sentinel workspace. You need to create a KQL query that will identify successful sign-ins from multiple countries during the last three hours. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point