ExamGecko
Home / Microsoft / SC-200 / List of questions
Ask Question

Microsoft SC-200 Practice Test - Questions Answers, Page 33

Add to Whishlist

List of questions

Question 321

Report Export Collapse

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.

You discover that when Microsoft Defender for Endpoint generates alerts for a commonly used executable file, it causes alert fatigue. You need to tune the alerts.

Which two actions can an alert tuning rule perform for the alerts?

Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Become a Premium Member for full access
  Unlock Premium Member

Question 322

Report Export Collapse

You have a Microsoft 365 subscription.

You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode.

You need to ensure that the devices are protected from malicious artifacts that were undetected by the third -party antivirus product.

Solution: You configure endpoint detection and response (EDR) in block mode.

Does this meet the goal?

Become a Premium Member for full access
  Unlock Premium Member

Question 323

Report Export Collapse

You have a Microsoft 365 subscription.

You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode. You need to ensure that the devices are protected from malicious artifacts that were undetected by the third-party antivirus product. Solution: You configure Controlled folder access. Does this meet the goal?

Become a Premium Member for full access
  Unlock Premium Member

Question 324

Report Export Collapse

You have a Microsoft 365 E5 subscription that contains two users named Userl and User2 and From the Copilot for Security portal, User1 starts a session and creates the following prompts:

* Prompt1: Provides access to the Entra plugin

* Prompt2: Provides access to the Intune plugin

* Prompt3: Provides access to the Entra plugin

User1 shares the session with User2.

User2 does NOT have access to Microsoft Intune.

For which prompts can User2 view results during the shared session?

Become a Premium Member for full access
  Unlock Premium Member

Question 325

Report Export Collapse

HOTSPOT

You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1.

You need to ensure that the incidents in WS1 include a list of actions that must be performed. The solution must meet the following requirements:

* Ensure that you can build a tailored list of actions for each type of incident.

* Minimize administrative effort.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Become a Premium Member for full access
  Unlock Premium Member

Question 326

Report Export Collapse

HOTSPOT

You have a Microsoft Sentinel workspace.

You need to configure the Fusion analytics rule to temporarily supress incidents generated by a Microsoft Defender connector. The solution must meet the following requirements:

* Minimize impact on the ability to detect multistage attacks.

* Minimize administrative effort.

How should you configure the rule? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Become a Premium Member for full access
  Unlock Premium Member

Question 327

Report Export Collapse

You have a Microsoft 365 E5 subscription that contains a device named Device1. From the Microsoft Defender portal, you discover that an alert was triggered for Device1. From the Device inventory page, you isolate Device1. You need to collect a list of installed programs on Device1. What should you do?

Become a Premium Member for full access
  Unlock Premium Member

Question 328

Report Export Collapse

You have a Microsoft 365 E5 subscription and a Microsoft Sentinel workspace. You need to create a KQL query that will combine data from the following sources:

* Microsoft Graph

* Risky users detected by using Microsoft Entra ID Protection

The solution must minimize the volume of data returned. How should the query start?

Become a Premium Member for full access
  Unlock Premium Member

Question 329

Report Export Collapse

You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1. WS1 has the Azure Activity connector and the Microsoft Entra ID connector configured.

You need to investigate which accounts have the most alerts and any corresponding incident information for each alert. The solution must minimize administrative effort What should you do first in WS1?

Become a Premium Member for full access
  Unlock Premium Member

Question 330

Report Export Collapse

HOTSPOT

You have a Microsoft Sentinel workspace.

You need to create playbooks that meet the following requirements:

* Use an automation rule to trigger actions on an entity.

* Call the Entities - Get Hosts action.

Which types of playbooks should you use, and which parameters should you specify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Become a Premium Member for full access
  Unlock Premium Member
Total 335 questions
Go to page: of 34
Search

Related questions