ExamGecko
Search Search Login
Home Home / Microsoft / SC-200

Microsoft SC-200 Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have an Azure DevOps organization named AzDO1. You need to integrate Sub! and AzDO1. The solution must meet the following requirements: * Detect secrets exposed in pipelines by using Defender for Cloud. * Minimize administrative effort.
DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
HOTSPOT You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours. how should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.
HOTSPOT You have an Azure DevOps organization that uses Microsoft Defender for DevOps. The organization contains an Azure DevOps repository named Repo1 and an Azure Pipelines pipeline named Pipeline1. Pipeline1 is used to build and deploy code stored in Repo1. You need to ensure that when Pipeline1 runs, Microsoft Defender for Cloud can perform secret scanning of the code in Repo1. What should you install in the organization, and what should you add to the YAML file of Pipeline'!? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You have a Microsoft Sentinel workspace that has a default data retention period of 30 days. The workspace contains two custom tables as shown in the following table. Each table ingested two records per day during the past 365 days. You build KQL statements for use in analytic rules as shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscription. You need to use Defender for Cloud to protect on-premises computers. What should you do on the on-premises computers?
HOTSPOT You have an Azure subscription that uses Microsoft Defender for Cloud and contains an Azure logic app named app1. You need to ensure that app1 launches when a specific Defender for Cloud security alert is generated. How should you complete the Azure Resource Manager (ARM) template? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR. You need to ensure that you can investigate threats by using data in the unified audit log of Microsoft Defender for Cloud Apps. What should you configure first?
You have a Microsoft 365 subscription that uses Microsoft 365 Defender. You plan to create a hunting query from Microsoft Defender. You need to create a custom tracked query that will be used to assess the threat status of the subscription. From the Microsoft 365 Defender portal, which page should you use to create the query?
HOTSPOT You have an Azure subscription that uses Microsoft Defender for Cloud. You create a Google Cloud Platform (GCP) organization named GCP1. You need to onboard GCP1 to Defender for Cloud by using the native cloud connector. The solution must ensure that all future GCP projects are onboarded automatically. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Question 31

Report
Export
Collapse

You use Azure Sentinel.

You need to receive an immediate alert whenever Azure Storage account keys are enumerated.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

Create a livestream

A.

Create a livestream

Answers
B.

Add a data connector

B.

Add a data connector

Answers
C.

Create an analytics rule

C.

Create an analytics rule

Answers
D.

Create a hunting query.

D.

Create a hunting query.

Answers
E.

Create a bookmark.

E.

Create a bookmark.

Answers
Suggested answer: B, C

Explanation:

B: To add a data connector, you would use the Azure Sentinel data connectors feature to connect to your Azure subscription and to configure log data collection for Azure Storage account key enumeration events.C: After adding the data connector, you need to create an analytics rule to analyze the log data from the Azure storage connector, looking for the specific event of Azure storage account keys enumeration. This rule will trigger an alert when it detects the specific event, allowing you to take immediate action.

Question 32

Report
Export
Collapse

You have an existing Azure logic app that is used to block Azure Active Directory (Azure AD) users. The logic app is triggered manually.

You deploy Azure Sentinel.

You need to use the existing logic app as a playbook in Azure Sentinel.

What should you do first?

A.

And a new scheduled query rule.

A.

And a new scheduled query rule.

Answers
B.

Add a data connector to Azure Sentinel.

B.

Add a data connector to Azure Sentinel.

Answers
C.

Configure a custom Threat Intelligence connector in Azure Sentinel.

C.

Configure a custom Threat Intelligence connector in Azure Sentinel.

Answers
D.

Modify the trigger in the logic app.

D.

Modify the trigger in the logic app.

Answers
Suggested answer: B

Question 33

Report
Export
Collapse

Your company uses Azure Sentinel to manage alerts from more than 10,000 loT devices.

A security manager at the company reports that tracking security threats is increasingly difficult due to the large number of incidents.

You need to recommend a solution to provide a custom visualization to simplify the investigation of threats and to infer threats by using machine learning. What should you include in the recommendation?

A.

built-in queries

A.

built-in queries

Answers
B.

livestream

B.

livestream

Answers
C.

notebooks

C.

notebooks

Answers
D.

bookmarks

D.

bookmarks

Answers
Suggested answer: C

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/sentinel/notebooks

Question 34

Report
Export
Collapse

You have a playbook in Azure Sentinel.

When you trigger the playbook, it sends an email to a distribution group.

You need to modify the playbook to send the email to the owner of the resource instead of the distribution group.

What should you do?

A.

Add a parameter and modify the trigger.

A.

Add a parameter and modify the trigger.

Answers
B.

Add a custom data connector and modify the trigger.

B.

Add a custom data connector and modify the trigger.

Answers
C.

Add a condition and modify the action.

C.

Add a condition and modify the action.

Answers
D.

Add an alert and modify the action.

D.

Add an alert and modify the action.

Answers
Suggested answer: D

Explanation:

Expl anation/Refere nee:

Reference:

https://azsec.azu rewebsites .net/202(y01/19/notifv-azure-sentinel-alert-to-vour-email-automaticallv/

Question 35

Report
Export
Collapse

You provision Azure Sentinel for a new Azure subscription.

You are configuring the Security Events connector.

While creating a new rule from a template in the connector, you decide to generate a new alert for every event.

You create the following rule query.

By which two components can you group alerts into incidents? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A.

user

A.

user

Answers
B.

resource group

B.

resource group

Answers
C.

IP address

C.

IP address

Answers
D.

computer

D.

computer

Answers
Suggested answer: C, D

Question 36

Report
Export
Collapse

Your company stores the data for every project in a different Azure subscription. All the subscriptions use the same Azure Active Directory (Azure AD) tenant.

Every project consists of multiple Azure virtual machines that run Windows Server. The Windows events of the virtual machines are stored in a Log Analytics workspace in each machine's respective subscription.

You deploy Azure Sentinel to a new Azure subscription.

You need to perform hunting queries in Azure Sentinel to search across all the Log Analytics workspaces of all the subscriptions.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

Add the Security Events connector to the Azure Sentinel workspace.

A.

Add the Security Events connector to the Azure Sentinel workspace.

Answers
B.

Create a query that uses the workspace expression and the union operator.

B.

Create a query that uses the workspace expression and the union operator.

Answers
C.

Use the alias statement.

C.

Use the alias statement.

Answers
D.

Create a query that uses the resource expression and the alias operator.

D.

Create a query that uses the resource expression and the alias operator.

Answers
E.

Add the Azure Sentinel solution to each workspace.

E.

Add the Azure Sentinel solution to each workspace.

Answers
Suggested answer: B, E

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/sentinel/extend-sentinel-across-workspaces-tenants

Question 37

Report
Export
Collapse

You have an Azure Sentinel workspace.

You need to test a playbook manually in the Azure portal.

From where can you run the test in Azure Sentinel?

A.

Playbooks

A.

Playbooks

Answers
B.

Analytics

B.

Analytics

Answers
C.

Threat intelligence

C.

Threat intelligence

Answers
D.

Incidents

D.

Incidents

Answers
Suggested answer: D

Explanation:

Reference:

https://docs.microsoft.eom/en-us/azure/sentinel/tutorial-respond-threats-playbook#run-a-playbook-on-demand

Question 38

Report
Export
Collapse

You have a custom analytics rule to detect threats in Azure Sentinel.

You discover that the analytics rule stopped running. The rule was disabled, and the rule name has a prefix of AUTO DISABLED.

What is a possible cause of the issue?

A.

There are connectivity issues between the data sources and Log Analytics.

A.

There are connectivity issues between the data sources and Log Analytics.

Answers
B.

The number of alerts exceeded 10,000 within two minutes.

B.

The number of alerts exceeded 10,000 within two minutes.

Answers
C.

The rule query takes too long to run and times out.

C.

The rule query takes too long to run and times out.

Answers
D.

Permissions to one of the data sources of the rule query were modified.

D.

Permissions to one of the data sources of the rule query were modified.

Answers
Suggested answer: D

Explanation:

Reference: https: //doc s. m ic rosoft. co m/en-u s/azu re/se ntine l/tutorial-detect-th reats-c ustom

Question 39

Report
Export
Collapse

Your company uses Azure Sentinel.

A new security analyst reports that she cannot assign and resolve incidents in Azure Sentinel.

You need to ensure that the analyst can assign and resolve incidents. The solution must use the principle of least privilege.

Which role should you assign to the analyst?

A.

Azure Sentinel Responder

A.

Azure Sentinel Responder

Answers
B.

Logic App Contributor

B.

Logic App Contributor

Answers
C.

Azure Sentinel Contributor

C.

Azure Sentinel Contributor

Answers
D.

Azure Sentinel Reader

D.

Azure Sentinel Reader

Answers
Suggested answer: A

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/sentinel/roles

Question 40

Report
Export
Collapse

You recently deployed Azure Sentinel.

You discover that the default Fusion rule does not generate any alerts. You verify that the rule is enabled.

You need to ensure that the Fusion rule can generate alerts.

What should you do?

A.

Disable, and then enable the rule.

A.

Disable, and then enable the rule.

Answers
B.

Add data connectors

B.

Add data connectors

Answers
C.

Create a new machine learning analytics rule.

C.

Create a new machine learning analytics rule.

Answers
D.

Add a hunting bookmark.

D.

Add a hunting bookmark.

Answers
Suggested answer: B

Explanation:

Reference:

https://docs.micrQsoft.com/en-us/azure/sentinekconnect-data-sources

Total 295 questions
Go to page: of 30
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms