ExamGecko
Login
Home / Microsoft / SC-200 / List of questions
Ask Question

Microsoft SC-200 Practice Test - Questions Answers, Page 7

Add to Whishlist

List of questions

Question 61

Report Export Collapse

You need to receive a security alert when a user attempts to sign in from a location that was nevsr used by the other users in your organization to sign in.

Which anomaly detection policy should you use?

Impossible travel

Impossible travel

Activity from anonymous IP addresses

Activity from anonymous IP addresses

Activity from infrequent country

Activity from infrequent country

Malware detection

Malware detection

Suggested answer: C
Explanation:

Reference:

https://docs.microsoft.com/en-us/cloud-app-security/anomalv-detection-policy

asked 05/10/2024
Joe Moore
46 questions

Question 62

Report Export Collapse

You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.

You have Microsoft SharePoint Online sites that contain sensitive documents. The documents contain customer account numbers that each consists of 32 alphanumeric characters.

You need to create a data loss prevention (DLP) policy to protect the sensitive documents.

What should you use to detect which documents are sensitive?

SharePoint search

SharePoint search

a hunting query in Microsoft 365 Defender

a hunting query in Microsoft 365 Defender

Azure Information Protection

Azure Information Protection

RegEx pattern matching

RegEx pattern matching

Suggested answer: C
Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/information-protection/what-is-information-protection

asked 05/10/2024
Yuwadee Srisathan
43 questions

Question 63

Report Export Collapse

Your company uses line-of-business apps that contain Microsoft Office VBA macros.

You plan to enable protection against downloading and running additional payloads from the Office VBA macros as additional child processes.

You need to identify which Office VBA macros might be affected.

Which two commands can you run to achieve the goal? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.


Microsoft SC-200 image Question 3 Answer 1 107777 10052024010847000000


Microsoft SC-200 image Question 3 Answer 1 107777 10052024010847000000


Microsoft SC-200 image Question 3 Answer 2 107777 10052024010847000000


Microsoft SC-200 image Question 3 Answer 2 107777 10052024010847000000


Microsoft SC-200 image Question 3 Answer 3 107777 10052024010847000000


Microsoft SC-200 image Question 3 Answer 3 107777 10052024010847000000


Microsoft SC-200 image Question 3 Answer 4 107777 10052024010847000000


Microsoft SC-200 image Question 3 Answer 4 107777 10052024010847000000

Suggested answer: B, C
Explanation:

Reference:

https://docs.microsoft.com/en-us/windows/securitv/threat-protection/microsoft-defender-atp/attack-surface-reduction

asked 05/10/2024
Piotr Szwajkowski
41 questions

Question 64

Report Export Collapse

Your company uses Microsoft Defender for Endpoint.

The company has Microsoft Word documents that contain macros. The documents are used frequently on the devices of the company's accounting team.

You need to hide false positive in the Alerts queue, while maintaining the existing security posture.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Resolve the alert automatically.

Resolve the alert automatically.

Hide the alert.

Hide the alert.

Create a suppression rule scoped to any device.

Create a suppression rule scoped to any device.

Create a suppression rule scoped to a device group.

Create a suppression rule scoped to a device group.

Generate the alert.

Generate the alert.

Suggested answer: B, C, E
Explanation:

Reference:

https://docs.microsoft.com/en-us/windows/securitv/threat-protection/microsoft-defender-atp/manaqe-alerts

asked 05/10/2024
charles ratchagaraj
49 questions

Question 65

Report Export Collapse

You have the following advanced hunting query in Microsoft 365 Defender.

Microsoft SC-200 image Question 5 107779 10052024010847000000

You need to receive an alert when any process disables System Restore on a device managed by Microsoft Defender during the last 24 hours.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Create a detection rule.

Create a detection rule.

Create a suppression rule.

Create a suppression rule.

Add | order by Timestamp to the query.

Add | order by Timestamp to the query.

Replace DeviceProcessEvents with DeviceNetworkEvents.

Replace DeviceProcessEvents with DeviceNetworkEvents.

Add Deviceld and Reportldto the output of the query.

Add Deviceld and Reportldto the output of the query.

Suggested answer: A, E
Explanation:

Reference:

https://docs.mic rosoftcom/en-us/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules

asked 05/10/2024
marwan albahar
40 questions

Question 66

Report Export Collapse

You are investigating a potential attack that deploys a new ransomware strain.

You plan to perform automated actions on a group of highly valuable machines that contain sensitive information.

You have three custom device groups.

You need to be able to temporarily group the machines to perform actions on the devices.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Assign a tag to the device group.

Assign a tag to the device group.

Add the device users to the admin role.

Add the device users to the admin role.

Add a tag to the machines.

Add a tag to the machines.

Create a new device group that has a rank of 1.

Create a new device group that has a rank of 1.

Create a new admin role.

Create a new admin role.

Create a new device group that has a rank of 4.

Create a new device group that has a rank of 4.

Suggested answer: A, C, D
Explanation:

Reference: https://docs.microsoft.com/en-us/learn/modules/deploy-microsoft-defender-for-endpoints-environment/4-manaqe-access

asked 05/10/2024
Ahmed Dawoud
48 questions

Question 67

Report Export Collapse

Note: This question-is part of a series of questions that present the same scenario. Each question-in the series contains a unique solution that might meet the stated goals. Some question-sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question-in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

Solution: From Entity tags, you add the accounts as Honeytoken accounts.

Does this meet the goal?

Yes

Yes

No

No

Suggested answer: A
Explanation:

Reference:

https://docs.microsoft.com/en-us/defender-for-identity/manaqe-sensitive-honeytoken-accounts

asked 05/10/2024
junjie wang
44 questions

Question 68

Report Export Collapse

Note: This question-is part of a series of questions that present the same scenario. Each question-in the series contains a unique solution that might meet the stated goals. Some question-sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question-in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

Solution: From Azure AD Identity Protection, you configure the sign-in risk policy.

Does this meet the goal?

Yes

Yes

No

No

Suggested answer: B
Explanation:

Reference:

https://docs.microsoft.com/en-us/defender-for-identity/manaqe-sensitive-honeytoken-accounts

asked 05/10/2024
Alvin Gonzalez
44 questions

Question 69

Report Export Collapse

Note: This question-is part of a series of questions that present the same scenario. Each question-in the series contains a unique solution that might meet the stated goals. Some question-sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question-in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

Solution: You add the accounts to an Active Directory group and add the group as a Sensitive group.

Does this meet the goal?

Yes

Yes

No

No

Suggested answer: B
Explanation:

Reference:

https://docs.microsoft.com/en-us/defender-for-identity/manaqe-sensitive-honeytoken-accounts

asked 05/10/2024
David Ezejimofor
44 questions

Question 70

Report Export Collapse

You implement Safe Attachments policies in Microsoft Defender for Office 365.

Users report that email messages containing attachments take longer than expected to be received.

You need to reduce the amount of time it takes to deliver messages that contain attachments without compromising security. The attachments must be scanned for malware, and any messages that contain malware must be blocked.

What should you configure in the Safe Attachments policies?

Dynamic Delivery

Dynamic Delivery

Replace

Replace

Block and Enable redirect

Block and Enable redirect

Monitor and Enable redirect

Monitor and Enable redirect

Suggested answer: A
Explanation:

Reference:

https://docs.mic rosoft. co m/en-us/microsoft-365/securitv/office-365-security/safe-attachments?view=o365-worldwide

asked 05/10/2024
Max Lenin Dos Santos Torres
52 questions
Total 323 questions
Go to page: of 33
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have a Microsoft 365 subscription that contains 1,000 Windows 10 devices. The devices have Microsoft Office 365 installed. You need to mitigate the following device threats: Microsoft Excel macros that download scripts from untrusted websites Users that open executable attachments in Microsoft Outlook Outlook rules and forms exploits What should you use?
HOTSPOT You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have an Azure DevOps organization named AzDO1. You need to integrate Sub! and AzDO1. The solution must meet the following requirements: * Detect secrets exposed in pipelines by using Defender for Cloud. * Minimize administrative effort.
DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
HOTSPOT You have an Azure DevOps organization that uses Microsoft Defender for DevOps. The organization contains an Azure DevOps repository named Repo1 and an Azure Pipelines pipeline named Pipeline1. Pipeline1 is used to build and deploy code stored in Repo1. You need to ensure that when Pipeline1 runs, Microsoft Defender for Cloud can perform secret scanning of the code in Repo1. What should you install in the organization, and what should you add to the YAML file of Pipeline'!? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscription. You need to use Defender for Cloud to protect on-premises computers. What should you do on the on-premises computers?
You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a user named User1. You need to ensure that User1 can manage Microsoft Defender XDR custom detection rules and Endpoint security policies. The solution must follow the principle of least privilege. Which role should you assign to User1?
HOTSPOT You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours. how should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.
DRAG DROP You have a Microsoft Sentinel workspace that contains the following Advanced Security Information Model (ASIM) parsers: * _Im_ProcessCreate * InProceessCreate You create a new source-specific parser named vimProcessCreate. You need to modify the parsers to meet the following requirements: * Call all the ProcessCreate parsers. * Standardize fields to the Process schema. Which parser should you modify to meet each requirement? To answer, drag the appropriate parsers to the correct requirements. tach parser may be used once, more than once, or not at all You may need to drag the split bar between panes or scroll to view content. NOTE Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that contains 100 Linux devices. The devices are onboarded to Microsoft Defender 365. You need to initiate the collection of investigation packages from the devices by using the Microsoft 365 Defender portal. Which response action should you use?
HOTSPOT You have a Microsoft Sentinel workspace. You need to create a KQL query that will identify successful sign-ins from multiple countries during the last three hours. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point