Home / Microsoft / SC-200 / List of questions

Ask Question

Microsoft SC-200 Practice Test - Questions Answers, Page 8

Add to Whishlist

List of questions

Question 71

You receive a security bulletin about a potential attack that uses an image file.

You need to create an indicator of compromise (loC) in Microsoft Defender for Endpoint to prevent the attack.

Which indicator type should you use?

a URL/domain indicator that has Action set to Alert only

a URL/domain indicator that has Action set to Alert and block

a file hash indicator that has Action set to Alert and block

a certificate indicator that has Action set to Alert and block

Show Answer Comment (0)

Question 72

Your company deploys the following services:

Microsoft Defender for Identity

Microsoft Defender for Endpoint

Microsoft Defender for Office 365

You need to provide a security analyst with the ability to use the Microsoft 365 security center. The analyst must be able to approve and reject pending actions generated by Microsoft Defender for Endpoint. The solution must use the principle of least privilege.

Which two roles should assign to the analyst? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

the Compliance Data Administrator in Azure Active Directory (Azure AD)

the Active remediation actions role in Microsoft Defender for Endpoint

the Security Administrator role in Azure Active Directory (Azure AD)

the Security Reader role in Azure Active Directory (Azure AD)

Show Answer Comment (0)

Question 73

DRAG DROP

You are investigating an incident by using Microsoft 365 Defender.

You need to create an advanced hunting query to count failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Microsoft SC-200 image Question 73 107787 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 73 107787 10052024010847000

asked 05/10/2024

Azahar Basri

29 questions

Question 74

DRAG DROP

You open the Cloud App Security portal as shown in the following exhibit.

Microsoft SC-200 image Question 14 107788 10052024010847000000

Your environment does NOT have Microsoft Defender for Endpoint enabled.

You need to remediate the risk for the Launchpad app.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Microsoft SC-200 image Question 74 107788 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 74 107788 10052024010847000

Explanation:

Reference:

https://docs.microsoft.com/en-us/cloud-app-security/governance-discovery

asked 05/10/2024

Ali Alaqoul

41 questions

Question 75

HOTSPOT

You have a Microsoft 365 E5 subscription.

You plan to perform cross-domain investigations by using Microsoft 365 Defender.

You need to create an advanced hunting query to identify devices affected by a malicious email attachment.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Microsoft SC-200 image Question 75 107789 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 75 107789 10052024010847000

Explanation:

Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-query-emails-devices?view=o365-worldwide

asked 05/10/2024

Alvaro Campos

42 questions

Question 76

HOTSPOT

You are informed of an increase in malicious email being received by users.

You need to create an advanced hunting query in Microsoft 365 Defender to identify whether the accounts of the email recipients were compromised. The query must return the most recent 20 sign-ins performed by the recipients within an hour of receiving the known malicious email.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Microsoft SC-200 image Question 76 107790 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 76 107790 10052024010847000

Explanation:

Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/defender/advanced-hunting-query-emails-devices?view=o365-worldwide

asked 05/10/2024

Tarnauceanu Diana

44 questions

Question 77

HOTSPOT

You have a Microsoft 365 E5 subscription that uses Microsoft Defender and an Azure subscription that uses Azure Sentinel.

You need to identify all the devices that contain files in emails sent by a known malicious email sender. The query will be based on the match of the SHA256 hash.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Microsoft SC-200 image Question 77 107791 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 77 107791 10052024010847000

Explanation:

Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/defender/advanced-hunting-query-emails-devices?view=o365-worldwide

asked 05/10/2024

Shivanth Jha

43 questions

Question 78

You need to configure Microsoft Cloud App Security to generate alerts and trigger remediation actions in response to external sharing of confidential files.

Which two actions should you perform in the Cloud App Security portal? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

From Settings, select Information Protection, select Azure Information Protection, and then select Only scan files for Azure Information Protection classification labels and content inspection warnings from this tenant.

Select Investigate files, and then filter App to Office 365.

Select Investigate files, and then select New policy from search.

From Settings, select Information Protection, select Azure Information Protection, and then select Automatically scan new files for Azure Information Protection classification labels and content inspection warnings.

From Settings, select Information Protection, select Files, and then enable file monitoring.

Select Investigate files, and then filter File Type to Document.

Show Answer Comment (0)

Question 79

HOTSPOT

You purchase a Microsoft 365 subscription.

You plan to configure Microsoft Cloud App Security.

You need to create a custom template-based policy that detects connections to Microsoft 365 apps that originate from a botnet network.

What should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Microsoft SC-200 image Question 79 107793 10052024010847000

Show Answer Comment (0)

Correct answer: Microsoft SC-200 image answer Question 79 107793 10052024010847000

Explanation:

Reference:

https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy

asked 05/10/2024

Edward Morgan

44 questions

Question 80

Your company has a single office in Istanbul and a Microsoft 365 subscription.

The company plans to use conditional access policies to enforce multi-factor authentication (MFA).

You need to enforce MFA for all users who work remotely.

What should you include in the solution?

a fraud alert

a user risk policy

a named location

a sign-in user policy

Show Answer Comment (0)

Question

Case Study

Question 71 (0)

You receive a security bulletin about a potential attack that uses an image file. You need to create an indicator of compromise (loC) in Microsoft Defender for Endpoint to prevent the attack. Whic

Question 72 (0)

Your company deploys the following services: Microsoft Defender for Identity Microsoft Defender for Endpoint Microsoft Defender for Office 365 You need to provide a security analyst with the abi

Question 73 (0)

DRAG DROP You are investigating an incident by using Microsoft 365 Defender. You need to create an advanced hunting query to count failed sign-in authentications on three devices named CFOLaptop,

Question 74 (0)

DRAG DROP You open the Cloud App Security portal as shown in the following exhibit. Your environment does NOT have Microsoft Defender for Endpoint enabled. You need to remediate the risk for th

Question 75 (0)

HOTSPOT You have a Microsoft 365 E5 subscription. You plan to perform cross-domain investigations by using Microsoft 365 Defender. You need to create an advanced hunting query to identify devices

Question 76 (0)

HOTSPOT You are informed of an increase in malicious email being received by users. You need to create an advanced hunting query in Microsoft 365 Defender to identify whether the accounts of the e

Question 77 (0)

HOTSPOT You have a Microsoft 365 E5 subscription that uses Microsoft Defender and an Azure subscription that uses Azure Sentinel. You need to identify all the devices that contain files in emails

Question 78 (0)

You need to configure Microsoft Cloud App Security to generate alerts and trigger remediation actions in response to external sharing of confidential files. Which two actions should you perform in

Question 79 (0)

HOTSPOT You purchase a Microsoft 365 subscription. You plan to configure Microsoft Cloud App Security. You need to create a custom template-based policy that detects connections to Microsoft 365

Question 80 (0)

Your company has a single office in Istanbul and a Microsoft 365 subscription. The company plans to use conditional access policies to enforce multi-factor authentication (MFA). You need to enforc

Related questions

You have a Microsoft 365 subscription that contains 1,000 Windows 10 devices. The devices have Microsoft Office 365 installed. You need to mitigate the following device threats: Microsoft Excel macros that download scripts from untrusted websites Users that open executable attachments in Microsoft Outlook Outlook rules and forms exploits What should you use?

HOTSPOT You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have an Azure DevOps organization named AzDO1. You need to integrate Sub! and AzDO1. The solution must meet the following requirements: * Detect secrets exposed in pipelines by using Defender for Cloud. * Minimize administrative effort.

DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

HOTSPOT You have an Azure DevOps organization that uses Microsoft Defender for DevOps. The organization contains an Azure DevOps repository named Repo1 and an Azure Pipelines pipeline named Pipeline1. Pipeline1 is used to build and deploy code stored in Repo1. You need to ensure that when Pipeline1 runs, Microsoft Defender for Cloud can perform secret scanning of the code in Repo1. What should you install in the organization, and what should you add to the YAML file of Pipeline'!? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscription. You need to use Defender for Cloud to protect on-premises computers. What should you do on the on-premises computers?

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a user named User1. You need to ensure that User1 can manage Microsoft Defender XDR custom detection rules and Endpoint security policies. The solution must follow the principle of least privilege. Which role should you assign to User1?

HOTSPOT You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours. how should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

DRAG DROP You have a Microsoft Sentinel workspace that contains the following Advanced Security Information Model (ASIM) parsers: * _Im_ProcessCreate * InProceessCreate You create a new source-specific parser named vimProcessCreate. You need to modify the parsers to meet the following requirements: * Call all the ProcessCreate parsers. * Standardize fields to the Process schema. Which parser should you modify to meet each requirement? To answer, drag the appropriate parsers to the correct requirements. tach parser may be used once, more than once, or not at all You may need to drag the split bar between panes or scroll to view content. NOTE Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that contains 100 Linux devices. The devices are onboarded to Microsoft Defender 365. You need to initiate the collection of investigation packages from the devices by using the Microsoft 365 Defender portal. Which response action should you use?

HOTSPOT You have a Microsoft Sentinel workspace. You need to create a KQL query that will identify successful sign-ins from multiple countries during the last three hours. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point

Export

with questions and answers will be exported as:

VPLUS file

PDF file (Demo 30 questions)

Highest scored 'comment-votes'

Your question list is being generated. We'll email you once it’s ready.

If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].