ExamGecko
Home / Microsoft / SC-200 / List of questions
Ask Question

Microsoft SC-200 Practice Test - Questions Answers, Page 9

List of questions

Question 81

Report
Export
Collapse

You are configuring Microsoft Cloud App Security.

You have a custom threat detection policy based on the IP address ranges of your company’s United States-based offices.

You receive many alerts related to impossible travel and sign-ins from risky IP addresses.

You determine that 99% of the alerts are legitimate sign-ins from your corporate offices.

You need to prevent alerts for legitimate sign-ins from known locations.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Override automatic data enrichment.

Override automatic data enrichment.

Add the IP addresses to the corporate address range category.

Add the IP addresses to the corporate address range category.

Increase the sensitivity level of the impossible travel anomaly detection policy.

Increase the sensitivity level of the impossible travel anomaly detection policy.

Add the IP addresses to the other address range category and add a tag.

Add the IP addresses to the other address range category and add a tag.

Create an activity policy that has an exclusion for the IP addresses.

Create an activity policy that has an exclusion for the IP addresses.

Suggested answer: A, D
asked 05/10/2024
Georgescu Andrei
39 questions

Question 82

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

Solution: You add each account as a Sensitive account.

Does this meet the goal?

Yes

Yes

No

No

Suggested answer: B

Explanation:

Reference:

https://docs.microsoft.com/en-us/defender-for-identity/manage-sensitive-honeytoken-accounts

asked 05/10/2024
Priti Agrawal
33 questions

Question 83

Report
Export
Collapse

You have a Microsoft 365 tenant that uses Microsoft Exchange Online and Microsoft Defender for Office 365.

What should you use to identify whether zero-hour auto purge (ZAP) moved an email message from the mailbox of a user?

the Threat Protection Status report in Microsoft Defender for Office 365

the Threat Protection Status report in Microsoft Defender for Office 365

the mailbox audit log in Exchange

the mailbox audit log in Exchange

the Safe Attachments file types report in Microsoft Defender for Office 365

the Safe Attachments file types report in Microsoft Defender for Office 365

the mail flow report in Exchange

the mail flow report in Exchange

Suggested answer: A

Explanation:

To determine if ZAP moved your message, you can use either the Threat Protection Status report or Threat Explorer (and real-time detections).

Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge? view=o365-worldwide

asked 05/10/2024
Arslan Sheik
37 questions

Question 84

Report
Export
Collapse

You have a Microsoft 365 subscription that contains 1,000 Windows 10 devices. The devices have Microsoft Office 365 installed.

You need to mitigate the following device threats:

Microsoft Excel macros that download scripts from untrusted websites

Users that open executable attachments in Microsoft Outlook Outlook rules and forms exploits What should you use?

Microsoft Defender Antivirus

Microsoft Defender Antivirus

attack surface reduction rules in Microsoft Defender for Endpoint

attack surface reduction rules in Microsoft Defender for Endpoint

Windows Defender Firewall

Windows Defender Firewall

adaptive application control in Azure Defender

adaptive application control in Azure Defender

Suggested answer: B

Explanation:

Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/overview-attack-surfacereduction?view=o365- worldwide

asked 05/10/2024
taheireem shaikh
35 questions

Question 85

Report
Export
Collapse

Which rule setting should you configure to meet the Microsoft Sentinel requirements?

From Set rule logic, turn off suppression

From Set rule logic, turn off suppression

From Analytic rule details, configure the tactics.

From Analytic rule details, configure the tactics.

From Set rule logic, map the entities

From Set rule logic, map the entities

From Analytic rule details, configure the severity.

From Analytic rule details, configure the severity.

Suggested answer: A
asked 05/10/2024
Armindo Malafaia Neto
35 questions

Question 86

Report
Export
Collapse

You need to modify the anomaly detection policy settings to meet the Microsoft Defender for Cloud Apps requirements and resolve the reported problem.

Which policy should you modify?

Activity from suspicious IP addresses

Activity from suspicious IP addresses

Risky sign-in

Risky sign-in

Activity from anonymous IP addresses

Activity from anonymous IP addresses

Impossible travel

Impossible travel

Suggested answer: D
asked 05/10/2024
Rafal Wozniak
37 questions

Question 87

Report
Export
Collapse

You need to configure event monitoring for Server1. The solution must meet the Microsoft Sentinel requirements. What should you create first?

a Microsoft Sentinel automation rule

a Microsoft Sentinel automation rule

a Microsoft Sentinel scheduled query rule

a Microsoft Sentinel scheduled query rule

a Data Collection Rule (DCR)

a Data Collection Rule (DCR)

an Azure Event Grid topic

an Azure Event Grid topic

Suggested answer: C
asked 05/10/2024
David Galiata
32 questions

Question 88

Report
Export
Collapse

You need to implement the Defender for Cloud requirements.

What should you configure for Server2?

the Microsoft Antimalware extension

the Microsoft Antimalware extension

an Azure resource lock

an Azure resource lock

an Azure resource tag

an Azure resource tag

the Azure Automanage machine configuration extension for Windows

the Azure Automanage machine configuration extension for Windows

Suggested answer: D
asked 05/10/2024
Ivan Dujmic
52 questions

Question 89

Report
Export
Collapse

HOTSPOT

You need to implement the ASIM query for DNS requests. The solution must meet the Microsoft Sentinel requirements. How should you configure the query? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.


Microsoft SC-200 image Question 89 107803 10052024010847000
Correct answer: Microsoft SC-200 image answer Question 89 107803 10052024010847000
asked 05/10/2024
Slawomir Kucharski
30 questions

Question 90

Report
Export
Collapse

HOTSPOT

You need to implement the query for Workbook1 and Webapp1. The solution must meet the Microsoft Sentinel requirements. How should you configure the query? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.


Microsoft SC-200 image Question 90 107804 10052024010847000
Correct answer: Microsoft SC-200 image answer Question 90 107804 10052024010847000
asked 05/10/2024
Anna Panagiotidou
34 questions
Total 307 questions
Go to page: of 31
Search

Related questions