ExamGecko
Search Search Login
Home Home / Microsoft / SC-200

Microsoft SC-200 Practice Test - Questions Answers, Page 9

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have an Azure DevOps organization named AzDO1. You need to integrate Sub! and AzDO1. The solution must meet the following requirements: * Detect secrets exposed in pipelines by using Defender for Cloud. * Minimize administrative effort.
DRAG DROP You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
HOTSPOT You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours. how should you complete the query? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.
HOTSPOT You have an Azure DevOps organization that uses Microsoft Defender for DevOps. The organization contains an Azure DevOps repository named Repo1 and an Azure Pipelines pipeline named Pipeline1. Pipeline1 is used to build and deploy code stored in Repo1. You need to ensure that when Pipeline1 runs, Microsoft Defender for Cloud can perform secret scanning of the code in Repo1. What should you install in the organization, and what should you add to the YAML file of Pipeline'!? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You create an Azure subscription. You enable Microsoft Defender for Cloud for the subscription. You need to use Defender for Cloud to protect on-premises computers. What should you do on the on-premises computers?
You have a Microsoft 365 subscription that uses Microsoft 365 Defender. You plan to create a hunting query from Microsoft Defender. You need to create a custom tracked query that will be used to assess the threat status of the subscription. From the Microsoft 365 Defender portal, which page should you use to create the query?
HOTSPOT You have an Azure subscription that uses Microsoft Defender for Cloud and contains an Azure logic app named app1. You need to ensure that app1 launches when a specific Defender for Cloud security alert is generated. How should you complete the Azure Resource Manager (ARM) template? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR. You need to ensure that you can investigate threats by using data in the unified audit log of Microsoft Defender for Cloud Apps. What should you configure first?
HOTSPOT You have a Microsoft Sentinel workspace that has a default data retention period of 30 days. The workspace contains two custom tables as shown in the following table. Each table ingested two records per day during the past 365 days. You build KQL statements for use in analytic rules as shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT You have an Azure subscription that uses Microsoft Defender for Cloud. You create a Google Cloud Platform (GCP) organization named GCP1. You need to onboard GCP1 to Defender for Cloud by using the native cloud connector. The solution must ensure that all future GCP projects are onboarded automatically. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Question 81

Report
Export
Collapse

You are configuring Microsoft Cloud App Security.

You have a custom threat detection policy based on the IP address ranges of your company’s United States-based offices.

You receive many alerts related to impossible travel and sign-ins from risky IP addresses.

You determine that 99% of the alerts are legitimate sign-ins from your corporate offices.

You need to prevent alerts for legitimate sign-ins from known locations.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

Override automatic data enrichment.

A.

Override automatic data enrichment.

Answers
B.

Add the IP addresses to the corporate address range category.

B.

Add the IP addresses to the corporate address range category.

Answers
C.

Increase the sensitivity level of the impossible travel anomaly detection policy.

C.

Increase the sensitivity level of the impossible travel anomaly detection policy.

Answers
D.

Add the IP addresses to the other address range category and add a tag.

D.

Add the IP addresses to the other address range category and add a tag.

Answers
E.

Create an activity policy that has an exclusion for the IP addresses.

E.

Create an activity policy that has an exclusion for the IP addresses.

Answers
Suggested answer: A, D

Question 82

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

Solution: You add each account as a Sensitive account.

Does this meet the goal?

A.

Yes

A.

Yes

Answers
B.

No

B.

No

Answers
Suggested answer: B

Explanation:

Reference:

https://docs.microsoft.com/en-us/defender-for-identity/manage-sensitive-honeytoken-accounts

Question 83

Report
Export
Collapse

You have a Microsoft 365 tenant that uses Microsoft Exchange Online and Microsoft Defender for Office 365.

What should you use to identify whether zero-hour auto purge (ZAP) moved an email message from the mailbox of a user?

A.

the Threat Protection Status report in Microsoft Defender for Office 365

A.

the Threat Protection Status report in Microsoft Defender for Office 365

Answers
B.

the mailbox audit log in Exchange

B.

the mailbox audit log in Exchange

Answers
C.

the Safe Attachments file types report in Microsoft Defender for Office 365

C.

the Safe Attachments file types report in Microsoft Defender for Office 365

Answers
D.

the mail flow report in Exchange

D.

the mail flow report in Exchange

Answers
Suggested answer: A

Explanation:

To determine if ZAP moved your message, you can use either the Threat Protection Status report or Threat Explorer (and real-time detections).

Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge? view=o365-worldwide

Question 84

Report
Export
Collapse

You have a Microsoft 365 subscription that contains 1,000 Windows 10 devices. The devices have Microsoft Office 365 installed.

You need to mitigate the following device threats:

Microsoft Excel macros that download scripts from untrusted websites

Users that open executable attachments in Microsoft Outlook Outlook rules and forms exploits What should you use?

A.

Microsoft Defender Antivirus

A.

Microsoft Defender Antivirus

Answers
B.

attack surface reduction rules in Microsoft Defender for Endpoint

B.

attack surface reduction rules in Microsoft Defender for Endpoint

Answers
C.

Windows Defender Firewall

C.

Windows Defender Firewall

Answers
D.

adaptive application control in Azure Defender

D.

adaptive application control in Azure Defender

Answers
Suggested answer: B

Explanation:

Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/overview-attack-surfacereduction?view=o365- worldwide

Question 85

Report
Export
Collapse

Which rule setting should you configure to meet the Microsoft Sentinel requirements?

A.

From Set rule logic, turn off suppression

A.

From Set rule logic, turn off suppression

Answers
B.

From Analytic rule details, configure the tactics.

B.

From Analytic rule details, configure the tactics.

Answers
C.

From Set rule logic, map the entities

C.

From Set rule logic, map the entities

Answers
D.

From Analytic rule details, configure the severity.

D.

From Analytic rule details, configure the severity.

Answers
Suggested answer: A

Question 86

Report
Export
Collapse

You need to modify the anomaly detection policy settings to meet the Microsoft Defender for Cloud Apps requirements and resolve the reported problem.

Which policy should you modify?

A.

Activity from suspicious IP addresses

A.

Activity from suspicious IP addresses

Answers
B.

Risky sign-in

B.

Risky sign-in

Answers
C.

Activity from anonymous IP addresses

C.

Activity from anonymous IP addresses

Answers
D.

Impossible travel

D.

Impossible travel

Answers
Suggested answer: D

Question 87

Report
Export
Collapse

You need to configure event monitoring for Server1. The solution must meet the Microsoft Sentinel requirements. What should you create first?

A.

a Microsoft Sentinel automation rule

A.

a Microsoft Sentinel automation rule

Answers
B.

a Microsoft Sentinel scheduled query rule

B.

a Microsoft Sentinel scheduled query rule

Answers
C.

a Data Collection Rule (DCR)

C.

a Data Collection Rule (DCR)

Answers
D.

an Azure Event Grid topic

D.

an Azure Event Grid topic

Answers
Suggested answer: C

Question 88

Report
Export
Collapse

You need to implement the Defender for Cloud requirements.

What should you configure for Server2?

A.

the Microsoft Antimalware extension

A.

the Microsoft Antimalware extension

Answers
B.

an Azure resource lock

B.

an Azure resource lock

Answers
C.

an Azure resource tag

C.

an Azure resource tag

Answers
D.

the Azure Automanage machine configuration extension for Windows

D.

the Azure Automanage machine configuration extension for Windows

Answers
Suggested answer: D

Question 89

Report
Export
Collapse

HOTSPOT

You need to implement the ASIM query for DNS requests. The solution must meet the Microsoft Sentinel requirements. How should you configure the query? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.


Question 89
Correct answer: Question 89

Question 90

Report
Export
Collapse

HOTSPOT

You need to implement the query for Workbook1 and Webapp1. The solution must meet the Microsoft Sentinel requirements. How should you configure the query? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.


Question 90
Correct answer: Question 90
Total 295 questions
Go to page: of 30
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms