SC-200 V5

You have an Azure Sentinel deployment in the East US Azure region. You create a Log Analytics workspace named LogsWest in the West US Azure region. You need to ensure that you can use scheduled analytics rules in the existing Azure Sentinel deployment to generate alerts based on queries to...

You implement Safe Attachments policies in Microsoft Defender for Office 365. Users report that email messages containing attachments take longer than expected to be received. You need to reduce the amount of time it takes to deliver messages that contain attachments without compromising security. The attachments must be scanned for...

DRAG DROP You are investigating an incident by using Microsoft 365 Defender. You need to create an advanced hunting query to detect failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE:...

HOTSPOT You need to implement Microsoft Defender for Cloud to meet the Microsoft Defender for Cloud requirements and the business requirements. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer:

You need to complete the query for failed sign-ins to meet the technical requirements. Where can you find the column name to complete the where clause?A . Security alerts in Azure Security Center B. Activity log in Azure C. Azure Advisor D. the query windows of the Log Analytics workspaceView...

DRAG DROP You have 50 on-premises servers. You have an Azure subscription that uses Microsoft Defender for Cloud. The Defender for Cloud deployment has Microsoft Defender for Servers and automatic provisioning enabled. You need to configure Defender for Cloud to support the on-premises servers. The solution must meet the following...

HOTSPOT You have an Azure subscription that uses Azure Defender. You plan to use Azure Security Center workflow automation to respond to Azure Defender threat alerts. You need to create an Azure policy that will perform threat remediation automatically. What should you include in the solution? To answer, select the...

You need to implement the Azure Information Protection requirements. What should you configure first?A . Device health and compliance reports settings in Microsoft Defender Security Center B. scanner clusters in Azure Information Protection from the Azure portal C. content scan jobs in Azure Information Protection from the Azure portal D....

You have a Microsoft 365 tenant that uses Microsoft Exchange Online and Microsoft Defender for Office 365. What should you use to identify whether zero-hour auto purge (ZAP) moved an email message from the mailbox of a user?A . the Threat Protection Status report in Microsoft Defender for Office 365...

You create a custom analytics rule to detect threats in Azure Sentinel. You discover that the rule fails intermittently. What are two possible causes of the failures? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.A . The rule query takes too long...