SC-200 exam

You need to create the test rule to meet the Azure Sentinel requirements. What should you do when you create the rule?A . From Set rule logic, turn off suppression. B. From Analytics rule details, configure the tactics. C. From Set rule logic, map the entities. D. From Analytics rule...

You have the following advanced hunting query in Microsoft 365 Defender. You need to receive an alert when any process disables System Restore on a device managed by Microsoft Defender during the last 24 hours. Which two actions should you perform? Each correct answer presents part of the solution. NOTE:...

HOTSPOT You need to implement Azure Defender to meet the Azure Defender requirements and the business requirements. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer: Explanation: Graphical user interface, application Description...

You need to modify the anomaly detection policy settings to meet the Cloud App Security requirements. Which policy should you modify?A . Activity from suspicious IP addresses B. Activity from anonymous IP addresses C. Impossible travel D. Risky sign-inView AnswerAnswer: C Explanation: Reference: https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy

Your company has an on-premises network that uses Microsoft Defender for Identity. The Microsoft Secure Score for the company includes a security assessment associated with unsecure Kerberos delegation. You need remediate the security risk. What should you do?A . Install the Local Administrator Password Solution (LAPS) extension on the computers...

A security administrator receives email alerts from Azure Defender for activities such as potential malware uploaded to a storage account and potential successful brute force attacks. The security administrator does NOT receive email alerts for activities such as antimalware action failed and suspicious network activity. The alerts appear in Azure...

HOTSPOT You have a Microsoft Sentinel workspace named Workspaces You configure Workspace1 to collect DNS events and deploy the Advanced Security information Model (ASIM) unifying parser for the DNS schema. You need to query the ASIM DNS schema to list all the DNS events from the last 24 hours that...

You create a hunting query in Azure Sentinel. You need to receive a notification in the Azure portal as soon as the hunting query detects a match on the query. The solution must minimize effort. What should you use?A . a playbook B. a notebook C. a livestream D. a...

DRAG DROP You need to add notes to the events to meet the Azure Sentinel requirements. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of action to the answer area and arrange them in the correct order. View AnswerAnswer: Explanation: Graphical...

HOTSPOT You use Azure Sentinel to monitor irregular Azure activity. You create custom analytics rules to detect threats as shown in the following exhibit. You do NOT define any incident settings as part of the rule definition. Use the drop-down menus to select the answer choice that completes each statement...