SC-200 exam

DRAG DROP You are investigating an incident by using Microsoft 365 Defender. You need to create an advanced hunting query to count failed sign-in authentications on three devices named CFOLaptop. CEOLaptop, and COOLaptop. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE...

You use Azure Sentinel. You need to receive an immediate alert whenever Azure Storage account keys are enumerated. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.A . Create a livestream B. Add a data connector C....

You recently deployed Azure Sentinel. You discover that the default Fusion rule does not generate any alerts. You verify that the rule is enabled. You need to ensure that the Fusion rule can generate alerts. What should you do?A . Disable, and then enable the rule. B. Add data connectors...

HOTSPOT You have an Azure subscription that has Azure Defender enabled for all supported resource types. You create an Azure logic app named LA1. You plan to use LA1 to automatically remediate security risks detected in Azure Security Center. You need to test LA1 in Security Center. What should you...

Your company uses line-of-business apps that contain Microsoft Office VBA macros. You plan to enable protection against downloading and running additional payloads from the Office VBA macros as additional child processes. You need to identify which Office VBA macros might be affected. Which two commands can you run to achieve...

DRAG DROP You have 50 on-premises servers. You have an Azure subscription that uses Microsoft Defender for Cloud. The Defender for Cloud deployment has Microsoft Defender for Servers and automatic provisioning enabled. You need to configure Defender for Cloud to support the on-premises servers. The solution must meet the following...

DRAG DROP You need to configure DC1 to meet the business requirements. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. View AnswerAnswer: Explanation: Text Description automatically generated with...

You have an Azure subscription that uses Microsoft Sentinel. You need to create a custom report that will visualise sign-in information over time. What should you create first?A . a workbook B. a hunting query C. a notebook D. a playbookView AnswerAnswer: A Explanation: A workbook is a data-driven interactive...

HOTSPOT You have a Microsoft Sentinel workspace named Workspaces You configure Workspace1 to collect DNS events and deploy the Advanced Security information Model (ASIM) unifying parser for the DNS schema. You need to query the ASIM DNS schema to list all the DNS events from the last 24 hours that...

You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365. You have Microsoft SharePoint Online sites that contain sensitive documents. The documents contain customer account numbers that each consists of 32 alphanumeric characters. You need to create a data loss prevention (DLP) policy to protect the sensitive...