SC-200 exam

Topic 3, Misc. Questions DRAG DROP You have an Azure subscription. You need to delegate permissions to meet the following requirements: ✑ Enable and disable Azure Defender. ✑ Apply security recommendations to resource. The solution must use the principle of least privilege. Which Azure Security Center role should you use...

DRAG DROP You have a Microsoft Sentinel workspace named workspace1 and an Azure virtual machine named VM1. You receive an alert for suspicious use of PowerShell on VM1. You need to investigate the incident, identify which event triggered the alert, and identify whether the following actions occurred on VM1 after...

Topic 2, Litware inc. Case study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to...

HOTSPOT You need to create a query for a workbook. The query must meet the following requirements: ✑ List all incidents by incident number. ✑ Only include the most recent log for each incident. How should you complete the query? To answer, select the appropriate options in the answer area....

You receive a security bulletin about a potential attack that uses an image file. You need to create an indicator of compromise (IoC) in Microsoft Defender for Endpoint to prevent the attack. Which indicator type should you use?A . a URL/domain indicator that has Action set to Alert only B....

You have a Microsoft 365 E5 subscription that is linked to a hybrid Azure AD tenant. You need to identify all the changes made to Domain Admins group during the past 30 days. What should you use?A . the Azure Active Directory Provisioning Analysis workbook B. the Overview settings of...

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you...

You provision a Linux virtual machine in a new Azure subscription. You enable Azure Defender and onboard the virtual machine to Azure Defender. You need to verify that an attack on the virtual machine triggers an alert in Azure Defender. Which two Bash commands should you run on the virtual...

You need to remediate active attacks to meet the technical requirements. What should you include in the solution?A . Azure Automation runbooks B. Azure Logic Apps C. Azure Functions D Azure Sentinel livestreamsView AnswerAnswer: B Explanation: Reference: https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks

You have an Azure subscription that contains a Log Analytics workspace. You need to enable just-in-time (JIT) VM access and network detections for Azure resources. Where should you enable Azure Defender?A . at the subscription level B. at the workspace level C. at the resource levelView AnswerAnswer: A Explanation: Reference:...