SC-200 exam

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you...

You need to visualize Azure Sentinel data and enrich the data by using third-party data sources to identify indicators of compromise (IoC). What should you use?A . notebooks in Azure SentinelB . Microsoft Cloud App SecurityC . Azure MonitorD . hunting queries in Azure SentinelView AnswerAnswer: A Explanation: Reference: https://docs.microsoft.com/en-us/azure/sentinel/notebooks

HOTSPOT You purchase a Microsoft 365 subscription. You plan to configure Microsoft Cloud App Security. You need to create a custom template-based policy that detects connections to Microsoft 365 apps that originate from a botnet network. What should you use? To answer, select the appropriate options in the answer area....

You recently deployed Azure Sentinel. You discover that the default Fusion rule does not generate any alerts. You verify that the rule is enabled. You need to ensure that the Fusion rule can generate alerts. What should you do?A . Disable, and then enable the rule.B . Add data connectorsC...

HOTSPOT You are informed of an increase in malicious email being received by users. You need to create an advanced hunting query in Microsoft 365 Defender to identify whether the accounts of the email recipients were compromised. The query must return the most recent 20 sign-ins performed by the recipients...

You need to ensure that the Group1 members can meet the Microsoft Sentinel requirements. Which role should you assign to Group1?A . Microsoft Sentinel Automation ContributorB . Logic App ContributorC . Automation OperatorD . Microsoft Sentinel Playbook OperatorView AnswerAnswer: D

Your company deploys the following services: ✑ Microsoft Defender for Identity ✑ Microsoft Defender for Endpoint ✑ Microsoft Defender for Office 365 You need to provide a security analyst with the ability to use the Microsoft 365 security center. The analyst must be able to approve and reject pending actions...

You use Azure Defender. You have an Azure Storage account that contains sensitive information. You need to run a PowerShell script if someone accesses the storage account from a suspicious IP address. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection...

You have an Azure subscription that contains a Log Analytics workspace. You need to enable just-in-time (JIT) VM access and network detections for Azure resources. Where should you enable Azure Defender?A . at the subscription levelB . at the workspace levelC . at the resource levelView AnswerAnswer: A Explanation: Reference:...

HOTSPOT You need to implement the ASIM query for DNS requests. The solution must meet the Microsoft Sentinel requirements. How should you configure the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer: