SC-200 exam

Your company uses Azure Sentinel to manage alerts from more than 10,000 IoT devices. A security manager at the company reports that tracking security threats is increasingly difficult due to the large number of incidents. You need to recommend a solution to provide a custom visualization to simplify the investigation...

HOTSPOT You have a Microsoft 365 E5 subscription. You plan to perform cross-domain investigations by using Microsoft 365 Defender. You need to create an advanced hunting query to identify devices affected by a malicious email attachment. How should you complete the query? To answer, select the appropriate options in the...

HOTSPOT You need to implement the query for Workbook1 and Webapp1. The solution must meet the Microsoft Sentinel requirements. How should you configure the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. View AnswerAnswer:

You need to create the test rule to meet the Azure Sentinel requirements. What should you do when you create the rule?A . From Set rule logic, turn off suppression.B . From Analytics rule details, configure the tactics.C . From Set rule logic, map the entities.D . From Analytics rule...

Topic 4, Misc. Questions Fabrikam. Inc. is a financial services company. The company has branch offices in New York. London, and Singapore. Fabrikam has remote users located across the globe. The remote users access company resources, including cloud resources, by using a VPN connection to a branch office. The network...

You plan to create a custom Azure Sentinel query that will track anomalous Azure Active Directory (Azure AD) sign-in activity and present the activity as a time chart aggregated by day. You need to create a query that will be used to display the time chart. What should you include...

You provision a Linux virtual machine in a new Azure subscription. You enable Azure Defender and onboard the virtual machine to Azure Defender. You need to verify that an attack on the virtual machine triggers an alert in Azure Defender. Which two Bash commands should you run on the virtual...

Your company uses line-of-business apps that contain Microsoft Office VBA macros. You plan to enable protection against downloading and running additional payloads from the Office VBA macros as additional child processes. You need to identify which Office VBA macros might be affected. Which two commands can you run to achieve...

A company uses Azure Sentinel. You need to create an automated threat response. What should you use?A . a data connectorB . a playbookC . a workbookD . a Microsoft incident creation ruleView AnswerAnswer: B Explanation: Reference: https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you...