Practice Free SC-200 Exam Online Questions
DRAG DROP
You have an Azure subscription that uses Microsoft Defender for Cloud.
You need to create a workflow that will send a Microsoft Teams message to the IT department of your company when a new Microsoft Secure Score action is generated.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You recently deployed Azure Sentinel.
You discover that the default Fusion rule does not generate any alerts. You verify that the rule is enabled.
You need to ensure that the Fusion rule can generate alerts.
What should you do?
- A . Disable, and then enable the rule.
- B . Add data connectors
- C . Create a new machine learning analytics rule.
- D . Add a hunting bookmark.
B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/sentinel/connect-data-sources
HOTSPOT
You have a Microsoft Sentinel workbook that contains the following KQL query.
You need to create a visual that will change the color of the errCount column based on the value returned.
How should you configure the visual? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a Microsoft Sentinel workspace named SW1.
You need to identify which anomaly rules are enabled in SW1.
What should you review in Microsoft Sentine1?
- A . Settings
- B . Entity behavior
- C . Analytics
- D . Content hub
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring Microsoft Defender for Identity integration with Active Directory.
From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.
Solution: You add each account as a Sensitive account.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Reference: https://docs.microsoft.com/en-us/defender-for-identity/manage-sensitive-honeytoken-accounts
You need to implement the scheduled rule for incident generation based on rulequery1.
What should you configure first?
- A . entity mapping
- B . custom details
- C . event grouping
- D . alert details
HOTSPOT
You have an Azure subscription.
You plan to implement an Microsoft Sentinel workspace. You anticipate that you will ingest 20 GB of security log data per day.
You need to configure storage for the workspace.
The solution must meet the following requirements:
• Minimize costs for daily ingested data.
• Maximize the data retention period without incurring extra costs.
What should you do for each requirement? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.
You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.
You have Microsoft SharePoint Online sites that contain sensitive documents. The documents contain customer account numbers that each consists of 32 alphanumeric characters.
You need to create a data loss prevention (DLP) policy to protect the sensitive documents.
What should you use to detect which documents are sensitive?
- A . SharePoint search
- B . a hunting query in Microsoft 365 Defender
- C . Azure Information Protection
- D . RegEx pattern matching
C
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/information-protection/what-is-information-protection
A company uses Azure Sentinel.
You need to create an automated threat response.
What should you use?
- A . a data connector
- B . a playbook
- C . a workbook
- D . a Microsoft incident creation rule
B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook