Practice Free SC-200 Exam Online Questions
You have an Azure subscription that uses Microsoft Sentinel and contains 100 Linux virtual machines.
You need to monitor the virtual machines by using Microsoft Sentinel.
The solution must meet the fallowing requirements:
• Minimize administrative effort
• Minimize the parsing required to read log data
What should you configure?
- A . REST API integration
- B . a SysJog connector
- C . a Log Analytics Data Collector API
- D . a Common Event Format (CEF) connector
You have a Microsoft 365 subscription that uses Microsoft 365 Defender.
You plan to create a hunting query from Microsoft Defender.
You need to create a custom tracked query that will be used to assess the threat status of the subscription.
From the Microsoft 365 Defender portal, which page should you use to create the query?
- A . Policies & rules
- B . Explorer
- C . Threat analytics
- D . Advanced Hunting
You need to configure Microsoft Cloud App Security to generate alerts and trigger remediation actions in response to external sharing of confidential files.
Which two actions should you perform in the Cloud App Security portal? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . From Settings, select Information Protection, select Azure Information Protection, and then select Only scan files for Azure Information Protection classification labels and content inspection warnings from this tenant
- B . Select Investigate files, and then filter App to Office 365.
- C . Select Investigate files, and then select New policy from search
- D . From Settings, select Information Protection, select Azure Information Protection, and then select Automatically scan new files for Azure Information Protection classification labels and content inspection warnings
- E . From Settings, select Information Protection, select Files, and then enable file monitoring.
- F . Select Investigate files, and then filter File Type to Document.
DE
Explanation:
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/tutorial-dlp
https://docs.microsoft.com/en-us/cloud-app-security/azip-integration
You have a Microsoft Sentinel workspace.
You have a query named Query1 as shown in the following exhibit.
You plan to create a custom parser named Parser 1. You need to use Query1 in Parser1.
What should you do first?
- A . Remove line 2.
- B . In line 4. remove the TimeGenerated predicate.
- C . Remove line 5.
- D . In line 3, replace the ‘contains operator with the !has operator.
A
Explanation:
This can be confirmed by referring to the official Microsoft documentation on creating custom log queries in Azure Sentinel, which states that the “has” operator should not be used in the query, and that it is unnecessary.
Reference: https://docs.microsoft.com/en-us/azure/sentinel/query-custom-logs
DRAG DROP
You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud.
You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Step 1: From Logic App Designer, create a logic app.
Create a logic app and define when it should automatically run
HOTSPOT
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains a Windows device named Device1.
Twenty files on Device1 are quarantined by custom indicators as part of an investigation.
You need to release the 20 files from quarantine.
How should you complete the command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP
You have an Azure Sentinel deployment.
You need to query for all suspicious credential access activities.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Your company uses Azure Sentinel.
A new security analyst reports that she cannot assign and dismiss incidents in Azure Sentinel. You need to resolve the issue for the analyst. The solution must use the principle of least privilege.
Which role should you assign to the analyst?
- A . Azure Sentinel Responder
- B . Logic App Contributor
- C . Azure Sentinel Contributor
- D . Azure Sentinel Reader
A
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/sentinel/roles
You have a Microsoft 365 E5 subscription that uses Microsoft SharePoint Online.
You delete users from the subscription.
You need to be notified if the deleted users downloaded numerous documents from SharePoint Online sites during the month before their accounts were deleted.
What should you use?
- A . a file policy in Microsoft Defender for Cloud Apps
- B . an access review policy
- C . an alert policy in Microsoft Defender for Office 365
- D . an insider risk policy
C
Explanation:
Alert policies let you categorize the alerts that are triggered by a policy, apply the policy to all users in your organization, set a threshold level for when an alert is triggered, and decide whether to receive email notifications when alerts are triggered.
Default alert policies include:
Unusual external user file activity -Generates an alert when an unusually large number of activities are performed on files in SharePoint or OneDrive by users outside of your organization. This includes activities such as accessing files, downloading files, and deleting files. This policy has a High severity setting.
Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies
HOTSPOT
You need to implement Azure Defender to meet the Azure Defender requirements and the business requirements.
What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
