Microsoft (SC-200) Exam Questions And Answers page 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center.
You receive a security alert in Security Center.
You need to view recommendations to resolve the alert in Security Center.
Solution: From Security alerts, you select the alert, select Take Action, and then expand the Prevent future attacks section.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center.
You receive a security alert in Security Center.
You need to view recommendations to resolve the alert in Security Center.
Solution: From Security alerts, you select the alert, select Take Action, and then expand the Prevent future attacks section.
Does this meet the goal?
No
Implement and manage security events and incidents
Implement and manage information protection
The issue for which team can be resolved by using Microsoft Defender for Endpoint?
executive
sales
marketing
Implement and manage threat protection
Implement and manage information protection
The issue for which team can be resolved by using Microsoft Defender for Office 365?
executive
marketing
security
sales
Implement and manage threat protection
Implement and manage information protection
Which rule setting should you configure to meet the Azure Sentinel requirements?
From Set rule logic, turn off suppression.
From Analytics rule details, configure the tactics.
From Set rule logic, map the entities.
From Analytics rule details, configure the severity.
Implement and manage threat protection
Manage governance and compliance features in Microsoft 365
You are configuring Azure Sentinel.
You need to send a Microsoft Teams message to a channel whenever an incident representing a sign-in risk event is activated in Azure Sentinel.
Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to send a Microsoft Teams message to a channel whenever an incident representing a sign-in risk event is activated in Azure Sentinel.
Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Enable Entity behavior analytics.
Associate a playbook to the analytics rule that triggered the incident.
Enable the Fusion rule.
Add a playbook.
Create a workbook.
Implement and manage security events and incidents
Implement and manage information protection
You are configuring Azure Sentinel.
You need to send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected.
Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected.
Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Add a playbook.
Associate a playbook to an incident.
Enable Entity behavior analytics.
Create a workbook.
Enable the Fusion rule.
Implement and manage threat protection
Implement and manage information protection
You are investigating an incident in Azure Sentinel that contains more than 127 alerts.
You discover eight alerts in the incident that require further investigation.
You need to escalate the alerts to another Azure Sentinel administrator.
What should you do to provide the alerts to the administrator?
You discover eight alerts in the incident that require further investigation.
You need to escalate the alerts to another Azure Sentinel administrator.
What should you do to provide the alerts to the administrator?
Create a Microsoft incident creation rule
Share the incident URL
Create a scheduled query rule
Assign the incident
Implement and manage security events and incidents
Implement and manage information protection
You are investigating a potential attack that deploys a new ransomware strain.
You have three custom device groups. The groups contain devices that store highly sensitive information.
You plan to perform automated actions on all devices.
You need to be able to temporarily group the machines to perform actions on the devices.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You have three custom device groups. The groups contain devices that store highly sensitive information.
You plan to perform automated actions on all devices.
You need to be able to temporarily group the machines to perform actions on the devices.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Assign a tag to the device group.
Add the device users to the admin role.
Add a tag to the machines.
Create a new device group that has a rank of 1.
Create a new admin role.
Create a new device group that has a rank of 4.
Implement and manage security events and incidents
Implement and manage information protection
You are responsible for responding to Azure Defender for Key Vault alerts.
During an investigation of an alert, you discover unauthorized attempts to access a key vault from a Tor exit node.
What should you configure to mitigate the threat?
During an investigation of an alert, you discover unauthorized attempts to access a key vault from a Tor exit node.
What should you configure to mitigate the threat?
Key Vault firewalls and virtual networks
Azure Active Directory (Azure AD) permissions
role-based access control (RBAC) for the key vault
the access policy settings of the key vault
Implement and manage threat protection
Implement and manage information protection
You create a custom analytics rule to detect threats in Azure Sentinel.
You discover that the rule fails intermittently.
What are two possible causes of the failures? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You discover that the rule fails intermittently.
What are two possible causes of the failures? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
The rule query takes too long to run and times out.
The target workspace was deleted.
Permissions to the data sources of the rule query were modified.
There are connectivity issues between the data sources and Log Analytics
Implement and manage threat protection
Implement and manage information protection
Comments