Exam Logo

Microsoft (SC-200) Exam Questions And Answers page 2

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center.

You receive a security alert in Security Center.

You need to view recommendations to resolve the alert in Security Center.

Solution: From Security alerts, you select the alert, select Take Action, and then expand the Prevent future attacks section.

Does this meet the goal?
Implement and manage security events and incidents Implement and manage information protection
The issue for which team can be resolved by using Microsoft Defender for Endpoint?
Implement and manage threat protection Implement and manage information protection
The issue for which team can be resolved by using Microsoft Defender for Office 365?
Implement and manage threat protection Implement and manage information protection
Which rule setting should you configure to meet the Azure Sentinel requirements?
Implement and manage threat protection Manage governance and compliance features in Microsoft 365
You are configuring Azure Sentinel.

You need to send a Microsoft Teams message to a channel whenever an incident representing a sign-in risk event is activated in Azure Sentinel.

Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.
Implement and manage security events and incidents Implement and manage information protection
You are configuring Azure Sentinel.

You need to send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected.

Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.
Implement and manage threat protection Implement and manage information protection
You are investigating an incident in Azure Sentinel that contains more than 127 alerts.

You discover eight alerts in the incident that require further investigation.

You need to escalate the alerts to another Azure Sentinel administrator.

What should you do to provide the alerts to the administrator?
Implement and manage security events and incidents Implement and manage information protection
You are investigating a potential attack that deploys a new ransomware strain.

You have three custom device groups. The groups contain devices that store highly sensitive information.

You plan to perform automated actions on all devices.

You need to be able to temporarily group the machines to perform actions on the devices.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.
Implement and manage security events and incidents Implement and manage information protection
You are responsible for responding to Azure Defender for Key Vault alerts.

During an investigation of an alert, you discover unauthorized attempts to access a key vault from a Tor exit node.

What should you configure to mitigate the threat?
Implement and manage threat protection Implement and manage information protection
You create a custom analytics rule to detect threats in Azure Sentinel.

You discover that the rule fails intermittently.

What are two possible causes of the failures? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.
Implement and manage threat protection Implement and manage information protection