CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-200

Free SC-200 Exam Braindumps (page: 42)

Page 42 of 79
PDF with 310 Questions

HOTSPOT (Drag and Drop is not supported).
You have a Microsoft 365 subscription that uses Microsoft 365 Defender and contains a user named User1.
You are notified that the account of User1 is compromised.
You need to review the alerts triggered on the devices to which User1 signed in.
How should you complete the query? To answer, select the appropriate options in the answer area.
Note: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: join -
An inner join.
This query uses kind=inner to specify an inner-join, which prevents deduplication of left side values for DeviceId.
This query uses the DeviceInfo table to check if a potentially compromised user (<account-name>) has logged on to any devices and then lists the alerts that have been triggered on those devices.
DeviceInfo -
//Query for devices that the potentially compromised account has logged onto
| where LoggedOnUsers contains '<account-name>'
| distinct DeviceId
//Crosscheck devices against alert records in AlertEvidence and AlertInfo tables
| join kind=inner AlertEvidence on DeviceId
| project AlertId
//List all alerts on devices that user has logged on to
| join AlertInfo on AlertId
| project AlertId, Timestamp, Title, Severity, Category
DeviceInfo LoggedOnUsers AlertEvidence "project AlertID"
Box 2: project -


Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/defender/advanced-hunting-query-emails-devices?view=o365-worldwide



You are configuring Azure Sentinel.
You need to send a Microsoft Teams message to a channel whenever an incident representing a sign-in risk event is activated in Azure Sentinel.
Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.
Note: Each correct selection is worth one point.

  1. Enable Entity behavior analytics.
  2. Associate a playbook to the analytics rule that triggered the incident.
  3. Enable the Fusion rule.
  4. Add a playbook.
  5. Create a workbook.

Answer(s): B,D


Reference:

https://docs.microsoft.com/en-us/azure/sentinel/enable-entity-behavior-analytics https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have Linux virtual machines on Amazon Web Services (AWS).
You deploy Azure Defender and enable auto-provisioning.
You need to monitor the virtual machines by using Azure Defender.
Solution: You enable Azure Arc and onboard the virtual machines to Azure Arc.
Does this meet the goal?

  1. Yes
  2. No

Answer(s): A


Reference:

https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-machines?pivots=azure-arc



You have a Microsoft 365 E5 subscription that uses Microsoft SharePoint Online.
You delete users from the subscription.
You need to be notified if the deleted users downloaded numerous documents from SharePoint Online sites during the month before their accounts were deleted.
What should you use?

  1. a file policy in Microsoft Defender for Cloud Apps
  2. an access review policy
  3. an alert policy in Microsoft Defender for Office 365
  4. an insider risk policy

Answer(s): D

Explanation:

Alert policies let you categorize the alerts that are triggered by a policy, apply the policy to all users in your organization, set a threshold level for when an alert is triggered, and decide whether to receive email notifications when alerts are triggered.
Default alert policies include:
Unusual external user file activity - Generates an alert when an unusually large number of activities are performed on files in SharePoint or OneDrive by users outside of your organization. This includes activities such as accessing files, downloading files, and deleting files. This policy has a High severity setting.


Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies



Page 42 of 79



Post your Comments and Discuss Microsoft SC-200 exam with other Community members:

Anyah Vincent Ndubuisi commented on December 19, 2024
Microsoft SC 200 SOC, is awesomely good enough for every cybersecurity specialist. Well detailed for freshers also. From Anyah Vincent.Nigeria.
Anonymous
upvote

Vin commented on November 07, 2024
Good content
Anonymous
upvote

Lueng commented on October 21, 2024
Very professional people and accurate study content. I highly recommend.
HONG KONG
upvote

LA commented on October 18, 2024
Hi there, I have scheduled my EXAM and will share my experience if these questions are valid or not.
Anonymous
upvote

Vignesh commented on October 03, 2024
I'm writing next week, are the questions still valid?
CZECH REPUBLIC
upvote

Donjo commented on September 09, 2024
Anyone tried recently. like Sept?
Anonymous
upvote

Ma hari bahadur commented on July 12, 2024
Great passed
UNITED STATES
upvote

Tota commented on July 12, 2024
Nailed it totas
Anonymous
upvote

Heavy Guy commented on July 06, 2024
Just passed this exam.
UNITED STATES
upvote

Patrick commented on June 16, 2024
Very helpful
SWITZERLAND
upvote

Bhagwati commented on June 06, 2024
Exam dumps helped me to get 90% marks.
Anonymous
upvote

Nikhil Jagadale commented on May 10, 2024
Very helpful
INDIA
upvote

Karabo commented on April 11, 2024
Very helpful
SOUTH AFRICA
upvote

CyberThreat commented on March 12, 2024
Thank You for sharing this questions! Nice Job.
BRAZIL
upvote

Anwar commented on February 17, 2024
Thank you for your questions and the wonderful support. The PDF version really helped. Keep up the good work.
Italy
upvote

Balakrishna commented on February 17, 2024
Passed this exam today with a score of 864.
INDIA
upvote

Manish commented on February 17, 2024
Amazing Questions
INDIA
upvote

Kawah commented on February 17, 2024
I sat for my test today. I can confirm that there are about 6 new questions I didn't see in this dumps. The rest was all good.
UNITED STATES
upvote

Mohammed commented on February 17, 2024
I can say that this exam is valid and questions are same as in real exam. Passed my paper today after preparing for 1 week.
United Kingdom
upvote

John commented on January 27, 2024
is this up to date?
Anonymous
upvote

Brijesh kr commented on June 29, 2023
awesome contents
INDIA
upvote

Rebecca commented on October 08, 2023
Very useful material
SOUTH AFRICA
upvote

Rebecca commented on October 08, 2023
Very useful, the exact questions in exam
SOUTH AFRICA
upvote

Jane commented on October 08, 2023
Very useful
SOUTH AFRICA
upvote

bot commented on October 08, 2023
QUESTION: 99 You use Azure Sentinel. You need to use a built-in role to provide a security analyst with the ability to edit the queries of custom Azure Sentinel workbooks. The solution must use the principle of least privilege. Which role should you assign to the analyst? Answer is : Azure Sentinel Contributor (A) but it showing (C) Azure Sentinel Responder - WORNG
INDIA
upvote

bot commented on October 08, 2023
how many question will ask in exam
INDIA
upvote

Mark commented on July 25, 2023
Hi all, where can I find the updated questions
Anonymous
upvote

Yefferic commented on July 19, 2023
very usefull
Anonymous
upvote

Jason commented on July 05, 2023
Total Questions: 156 Exam questions 187 If I buy this dump - will I get 156 questions or 187?
AUSTRALIA
upvote

Brijesh kr commented on June 29, 2023
awesome contents
INDIA
upvote

Percy commented on June 06, 2023
Good dump to study
INDIA
upvote

Alejandro commented on May 30, 2023
This practice exam contained the exact questions and answers that I encountered in the exam. It felt like cheaing! LOL
UNITED KINGDOM
upvote

IRSHAD PASHA commented on May 30, 2023
these questions are absolutely the same what was asked in the exam
Anonymous
upvote

Mihai commented on February 15, 2023
Pass my exam. This question bank has real content from exam.
UNITED STATES
upvote