Free SC-200 Exam Braindumps (page: 13)

Page 12 of 79

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a user named User1.
You need to ensure that User1 can manage Microsoft Defender XDR custom detection rules and Endpoint security policies. The solution must follow the principle of least privilege.
Which role should you assign to User1?

  1. Security Administrator
  2. Security Operator
  3. Cloud Device Administrator
  4. Desktop Analytics Administrator

Answer(s): A



HOTSPOT
-
You have a Microsoft 365 subscription.
You need to identify all the security principals that submitted requests to change or delete groups.
How should you complete the KQL query? To answer, select the appropriate options in the answer area.
Note: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



HOTSPOT
-
You have a Microsoft 365 E5 subscription that uses Microsoft 365 Defender for Endpoint.
You need to ensure that you can initiate remote shell connections to Windows servers by using the Microsoft 365 Defender portal.
What should you configure? To answer, select the appropriate options in the answer area.
Note: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



You have an on-premises network.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Identity.
From the Microsoft Defender portal, you investigate an incident on a device named Device1 of a user named User1. The incident contains the following Defender for Identity alert.
Suspected identity theft (pass-the-ticket) (external ID 2018)
You need to contain the incident without affecting users and devices. The solution must minimize administrative effort.
What should you do?

  1. Disable User1 only.
  2. Quarantine Device1 only.
  3. Reset the password for all the accounts that previously signed in to Device1.
  4. Disable User1 and quarantine Device1.
  5. Disable User1, quarantine Device1, and reset the password for all the accounts that previously signed in to Device1.

Answer(s): E






Post your Comments and Discuss Microsoft SC-200 exam with other Community members:

SC-200 Discussions & Posts