Free SC-200 Exam Braindumps (page: 15)

Page 14 of 79

HOTSPOT
-
You have the resources shown in the following table.



You have an Azure subscription that uses Microsoft Defender for Cloud.
You need to use Defender for Cloud to protect VM1 and Server1. The solution must meet the following requirements:
• Support Advanced Threat Protection and vulnerability assessment.
• Register each SQL Server 2022 instance as a SQL virtual machine.
• Minimize implementation and administrative effort.
What should you deploy to each server? To answer, select the appropriate options in the answer area.
Note: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains a macOS device named Device1.
You need to investigate a Defender for Endpoint agent alert on Device1. The solution must meet the following requirements:
• Identify all the active network connections on Device1.
• Identify all the running processes on Device1.
• Retrieve the login history of Device1.
• Minimize administrative effort.
What should you do first from the Microsoft Defender portal?

  1. From Devices, click Collect investigation package for Device1.
  2. From Advanced features in Endpoints, enable Live Response unsigned script execution.
  3. From Devices, initiate a live response session on Device1.
  4. From Advanced features in Endpoints, disable Authenticated telemetry.

Answer(s): A



You have 500 on-premises devices.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender 365.
You onboard 100 devices to Microsoft Defender 365.
You need to identify any unmanaged on-premises devices. The solution must ensure that only specific onboarded devices perform the discovery.
What should you do first?

  1. Create a device group.
  2. Create an exclusion.
  3. Set Discovery mode to Basic.
  4. Create a tag.

Answer(s): C



HOTSPOT
-
You have an Azure subscription that contains a Log Analytics workspace named Workspace1.
You configure Azure activity logs and Microsoft Entra ID logs to be forwarded to Workspace1.
You need to identify which Azure resources have been queried or modified by risky users.
How should you complete the KQL query? To answer, select the appropriate options in the answer area.
Note: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:






Post your Comments and Discuss Microsoft SC-200 exam with other Community members:

SC-200 Discussions & Posts