Free Microsoft SC-200 Exam Braindumps (page: 2)

94.4% Passing Rate DOWNLOAD PDF EXAM
389 Questions & Answers
Page 2 of 50
View Related Case Study

You need to minimize the effort required to investigate the Microsoft Defender for Identity false positive alerts. What should you review?

  1. the status update time
  2. the resolution method of the source computer
  3. the alert status
  4. the certainty of the source computer

Answer(s): D

Explanation:

Scenario: Microsoft Defender for Identity Requirements: Minimize the administrative effort required to investigate the false positive alerts.
Defender for Identity raises a high volume of Suspected DCSync attack alerts that are false positives.
Note: Suspected DCSync attack (replication of directory services) (external ID 2006) Previous name: Malicious replication of directory services.
Description
Active Directory replication is the process by which changes that are made on one domain controller are synchronized with all other domain controllers. Given necessary permissions, attackers can initiate a replication request, allowing them to retrieve the data stored in Active Directory, including password hashes.
In this detection, an alert is triggered when a replication request is initiated from a computer that isn't a domain controller.
If the source computer is a domain controller, failed or low certainty resolution can prevent Defender for Identity from being able to confirm identification.
Check if the source computer is a domain controller? If the answer is yes, Close the alert as a B-TP activity.


Reference:

https://learn.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts



View Related Case Study

The issue for which team can be resolved by using Microsoft Defender for Endpoint?

  1. executive
  2. sales
  3. marketing

Answer(s): B


Reference:

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft- defender-atp-ios



View Related Case Study

The issue for which team can be resolved by using Microsoft Defender for Office 365?

  1. executive
  2. marketing
  3. security
  4. sales

Answer(s): B


Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/atp-for-spo-odb-and-teams?
view=o365-worldwide



View Related Case Study

You need to implement the Azure Information Protection requirements. What should you configure first?

  1. Device health and compliance reports settings in Microsoft 365 Defender portal
  2. scanner clusters in Azure Information Protection from the Azure portal
  3. content scan jobs in Azure Information Protection from the Azure portal
  4. Advanced features from Settings in Microsoft 365 Defender portal

Answer(s): D


Reference:

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/information- protection-in-windows-overview



View Related Case Study

You need to modify the anomaly detection policy settings to meet the Microsoft Defender for Cloud Apps requirements and resolve the reported problem.
Which policy should you modify?

  1. Activity from suspicious IP addresses
  2. Activity from anonymous IP addresses
  3. Impossible travel
  4. Risky sign-in

Answer(s): C


Reference:

https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy



View Related Case Study

DRAG DROP (Drag and Drop is not supported)
You need to configure DC1 to meet the business requirements.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Scenario:
Litware identifies the following business requirements:
All domain controllers must be protected by using Microsoft Defender for Identity.
DC1 is on on-premises server running Windows Server 2019. It is a domain controller. Deploy Microsoft Defender for Identity with Microsoft 365 Defender
Step 1: Provide a global administrator credentials to the litware.com Active Directory domain Prerequisites include:
Accounts
At least one Directory Service account with read access to all objects in the monitored domains.
Permissions
To create your Defender for Identity instance, you'll need an Azure AD tenant with at least one global/security administrator. Each Defender for Identity workspace supports a multiple Active Directory forest boundary and Forest Functional Level (FFL) of Windows 2003 and above.
You need to be a global administrator or security administrator on the tenant to access the Identity section on
the Microsoft 365 Defender portal and be able to create the workspace. Step 2: Create an instance of Microsoft Defender for Identity.
Step 3: Provide domain administrator credentials to the litware.com Active Directory domain. If there are only three steps required, skip this step.
Step 4: Install the sensor on DC1. Note on the four steps:
Step 1: log in to https://portal.atp.azure.com as a global admin Step 2: Create the instance
Step 3. Connect the instance to Active Directory Step 4. Download and install the sensor.
Incorrect:
Install the standalone sensor on DC1 We are in a domain.


Reference:

https://learn.microsoft.com/en-us/defender-for-identity/deploy-defender-identity https://learn.microsoft.com/en-us/defender-for-identity/install-sensor https://learn.microsoft.com/en-us/defender-for-identity/prerequisites



View Related Case Study

DRAG DROP (Drag and Drop is not supported)
You need to configure DC1 to meet the business requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Scenario:
Litware identifies the following business requirements:
All domain controllers must be protected by using Microsoft Defender for Identity.
DC1 is on on-premises server running Windows Server 2019. It is a domain controller. Deploy Microsoft Defender for Identity with Microsoft 365 Defender
Step 1: Provide a global administrator credentials to the litware.com Active Directory domain Prerequisites include:
Accounts
At least one Directory Service account with read access to all objects in the monitored domains.
Permissions
To create your Defender for Identity instance, you'll need an Azure AD tenant with at least one global/security administrator. Each Defender for Identity workspace supports a multiple Active Directory forest boundary and Forest Functional Level (FFL) of Windows 2003 and above.
You need to be a global administrator or security administrator on the tenant to access the Identity section on the Microsoft 365 Defender portal and be able to create the workspace.
Step 2: Create an instance of Microsoft Defender for Identity. Step 3: Install the sensor on DC1.
Note if four steps instead of three steps:
Step 1: log in to https://portal.atp.azure.com as a global admin Step 2: Create the instance
Step 3. Connect the instance to Active Directory Step 4. Download and install the sensor.
Incorrect:
* Install the standalone sensor on DC1 We are in a domain.


Reference:

https://learn.microsoft.com/en-us/defender-for-identity/deploy-defender-identity https://learn.microsoft.com/en-us/defender-for-identity/install-sensor
https://learn.microsoft.com/en-us/defender-for-identity/prerequisites
Mitigate threats using Microsoft 365 Defender Question Set 4



View Related Case Study

DRAG DROP (Drag and Drop is not supported)
You are investigating an incident by using Microsoft Defender portal.
You need to create an advanced hunting query to count failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:






Post your Comments and Discuss Microsoft SC-200 exam prep with other Community members:

SC-200 Exam Discussions & Posts