QUESTION: 1 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 1)

You need to minimize the effort required to investigate the Microsoft Defender for Identity false positive alerts. What should you review?

the status update time
the resolution method of the source computer
the alert status
the certainty of the source computer

Answer(s): D

Explanation:

Scenario: Microsoft Defender for Identity Requirements: Minimize the administrative effort required to investigate the false positive alerts.
Defender for Identity raises a high volume of Suspected DCSync attack alerts that are false positives.
Note: Suspected DCSync attack (replication of directory services) (external ID 2006) Previous name: Malicious replication of directory services.
Description
Active Directory replication is the process by which changes that are made on one domain controller are synchronized with all other domain controllers. Given necessary permissions, attackers can initiate a replication request, allowing them to retrieve the data stored in Active Directory, including password hashes.
In this detection, an alert is triggered when a replication request is initiated from a computer that isn't a domain controller.
If the source computer is a domain controller, failed or low certainty resolution can prevent Defender for Identity from being able to confirm identification.
Check if the source computer is a domain controller? If the answer is yes, Close the alert as a B-TP activity.

Reference:

https://learn.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts

Show Answer Next Question

QUESTION: 2 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 2)

View Related Case Study

The issue for which team can be resolved by using Microsoft Defender for Endpoint?

executive
sales
marketing

Answer(s): B

Reference:

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft- defender-atp-ios

Show Answer Next Question

QUESTION: 3 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 2)

View Related Case Study

The issue for which team can be resolved by using Microsoft Defender for Office 365?

executive
marketing
security
sales

Answer(s): B

Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/atp-for-spo-odb-and-teams?
view=o365-worldwide

Show Answer Next Question

QUESTION: 4 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

View Related Case Study

You need to implement the Azure Information Protection requirements. What should you configure first?

Device health and compliance reports settings in Microsoft 365 Defender portal
scanner clusters in Azure Information Protection from the Azure portal
content scan jobs in Azure Information Protection from the Azure portal
Advanced features from Settings in Microsoft 365 Defender portal

Answer(s): D

Reference:

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/information- protection-in-windows-overview

Show Answer Next Question

QUESTION: 5 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

View Related Case Study

You need to modify the anomaly detection policy settings to meet the Microsoft Defender for Cloud Apps requirements and resolve the reported problem.
Which policy should you modify?

Activity from suspicious IP addresses
Activity from anonymous IP addresses
Impossible travel
Risky sign-in

Answer(s): C

Reference:

https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy

Show Answer Next Question

QUESTION: 6 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

View Related Case Study

DRAG DROP (Drag and Drop is not supported)
You need to configure DC1 to meet the business requirements.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

See Explanation section for answer.

Answer(s): A

Explanation:

Scenario:
Litware identifies the following business requirements:
All domain controllers must be protected by using Microsoft Defender for Identity.
DC1 is on on-premises server running Windows Server 2019. It is a domain controller. Deploy Microsoft Defender for Identity with Microsoft 365 Defender
Step 1: Provide a global administrator credentials to the litware.com Active Directory domain Prerequisites include:
Accounts
At least one Directory Service account with read access to all objects in the monitored domains.
Permissions
To create your Defender for Identity instance, you'll need an Azure AD tenant with at least one global/security administrator. Each Defender for Identity workspace supports a multiple Active Directory forest boundary and Forest Functional Level (FFL) of Windows 2003 and above.
You need to be a global administrator or security administrator on the tenant to access the Identity section on
the Microsoft 365 Defender portal and be able to create the workspace. Step 2: Create an instance of Microsoft Defender for Identity.
Step 3: Provide domain administrator credentials to the litware.com Active Directory domain. If there are only three steps required, skip this step.
Step 4: Install the sensor on DC1. Note on the four steps:
Step 1: log in to https://portal.atp.azure.com as a global admin Step 2: Create the instance
Step 3. Connect the instance to Active Directory Step 4. Download and install the sensor.
Incorrect:
Install the standalone sensor on DC1 We are in a domain.

Reference:

https://learn.microsoft.com/en-us/defender-for-identity/deploy-defender-identity https://learn.microsoft.com/en-us/defender-for-identity/install-sensor https://learn.microsoft.com/en-us/defender-for-identity/prerequisites

Show Answer Next Question

QUESTION: 7 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

View Related Case Study

DRAG DROP (Drag and Drop is not supported)
You need to configure DC1 to meet the business requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

See Explanation section for answer.

Answer(s): A

Explanation:

Scenario:
Litware identifies the following business requirements:
All domain controllers must be protected by using Microsoft Defender for Identity.
DC1 is on on-premises server running Windows Server 2019. It is a domain controller. Deploy Microsoft Defender for Identity with Microsoft 365 Defender
Step 1: Provide a global administrator credentials to the litware.com Active Directory domain Prerequisites include:
Accounts
At least one Directory Service account with read access to all objects in the monitored domains.
Permissions
To create your Defender for Identity instance, you'll need an Azure AD tenant with at least one global/security administrator. Each Defender for Identity workspace supports a multiple Active Directory forest boundary and Forest Functional Level (FFL) of Windows 2003 and above.
You need to be a global administrator or security administrator on the tenant to access the Identity section on the Microsoft 365 Defender portal and be able to create the workspace.
Step 2: Create an instance of Microsoft Defender for Identity. Step 3: Install the sensor on DC1.
Note if four steps instead of three steps:
Step 1: log in to https://portal.atp.azure.com as a global admin Step 2: Create the instance
Step 3. Connect the instance to Active Directory Step 4. Download and install the sensor.
Incorrect:
* Install the standalone sensor on DC1 We are in a domain.

Reference:

https://learn.microsoft.com/en-us/defender-for-identity/deploy-defender-identity https://learn.microsoft.com/en-us/defender-for-identity/install-sensor
https://learn.microsoft.com/en-us/defender-for-identity/prerequisites
Mitigate threats using Microsoft 365 Defender Question Set 4

Show Answer Next Question

QUESTION: 8 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

View Related Case Study

DRAG DROP (Drag and Drop is not supported)
You are investigating an incident by using Microsoft Defender portal.
You need to create an advanced hunting query to count failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Select and Place:

See Explanation section for answer.

Answer(s): A

Explanation:

Show Answer Next Question

Free Microsoft SC-200 Exam Braindumps (page: 2)

Pass your Microsoft Security Operations Analyst exam with these free Actual Questions and Answers

QUESTION: 1 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 1)

Explanation:

Reference:

QUESTION: 2 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 2)

Reference:

QUESTION: 3 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 2)

Reference:

QUESTION: 4 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

Reference:

QUESTION: 5 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

Reference:

QUESTION: 6 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

Explanation:

Reference:

QUESTION: 7 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

Explanation:

Reference:

QUESTION: 8 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

Explanation:

SC-200 Exam Discussions & Posts