CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-200

Free SC-200 Exam Braindumps (page: 24)

Page 23 of 79
PDF with 355 Questions

You have an Azure subscription that contains a resource group named RG1. RG1 contains a Microsoft Sentinel workspace. The subscription is linked to a Microsoft Entra tenant that contains a user named User1.
You need to ensure that User1 can deploy and customize Microsoft Sentinel workbook templates. The solution must follow the principle of least privilege.
Which role should you assign to User1 for RG1?

  1. Microsoft Sentinel Contributor
  2. Workbook Contributor
  3. Microsoft Sentinel Automation Contributor
  4. Contributor

Answer(s): A



You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains 500 Windows devices.
As part of an incident investigation, you identify the following suspected malware files:
• sys
• pdf
• docx
• xlsx
You need to create indicator hashes to block users from downloading the files to the devices.
Which files can you block by using the indicator hashes?

  1. File1.sys only
  2. File1.sys and File3.docx only
  3. File1.sys, File3.docx, and File4.xlsx only
  4. File2.pdf, File3.docx, and File4.xlsx only
  5. File1.sys, File2.pdf, File3.docx, and File4.xlsx

Answer(s): E



HOTSPOT
-
You have on-premises servers that run Windows Server.
You have a Microsoft Sentinel workspace named SW1. SW1 is configured to collect Windows Security log entries from the servers by using the Azure Monitor Agent data connector.
You plan to limit the scope of collected events to events 4624 and 4625 only.
You need to use a PowerShell script to validate the syntax of the filter applied to the connector.
How should you complete the script? To answer, select the appropriate options in the answer area.
Note: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that uses Microsoft Defender XDR.
From the Microsoft Defender portal, you perform an audit search and export the results as a file named File1.csv that contains 10,000 rows.
You use Microsoft Excel to perform Get & Transform Data operations to parse the AuditData column from File1.csv. The operations fail to generate columns for specific JSON properties.
You need to ensure that Excel generates columns for the specific JSON properties in the audit search results.
Solution: From Defender, you modify the search criteria of the audit search to increase the number of returned records, and then you export the results. From Excel, you perform the Get & Transform Data operations by using the new export.
Does this meet the requirement?

  1. Yes
  2. No

Answer(s): B






Post your Comments and Discuss Microsoft SC-200 exam with other Community members:

SC-200 Discussions & Posts