Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-200

Free Microsoft SC-200 Exam Questions (page: 3)

Page 3 of 50
PDF with 389 Questions
View Related Case Study

You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in.
Which Microsoft Defender for Cloud Apps anomaly detection policy should you use?

  1. Impossible travel
  2. Activity from anonymous IP addresses
  3. Activity from infrequent country
  4. Malware detection

Answer(s): C


Reference:

https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy



View Related Case Study

You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.
You have Microsoft SharePoint Online sites that contain sensitive documents. The documents contain customer account numbers that each consists of 32 alphanumeric characters.
You need to create a data loss prevention (DLP) policy to protect the sensitive documents. What should you use to detect which documents are sensitive?

  1. SharePoint search
  2. a hunting query in Microsoft 365 Defender
  3. Azure Information Protection
  4. RegEx pattern matching

Answer(s): D



View Related Case Study

Your company uses line-of-business apps that contain Microsoft Office VBA macros.
You plan to enable protection against downloading and running additional payloads from the Office VBA macros as additional child processes.

You need to identify which Office VBA macros might be affected.

Which two commands can you run to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.








Answer(s): B,C


Reference:

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface- reduction



View Related Case Study

Your company uses Microsoft Defender for Endpoint.
The company has Microsoft Word documents that contain macros. The documents are used frequently on the devices of the company’s accounting team.
You need to hide false positive in the Alerts queue, while maintaining the existing security posture. Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  1. Resolve the alert automatically.
  2. Hide the alert.
  3. Create a suppression rule scoped to any device.
  4. Create a suppression rule scoped to a device group.
  5. Generate the alert.

Answer(s): B,D,E



View Related Case Study

DRAG DROP (Drag and Drop is not supported)
You open the Microsoft Defender for Cloud Apps portal as shown in the following exhibit.


Your environment does NOT have Microsoft Defender for Endpoint enabled. You need to remediate the risk for the Launchpad app.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/cloud-app-security/governance-discovery



View Related Case Study

HOTSPOT (Drag and Drop is not supported)
You have a Microsoft 365 E5 subscription.
You plan to perform cross-domain investigations by using Microsoft 365 Defender.
You need to create an advanced hunting query to identify devices affected by a malicious email attachment. How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-query-emails-devices? view=o365-worldwide



View Related Case Study

You have the following advanced hunting query in Microsoft Defender XDR.


You need to receive an alert when any process disables System Restore on a device managed by Microsoft Defender XDR during the last 24 hours.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  1. Create a detection rule.
  2. Create a suppression rule.
  3. Add | order by Timestamp to the query.
  4. Replace DeviceProcessEvents with DeviceNetworkEvents.
  5. Add DeviceId and ReportId to the output of the query.

Answer(s): A,E


Reference:

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/custom-detection- rules



View Related Case Study

You are investigating a potential attack that deploys a new ransomware strain.
You have three custom device groups. The groups contain devices that store highly sensitive information. You plan to perform automated actions on all devices.
You need to be able to temporarily group the machines to perform actions on the devices. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

  1. Assign a tag to the device group.
  2. Add the device users to the admin role.
  3. Add a tag to the machines.
  4. Create a new device group that has a rank of 1.
  5. Create a new admin role.
  6. Create a new device group that has a rank of 4.

Answer(s): A,C,D


Reference:

https://docs.microsoft.com/en-us/learn/modules/deploy-microsoft-defender-for-endpoints-environment/4- manage-access



Viewing page 3 of 50



Post your Comments and Discuss Microsoft SC-200 exam prep with other Community members:

SC-200 Exam Discussions & Posts