CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-200

Free SC-200 Exam Braindumps (page: 38)

Page 37 of 79
PDF with 355 Questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring Microsoft Defender for Identity integration with Active Directory.
From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.
Solution: You add each account as a Sensitive account.
Does this meet the goal?

  1. Yes
  2. No

Answer(s): B


Reference:

https://docs.microsoft.com/en-us/defender-for-identity/manage-sensitive-honeytoken-accounts



You are configuring Azure Sentinel.
You need to send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected.
Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.
Note: Each correct selection is worth one point.

  1. Add a playbook.
  2. Associate a playbook to an incident.
  3. Enable Entity behavior analytics.
  4. Create a workbook.
  5. Enable the Fusion rule.

Answer(s): A,B


Reference:

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook



You create an Azure subscription.
You enable Azure Defender for the subscription.
You need to use Azure Defender to protect on-premises computers.
What should you do on the on-premises computers?

  1. Install the Log Analytics agent.
  2. Install the Dependency agent.
  3. Configure the Hybrid Runbook Worker role.
  4. Install the Connected Machine agent.

Answer(s): A

Explanation:

Security Center collects data from your Azure virtual machines (VMs), virtual machine scale sets, IaaS containers, and non-Azure (including on-premises) machines to monitor for security vulnerabilities and threats.
Data is collected using:
✑ The Log Analytics agent, which reads various security-related configurations and event logs from the machine and copies the data to your workspace for analysis. Examples of such data are: operating system type and version, operating system logs (Windows event logs), running processes, machine name, IP addresses, and logged in user.
✑ Security extensions, such as the Azure Policy Add-on for Kubernetes, which can also provide data to Security Center regarding specialized resource types.


Reference:

https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection



You have a Microsoft 365 tenant that uses Microsoft Exchange Online and Microsoft Defender for Office 365.
What should you use to identify whether zero-hour auto purge (ZAP) moved an email message from the mailbox of a user?

  1. the Threat Protection Status report in Microsoft Defender for Office 365
  2. the mailbox audit log in Exchange
  3. the Safe Attachments file types report in Microsoft Defender for Office 365
  4. the mail flow report in Exchange

Answer(s): A

Explanation:

To determine if ZAP moved your message, you can use either the Threat Protection Status report or Threat Explorer (and real-time detections).


Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide






Post your Comments and Discuss Microsoft SC-200 exam with other Community members:

SC-200 Discussions & Posts