QUESTION: 25 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

You need to configure Microsoft Defender for Cloud Apps to generate alerts and trigger remediation actions in response to external sharing of confidential files.
Which two actions should you perform in the Microsoft Defender for Cloud Apps portal? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

From Settings, select Information Protection, select Azure Information Protection, and then select Only scan files for Azure Information Protection classification labels and content inspection warnings from this tenant.
Select Investigate files, and then filter App to Office 365.
Select Investigate files, and then select New policy from search.
From Settings, select Information Protection, select Azure Information Protection, and then select Automatically scan new files for Azure Information Protection classification labels and content inspection warnings.
From Settings, select Information Protection, select Files, and then enable file monitoring.
Select Investigate files, and then filter File Type to Document.

Answer(s): D,E

Explanation:

Discover and protect sensitive information in your organization
Phase 1: Discover your data Details omitted.
(D) Phase 2: Classify sensitive informationDefine which information is sensitive. Details omitted.Enable Microsoft Information Protection integrationIn the Microsoft 365 Defender portal, select Settings. Then choose Cloud Apps.Under Information Protection, go to Microsoft Information Protection. Select Automatically scan new files for Microsoft Information Protection sensitivity labels and content inspection warnings.Etc.
Phase 3: Protect your data
Phase 4: Monitor and report on your data
E: File filters in Microsoft Defender for Cloud Apps
File monitoring should be enabled in Settings. In the Microsoft 365 Defender portal, select Settings. Then choose Cloud Apps. Under Information Protection, select Files. Select Enable file monitoring and then select Save.
Note: To provide data protection, Microsoft Defender for Cloud Apps gives you visibility into all the files from your connected apps. After you connect Microsoft Defender for Cloud Apps to an app using the App connector, Microsoft Defender for Cloud Apps scans all the files, for example all the files stored in OneDrive and Salesforce. Then, Defender for Cloud Apps rescans each file every time it's modified – the modification can be to content, metadata, or sharing permissions. Scanning times depend on the number of files stored in your app. You can also use the Files page to filter files to investigate what kind of data is saved in your cloud apps.

Reference:

https://docs.microsoft.com/en-us/cloud-app-security/tutorial-dlp https://docs.microsoft.com/en-us/cloud-app-security/azip-integration https://learn.microsoft.com/en-us/defender-cloud-apps/file-filters

Show Answer Next Question

QUESTION: 26 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

View Related Case Study

HOTSPOT (Drag and Drop is not supported)
You purchase a Microsoft 365 subscription.
You plan to configure Microsoft Defender for Cloud Apps.
You need to create a custom template-based policy that detects connections to Microsoft 365 apps that originate from a botnet network.
What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

See Explanation section for answer.

Answer(s): A

Explanation:

Reference:

https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy

Show Answer Next Question

QUESTION: 27 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

View Related Case Study

Your company has a single office in Istanbul and a Microsoft 365 subscription.
The company plans to use conditional access policies to enforce multi-factor authentication (MFA). You need to enforce MFA for all users who work remotely.
What should you include in the solution?

a fraud alert
a user risk policy
a named location
a sign-in user policy

Answer(s): C

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

Show Answer Next Question

QUESTION: 28 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

View Related Case Study

You are configuring Microsoft Defender for Cloud Apps.
You have a custom threat detection policy based on the IP address ranges of your company’s United States- based offices.
You receive many alerts related to impossible travel and sign-ins from risky IP addresses. You determine that 99% of the alerts are legitimate sign-ins from your corporate offices. You need to prevent alerts for legitimate sign-ins from known locations.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

Configure automatic data enrichment.
Add the IP addresses to the corporate address range category.
Increase the sensitivity level of the impossible travel anomaly detection policy.
Add the IP addresses to the other address range category and add a tag.
Create an activity policy that has an exclusion for the IP addresses.

Answer(s): A,B

Show Answer Next Question

QUESTION: 29 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

View Related Case Study

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring Microsoft Defender for Identity integration with Active Directory.
From the Microsoft Defender portal, you need to configure several accounts for attackers to exploit. Solution: You add each account as a Sensitive account.
Does this meet the goal?

Answer(s): B

Reference:

https://docs.microsoft.com/en-us/defender-for-identity/manage-sensitive-honeytoken-accounts

Show Answer Next Question

QUESTION: 30 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

View Related Case Study

You have a Microsoft 365 tenant that uses Microsoft Exchange Online and Microsoft Defender for Office 365.
What should you use to identify whether zero-hour auto purge (ZAP) moved an email message from the mailbox of a user?

the Threat Protection Status report in Microsoft Defender for Office 365
the mailbox audit log in Exchange
the Safe Attachments file types report in Microsoft Defender for Office 365
the mail flow report in Exchange

Answer(s): A

Explanation:

To determine if ZAP moved your message, you can use either the Threat Protection Status report or Threat Explorer (and real-time detections).

Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365- worldwide

Show Answer Next Question

QUESTION: 31 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

View Related Case Study

You have a Microsoft 365 subscription that contains 1,000 Windows 11 devices.
The devices have Microsoft 365 Apps installed and are onboarded to Microsoft Defender for Endpoint. You need to mitigate the following device threats:
Microsoft Excel macros that download scripts from untrusted websites Users that open executable attachments in Microsoft Outlook
Outlook rules and forms exploits What should you use?

antivirus exclusions of Microsoft Defender for Endpoint.
attack surface reduction rules in Microsoft Defender for Endpoint
Windows Defender Firewall rules
adaptive application control in Microsoft Defender for Cloud

Answer(s): B

Explanation:

Attack surfaces are all the places where your organization is vulnerable to cyberthreats and attacks. Defender for Endpoint includes several capabilities to help reduce your attack surfaces.
Incorrect:
* antivirus exclusions of Microsoft Defender for Endpoint Exclusions would reduce the protection.

Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction? view=o365-worldwide

Show Answer Next Question

QUESTION: 32 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

View Related Case Study

You have a third-party security information and event management (SIEM) solution.
You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD) sign- events in near real time.
What should you do to route events to the SIEM solution?

Create an Microsoft Sentinel workspace that has a Security Events connector.
Configure the Diagnostics settings in Azure AD to stream to an event hub.
Create an Microsoft Sentinel workspace that has an Azure Active Directory connector.
Configure the Diagnostics settings in Azure AD to archive to a storage account.

Answer(s): B

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/overview-monitoring

Show Answer Next Question

Free Microsoft SC-200 Exam Questions (page: 5)

QUESTION: 25 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

Explanation:

Reference:

QUESTION: 26 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

Explanation:

Reference:

QUESTION: 27 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

Reference:

QUESTION: 28 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

QUESTION: 29 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

Reference:

QUESTION: 30 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

Explanation:

Reference:

QUESTION: 31 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

Explanation:

Reference:

QUESTION: 32 Exam Topic: Mitigate threats using Microsoft 365 Defender (Testlet 3)

Reference:

SC-200 Exam Discussions & Posts