SC-200 Exam
You create an Azure subscription named sub1.In sub1, you create a Log Analytics workspace named workspace1.You enable Azure Security Center and configure Security Center to use workspace1.You need to ensure that Security Center processes events from the Azure virtual machines that report to workspace1.What should you do? A. In workspace1, install a solution. B. In sub1, register a provider. C. From Security Center, create a Workflow automation. D. In workspace1, create a workbook.
A. In workspace1, install a solution.
You are configuring Microsoft Defender for Identity integration with Active Directory.From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.Solution: From Entity tags, you add the accounts as Honeytoken accounts.Does this meet the goal? A. Yes B. No
A. Yes
You provision a Linux virtual machine in a new Azure subscription.You enable Azure Defender and onboard the virtual machine to Azure Defender.You need to verify that an attack on the virtual machine triggers an alert in Azure Defender.Which two Bash commands should you run on the virtual machine? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. cp /bin/echo ./asc_alerttest_662jfi039n B. ./alerttest testing eicar pipe C. cp /bin/echo ./alerttest D. ./asc_alerttest_662jfi039n testing eicar pipe
A. cp /bin/echo ./asc_alerttest_662jfi039n D. ./asc_alerttest_662jfi039n testing eicar pipe
You are investigating a potential attack that deploys a new ransomware strain. You plan to perform automated actions on a group of highly valuable machines that contain sensitive information. You have three custom device groups. You need to be able to temporarily group the machines to perform actions on the devices. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Add a tag to the device group. B. Add the device users to the admin role. C. Add a tag to the machines. D. Create a new device group that has a rank of 1. E. Create a new admin role. F. Create a new device group that has a rank of 4.
B. Add the device users to the admin role. D. Create a new device group that has a rank of 1. E. Create a new admin role.
You receive an alert from Azure Defender for Key Vault. You discover that the alert is generated from multiple suspicious IP addresses. You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must minimize the impact on legitimate users. What should you do first? A. Modify the access control settings for the key vault. B. Enable the Key Vault firewall. C. Create an application security group. D. Modify the access policy for the key vault.
B. Enable the Key Vault firewall.
Your company uses Microsoft Defender for Endpoint. The company has Microsoft Word documents that contain macros. The documents are used frequently on the devices of the companyג€™s accounting team. You need to hide false positive in the Alerts queue, while maintaining the existing security posture. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Resolve the alert automatically. B. Hide the alert. C. Create a suppression rule scoped to any device. D. Create a suppression rule scoped to a device group. E. Generate the alert.
B. Hide the alert. C. Create a suppression rule scoped to any device. E. Generate the alert.
You are configuring Microsoft Defender for Identity integration with Active Directory. From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit. Solution: You add the accounts to an Active Directory group and add the group as a Sensitive group. Does this meet the goal? A. Yes B. No
B. No
You are configuring Microsoft Defender for Identity integration with Active Directory.From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.Solution: From Azure Identity Protection, you configure the sign-in risk policy.Does this meet the goal? A. Yes B. No
B. No
You use Azure Security Center.You receive a security alert in Security Center.You need to view recommendations to resolve the alert in Security Center.Solution: From Regulatory compliance, you download the report.Does this meet the goal? A. Yes B. No
B. No
You use Azure Security Center.You receive a security alert in Security Center.You need to view recommendations to resolve the alert in Security Center.Solution: From Security alerts, you select the alert, select Take Action, and then expand the Prevent future attacks section.Does this meet the goal? A. Yes B. No
B. No you select the "mitigate the threat" option not "prevent future attacks"
You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in.Which anomaly detection policy should you use? A. Impossible travel B. Activity from anonymous IP addresses C. Activity from infrequent country D. Malware detection
C. Activity from infrequent country
You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.You have Microsoft SharePoint Online sites that contain sensitive documents. The documents contain customer account numbers that each consists of 32 alphanumeric characters. You need to create a data loss prevention (DLP) policy to protect the sensitive documents. What should you use to detect which documents are sensitive? A. SharePoint search B. a hunting query in Microsoft 365 Defender C. Azure Information Protection D. RegEx pattern matching
C. Azure Information Protection
Your company uses Azure Security Center and Azure Defender. The security operations team at the company informs you that it does NOT receive email notifications for security alerts. What should you configure in Security Center to enable the email notifications? A. Security solutions B. Security policy C. Pricing & settings D. Security alerts E. Azure Defender
C. Pricing & settings
You have a Microsoft 365 subscription that uses Azure Defender. You have 100 virtual machines in a resource group named RG1.You assign the Security Admin roles to a new user named SecAdmin1.You need to ensure that SecAdmin1 can apply quick fixes to the virtual machines by using Azure Defender. The solution must use the principle of least privilege. Which role should you assign to SecAdmin1? A. the Security Reader role for the subscription B. the Contributor for the subscription C. the Contributor role for RG1 D. the Owner role for RG1
C. the Contributor role for RG1
