SC-200 Exam Questions

Total 156 Questions

Last Updated Exam : 16-Dec-2024

Topic 1: Contoso Ltd

You need to complete the query for failed sign-ins to meet the technical requirements.
Where can you find the column name to complete the where clause?


A.

Security alerts in Azure Security Center


B.

Activity log in Azure


C.

Azure Advisor


D.

the query windows of the Log Analytics workspace





D.
  

the query windows of the Log Analytics workspace



The issue for which team can be resolved by using Microsoft Defender for Office 365?


A.

executive


B.

marketing


C.

security


D.

sales





B.
  

marketing



You need to remediate active attacks to meet the technical requirements.
What should you include in the solution?


A.

Azure Automation runbooks


B.

Azure Logic Apps


C.

Azure Functions


D.

Azure Sentinel livestreams





B.
  

Azure Logic Apps



The issue for which team can be resolved by using Microsoft Defender for Endpoint?


A.

executive


B.

sales


C.

marketing





B.
  

sales



You need to recommend a solution to meet the technical requirements for the Azure virtual
machines. What should you include in the recommendation?


A.

just-in-time (JIT) access


B.

Azure Defender


C.

Azure Firewall


D.

Azure Application Gateway





B.
  

Azure Defender



You need to implement the Azure Information Protection requirements. What should you
configure first?


A.

Device health and compliance reports settings in Microsoft Defender Security Center


B.

scanner clusters in Azure Information Protection from the Azure portal


C.

content scan jobs in Azure Information Protection from the Azure portal


D.

Advanced features from Settings in Microsoft Defender Security Center





D.
  

Advanced features from Settings in Microsoft Defender Security Center



You need to create the test rule to meet the Azure Sentinel requirements. What should you
do when you create the rule?


A.

From Set rule logic, turn off suppression


B.

From Analytics rule details, configure the tactics.


C.

From Set rule logic, map the entities


D.

From Analytics rule details, configure the severity.





C.
  

From Set rule logic, map the entities



You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for
Endpoint requirements.
Which two configurations should you modify? Each correct answer present part of the
solution.
NOTE: Each correct selection is worth one point.


A.

the Onboarding settings from Device management in Microsoft Defender Security
Center


B.

Cloud App Security anomaly detection policies


C.

Advanced features from Settings in Microsoft Defender Security Center


D.

the Cloud Discovery settings in Cloud App Security





C.
  

Advanced features from Settings in Microsoft Defender Security Center



D.
  

the Cloud Discovery settings in Cloud App Security



All Cloud App Security unsanctioned apps must be blocked on the Windows 10 computers
by using Microsoft Defender for Endpoint.
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/mde-govern

You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure
Sentinel requirements and the business requirements.
Which role should you assign?


A.

Automation Operator


B.

Automation Runbook Operator


C.

Azure Sentinel Contributor


D.

Logic App Contributor





C.
  

Azure Sentinel Contributor



You need to modify the anomaly detection policy settings to meet the Cloud App Security
requirements. Which policy should you modify?


A.

Activity from suspicious IP addresses


B.

Activity from anonymous IP addresses


C.

Impossible travel


D.

Risky sign-in





C.
  

Impossible travel