Browse Exams Pricing

ExamsSC-200Questions

SC-200 Exam Questions

266 real SC-200 exam questions with expert-verified answers and explanations. Page 2 of 6.

Question #70Detect and remediate threats using Microsoft Sentinel
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some q...
Azure SentinelIncident creationHunting bookmarksThreat detection
Question #71Configure protections and detections
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some q...
Azure SentinelIncident Creation RulesDetection ConfigurationMicrosoft Security Alerts
Question #77Manage incident response
You are using the Microsoft 365 Defender portal to conduct an investigation into a multi-stage incident related to a suspected malicious document. After reviewing all the details,...
Incident ManagementAlert ManagementMicrosoft 365 DefenderSecurity Operations
Question #79Configure protections and detections
You are currently using Azure Sentinel for the collection of Windows security events. You want to use Azure Sentinel to identify Remote Desktop Protocol (RDP) activity that is unus...
Azure SentinelAnomalous RDP Login DetectionSecurity EventsData Collection
Question #83Configure protections and detections
You need to configure Microsoft Cloud App Security to generate alerts and trigger remediation actions in response to external sharing of confidential files. Which two actions shoul...
Microsoft Cloud App Security (MCAS)File MonitoringAzure Information Protection (AIP)Information Protection Policies
Question #84Manage threat mitigation using Microsoft Defender for Cloud
You use Azure Security Center. You receive a security alert in Security Center. You need to view recommendations to resolve the alert in Security Center. What should you do?
Azure Security CenterMicrosoft Defender for CloudSecurity AlertsAlert Response
Question #85Manage threat mitigation using Microsoft Defender for Cloud
You have a suppression rule in Azure Security Center for 10 virtual machines that are used for testing. The virtual machines run Windows Server. You are troubleshooting an issue on...
Microsoft Defender for CloudSuppression rulesSecurity alertsAlert visibility
Question #86Manage incident response
You are investigating an incident in Azure Sentinel that contains more than 127 alerts. You discover eight alerts in the incident that require further investigation. You need to es...
Microsoft SentinelIncident ManagementIncident EscalationSecurity Operations
Question #87Manage incident response
You are configuring Azure Sentinel. You need to send a Microsoft Teams message to a channel whenever an incident representing a sign-in risk event is activated in Azure Sentinel. W...
Azure SentinelPlaybooksIncident AutomationMicrosoft Teams Integration
Question #88Configure protections and detections
You have the following environment: - Azure Sentinel - A Microsoft 365 subscription - Microsoft Defender for Identity - An Azure Active Directory (Azure AD) tenant You configure Az...
Active Directory auditingDefender for IdentityLog collectionDetection configuration
Question #92Create KQL queries for Microsoft Sentinel
Case Study 1 - Contoso Ltd Overview A company named Contoso Ltd. has a main office and five branch offices located throughout North America. The main office is in Seattle. The bran...
KQLAzure SentinelLog Analytics WorkspaceSchema Discovery
Question #93Manage threat mitigation using Microsoft Defender for Endpoint
Case Study 2 - Litware Inc Overview Litware Inc. is a renewable company. Litware has offices in Boston and Seattle. Litware also has remote users located across the United States....
Microsoft Defender for EndpointMicrosoft Defender for Cloud AppsApp ControlIntegration
Question #94Manage threat mitigation using Microsoft Defender XDR
Your company has a single office in Istanbul and a Microsoft 365 subscription. The company plans to use conditional access policies to enforce multi-factor authentication (MFA). Yo...
Conditional AccessMFAIdentity ProtectionRemote Access Security
Question #95Configure protections and detections
You are configuring Microsoft Cloud App Security. You have a custom threat detection policy based on the IP address ranges of your company's United States-based offices. You receiv...
Microsoft Defender for Cloud AppsAnomaly DetectionFalse PositivesIP Address Ranges
Question #96Configure protections and detections
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some q...
Microsoft Defender for IdentityHoneypot accountsSensitive accountsThreat detection configuration
Question #97Manage threat mitigation using Microsoft Defender XDR
You have a Microsoft 365 tenant that uses Microsoft Exchange Online and Microsoft Defender for Office 365. What should you use to identify whether zero-hour auto purge (ZAP) moved...
Zero-hour auto purge (ZAP)Microsoft Defender for Office 365Threat Protection Status reportEmail security reporting
Question #98Manage threat mitigation using Microsoft Defender for Endpoint
You have a Microsoft 365 subscription that contains 1,000 Windows 10 devices. The devices have Microsoft Office 365 installed. You need to mitigate the following device threats: -...
Attack Surface ReductionMicrosoft Defender for EndpointEndpoint protectionThreat mitigation
Question #99Manage a security operations environment
You have a third-party security information and event management (SIEM) solution. You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD...
Azure AD LogsDiagnostics SettingsEvent HubsSIEM Integration
Question #103Manage threat mitigation using Microsoft Defender for Cloud
You create an Azure subscription. You enable Azure Defender for the subscription. You need to use Azure Defender to protect on-premises computers. What should you do on the on-prem...
Microsoft Defender for CloudOn-premises securityLog Analytics agentHybrid cloud security
Question #104Manage threat mitigation using Microsoft Defender for Cloud
A security administrator receives email alerts from Azure Defender for activities such as potential malware uploaded to a storage account and potential successful brute force attac...
Microsoft Defender for CloudEmail NotificationsAlert ManagementSecurity Center Settings
Question #108Manage threat mitigation using Microsoft Defender for Cloud
You have an Azure subscription that contains a virtual machine named VM1 and uses Azure Defender. Azure Defender has automatic provisioning enabled. You need to create a custom ale...
Alert SuppressionMicrosoft Defender for CloudFalse PositivesAlert Management
Question #109Manage threat mitigation using Microsoft Defender for Cloud
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some q...
Microsoft Defender for CloudAzure ArcMulti-cloud securityVM monitoring
Question #110Manage threat mitigation using Microsoft Defender for Cloud
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some q...
Microsoft Defender for CloudAWS IntegrationLog Analytics AgentAuto-provisioning
Question #111Configure your environment in Microsoft Sentinel
You use Azure Sentinel. You need to use a built-in role to provide a security analyst with the ability to edit the queries of custom Azure Sentinel workbooks. The solution must use...
Azure Sentinel RolesRBACLeast PrivilegeWorkbooks
Question #112Manage threat hunting in Microsoft Sentinel
You create a hunting query in Azure Sentinel. You need to receive a notification in the Azure portal as soon as the hunting query detects a match on the query. The solution must mi...
Azure SentinelThreat HuntingLivestreamReal-time Detection
Question #113Configure your environment in Microsoft Sentinel
You have an Azure subscription named Sub1 and a Microsoft 365 subscription. Sub1 is linked to an Azure Active Directory (Azure AD) tenant named contoso.com. You create an Azure Sen...
Azure SentinelFusion RulesAzure AD Identity ProtectionMicrosoft Cloud App SecurityData Connectors
Question #114Detect and remediate threats using Microsoft Sentinel
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some q...
Azure SentinelLivestreamIncident CreationDetection Rules
Question #117Manage threat mitigation using Microsoft Purview
You have a Microsoft 365 E5 subscription that uses Microsoft SharePoint Online. You delete users from the subscription. You need to be notified if the deleted users downloaded nume...
Insider Risk ManagementData ExfiltrationMicrosoft PurviewSharePoint Security
Question #118Manage threat mitigation using Microsoft Purview
You have a Microsoft 365 subscription that has Microsoft 365 Defender enabled. You need to identify all the changes made to sensitivity labels during the past seven days. What shou...
Sensitivity labelsMicrosoft PurviewActivity explorerAuditing
Question #119Manage incident response
You have a Microsoft 365 subscription that uses Microsoft 365 Defender. You need to identify all the entities affected by an incident. Which tab should you use in the Microsoft 365...
Microsoft 365 DefenderIncident ResponseAffected EntitiesEvidence and Response tab
Question #120Manage threat mitigation using Microsoft Defender for Cloud
You have five on-premises Linux servers. You have an Azure subscription that uses Microsoft Defender for Cloud. You need to use Defender for Cloud to protect the Linux servers. Wha...
Microsoft Defender for CloudLog Analytics agentOn-premises securityLinux
Question #121Detect and remediate threats using Microsoft Sentinel
You have an Azure subscription that uses Microsoft Sentinel. You need to minimize the administrative effort required to respond to the incidents and remediate the security threats...
Microsoft SentinelAutomation RulesPlaybooksIncident Response
Question #122Manage threat hunting in Microsoft Sentinel
You have a Microsoft Sentinel workspace named workspace1 that contains custom Kusto queries. You need to create a Python-based Jupyter notebook that will create visuals. The visual...
Microsoft SentinelJupyter NotebooksVisualizationmsticpy
Question #123Manage incident response
You have a Microsoft Sentinel workspace that contains the following incident. Brute force attack against Azure Portal analytics rule has been triggered. You need to identify the ge...
Microsoft SentinelIncident ManagementEntity GeolocationIncident Analysis
Question #124Manage threat mitigation using Microsoft Defender for Cloud
You have two Azure subscriptions that use Microsoft Defender for Cloud. You need to ensure that specific Defender for Cloud security alerts are suppressed at the root management gr...
Azure PolicyDefender for CloudAlert suppressionManagement groups
Question #129Manage threat mitigation using Microsoft Defender XDR
You have a Microsoft 365 E5 subscription that is linked to a hybrid Azure AD tenant. You need to identify all the changes made to Domain Admins group during the past 30 days. What...
Microsoft Defender for IdentityHybrid Identity SecurityActive Directory AuditingSensitive Group Monitoring
Question #130Configure your environment in Microsoft Sentinel
You have a Microsoft Sentinel workspace. You need to prevent a built-in Advance Security information Model (ASIM) parse from being updated automatically. What are two ways to achie...
Microsoft SentinelASIMASIM ParsersCustom Parsers
Question #131Detect and remediate threats using Microsoft Sentinel
You have a Microsoft Sentinel workspace. You receive multiple alerts for failed sign-in attempts to an account. You identify that the alerts are false positives. You need to preven...
Microsoft SentinelAutomation RulesAlert ManagementFalse Positives
Question #132Create KQL queries for Microsoft Sentinel
You have a custom Microsoft Sentinel workbook named Workbook1. You need to add a grid to Workbook1. The solution must ensure that the grid contains a maximum of 100 rows. What shou...
KQLMicrosoft Sentinel WorkbooksQuery OperatorsLimiting Results
Question #133
You have an Azure subscription that uses Microsoft Defender for Cloud and contains a resource group named RG1. RG1 contains 20 virtual machines that run Windows Server 2019. You ne...
Question #134Configure your environment in Microsoft Sentinel
You have a Microsoft Sentinel workspace named Workspace1. You need to exclude a built-in, source-specific Advanced Security Information Model (ASIM) parser from a built-in unified...
Microsoft SentinelASIMWatchlistsASIM Parser Management
Question #135Manage threat mitigation using Microsoft Defender for Endpoint
You have an Azure subscription that uses Microsoft Defender for Endpoint. You need to ensure that you can allow or block a user-specified range of IP addressed and URLs. What shoul...
Microsoft Defender for EndpointNetwork protectionCustom indicatorsThreat mitigation
Question #136Manage threat mitigation using Microsoft Defender for Cloud
You have an Azure subscription that uses Microsoft Defender for Cloud and contains a storage account named storage1. You receive an alert that there was an unusually high volume of...
Azure Storage LoggingMicrosoft Defender for CloudIncident InvestigationBlob Storage
Question #137Manage threat mitigation using Microsoft Defender for Cloud
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You have a virtual machine that runs Windows 10 and has the Log Analytics agent installed. You need to...
Defender for CloudSecurity AlertsAttack SimulationVM Security
Question #140Manage threat mitigation using Microsoft Defender for Cloud
You have an Azure subscription that has the enhanced security features in Microsoft Defender for Cloud enabled and contains a user named User1. You need to ensure that User1 can ex...
Azure RBACMicrosoft Defender for CloudAlertsData Export
Question #141Detect and remediate threats using Microsoft Sentinel
You have an Azure subscription that contains an Azure logic app named app1 and a Microsoft Sentinel workspace that has an Azure Active Directory (Azure AD) connector. You need to e...
Microsoft SentinelAutomation RulesLogic AppsSOAR
Question #142Detect and remediate threats using Microsoft Sentinel
You have a Microsoft Sentinel workspace. You need to identify which rules are used to detect advanced multistage attacks that comprise two or more alerts or activities. The solutio...
Microsoft SentinelFusion rulesMultistage attack detectionIncident correlation
Question #143Manage log connection to Microsoft Sentinel
You have an Azure subscription that uses Microsoft Sentinel and contains 100 Linux virtual machines. You need to monitor the virtual machines by using Microsoft Sentinel. The solut...
Microsoft SentinelData ConnectorsLinux MonitoringCEF
Question #147Manage threat mitigation using Microsoft Defender XDR
Your company has an on-premises network that uses Microsoft Defender for Identity. The Microsoft Secure Score for the company includes a security assessment associated with unsecur...
Kerberos delegationActive Directory securityMicrosoft Defender for IdentitySecure Score remediation
Question #150Manage incident response
You are using the Microsoft 365 Defender portal to conduct an investigation into a multi-stage incident related to a suspected malicious document. After reviewing all the details,...
Incident ManagementAlert ManagementMicrosoft 365 DefenderIncident Response Workflow

PreviousPage 2 of 6Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.