SC-200 Exam Questions

Which of the following choices best defines threat hunting using Microsoft Defender for Endpoint?

Which of the following is not a component of Microsoft Defender for Endpoint?

You are a SOC Analyst of a company XYZ that has implemented Microsoft Defender for Endpoint. You are allocated an incident with alerts related to a doubtful PowerShell command line...

You are a SOC Analyst of a company XYZ that has implemented Microsoft Defender for Endpoint. You are allocated an incident with alerts related to a doubtful PowerShell command line...

Which of the below artifact types contains an investigation page?

What information is shared by a deep file analysis?

Which information is shared on the user account page?

Multiple false positive alerts are generating in a company XYZ. A security operations analyst working for XYZ needs to exclude an executable file to reduce alerts - c:\myxyzapp\myx...

In advanced features, which setting must be turned on to obstruct files even if a 3rd party AV is used?

Microsoft Defender for Endpoint gives configuration selections for alerts and detections. These include notifications, custom indicators, and detection rules. Which filter is a par...

You are in charge of working with the endpoint team to patch weaknesses reported by Threat Vulnerability Management. Which report keeps an inventory of the vulnerabilities of your...

Which selection is an ASR (attack surface reduction) rule that can be implemented and blocked?

From which of the following can a SOC (Security Operation Center) analyst make a customized detection?

Microsoft Defender for Endpoint gives a purpose based UI to manage and inspect security incidents and alerts. Which option can't be accomplished in the Action Center?

A SOC analyst found out about an event of interest. What is the next step to take it forward for further review?

What type of Behavioural blocking can be utilized with 3rd-party AVs?

A Windows 10 system is not showing in the device inventory list. What may be the problem?

Microsoft 365 Defender gives a purpose-based UI to manage and examine security incidents and alerts across Microsoft 365 services. You are a SOC Analyst working at a company XYZ th...

Microsoft 365 Defender gives a purpose-based UI to manage and examine security incidents and alerts across Microsoft 365 services. You are a SOC Analyst working at a company XYZ th...

You have a Microsoft 365 subscription. The subscription uses Microsoft 365 Defender and has data loss prevention (DLP) policies that have aggregated alerts configured. You need to...

You have a Microsoft 365 subscription that uses Microsoft 365 Defender. You plan to create a hunting query from Microsoft Defender. You need to create a custom tracked query that w...

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint. You need to add threat indicators for all the IP addresses in a range of 171.23.34.32- 171.23.34.63...

You have a Microsoft 365 subscription that uses Microsoft 365 Defender. A remediation action for an automated investigation quarantines a file across multiple devices. You need to...

You have a Microsoft 365 E5 subscription that uses Microsoft 365 Defender. You need to review new attack techniques discovered by Microsoft and identify vulnerable resources in the...

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You have a virtual machine named Server1 that runs Windows Server 2022 and is hosted in Amazon Web Ser...

You have an Azure subscription that uses Microsoft Defender for Cloud. You need to filter the security alerts view to show the following alerts: - Unusual user accessed a key vault...

You plan to review Microsoft Defender for Cloud alerts by using a third-party security information and event management (SIEM) solution. You need to locate alerts that indicate the...

You have an Azure subscription that uses Microsoft Defender for Cloud and contains 100 virtual machines that run Windows Server. You need to configure Defender for Cloud to collect...

You have an Azure subscription that uses Microsoft Defender for Cloud and contains a user named User1. You need to ensure that User1 can modify Microsoft Defender for Cloud securit...

You have an Azure subscription that contains a user named User1. User1 is assigned an Azure Active Directory Premium Plan 2 license. You need to identify whether the identity of Us...

You have an Azure subscription that uses Microsoft Defender for Cloud. You have an Amazon Web Services (AWS) account that contains an Amazon Elastic Compute Cloud (EC2) instance na...

You have an Azure subscription that contains a virtual machine named VM1 and uses Microsoft Defender for Cloud. Microsoft Defender for Cloud has automatic provisioning configured t...

You have an Azure subscription that uses Microsoft Sentinel. You detect a new threat by using a hunting query. You need to ensure that Microsoft Sentinel automatically detects the...

You have a Microsoft Sentinel workspace. You have a query named Query1 as shown in the following exhibit. You plan to create a custom parser named Parser1. You need to use Query1 i...

You have an Azure subscription that uses Microsoft Sentinel. You need to create a custom report that will visualise sign-in information over time. What should you create first?

You have a Microsoft Sentinel workspace. You need to prevent a built-in Advanced Security Information Model (ASIM) parser from being updated automatically. What are two ways to ach...

You have an Azure subscription that contains a Microsoft Sentinel workspace. You need to create a playbook that will run automatically in response to a Microsoft Sentinel alert. Wh...

You have an Azure subscription that contains a Microsoft Sentinel workspace. The workspace contains a Microsoft Defender for Cloud data connector. You need to customize which detai...

You have a Microsoft Sentinel workspace named Workspace1 and 200 custom Advanced Security Information Model (ASIM) parsers based on the DNS schema. You need to make the 200 parses...

Case Study 3 - Litware Inc Overview Fabrikam, Inc. is a financial services company. The company has branch offices in New York, London, and Singapore. Fabrikam has remote users loc...

Case Study 3 - Litware Inc Overview Fabrikam, Inc. is a financial services company. The company has branch offices in New York, London, and Singapore. Fabrikam has remote users loc...

Case Study 3 - Litware Inc Overview Fabrikam, Inc. is a financial services company. The company has branch offices in New York, London, and Singapore. Fabrikam has remote users loc...

Case Study 3 - Litware Inc Overview Fabrikam, Inc. is a financial services company. The company has branch offices in New York, London, and Singapore. Fabrikam has remote users loc...

Case Study 3 - Litware Inc Overview Fabrikam, Inc. is a financial services company. The company has branch offices in New York, London, and Singapore. Fabrikam has remote users loc...

Case Study 3 - Litware Inc Overview Fabrikam, Inc. is a financial services company. The company has branch offices in New York, London, and Singapore. Fabrikam has remote users loc...

You have a Microsoft 365 E5 subscription that uses Microsoft Defender 365. You need to ensure that you can investigate threats by using data in the unified audit log of Microsoft D...

You have an Azure subscription that uses Microsoft Defender for Servers Plan 1 and contains a server named Server1. You enable agentless scanning. You need to prevent Server1 from...

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint. You need to identify any devices that triggered a malware alert and collect evidence related to...

You have the resources shown in the following table. You have an Azure subscription that uses Microsoft Defender for Cloud. You need to enable Microsoft Defender for Servers on eac...

You have an Azure subscription that uses Microsoft Defender for Cloud. You have a GitHub account named Account1 that contains 10 repositories. You need to ensure that Defender for...