SC-200 Exam Questions
266 real SC-200 exam questions with expert-verified answers and explanations. Page 4 of 6.
- Question #231Detect and remediate threats using Microsoft Sentinel
You have a Microsoft Sentinel playbook that is triggered by using the Azure Activity connector. You need to create a new near-real-time (NRT) analytics rule that will use the playb...
Microsoft SentinelAnalytics RulesNRT RulesPlaybooks - Question #232Manage threat hunting in Microsoft Sentinel
You need to visualize Microsoft Sentinel data and enrich the data by using third-party data sources to identify indicators of compromise (IoC). What should you use?
Microsoft SentinelNotebooksData enrichmentIoC identification - Question #238Detect and remediate threats using Microsoft Sentinel
You have a Microsoft Sentinel workspace. You enable User and Entity Behavior Analytics (UEBA) by using Audit Logs and Signin Logs. The following entities are detected in the Azure...
Microsoft SentinelUEBAEntitiesThreat detection - Question #242Manage threat mitigation using Microsoft Defender XDR
You have a Microsoft Sentinel workspace that uses the Microsoft 365 Defender data connector. From Microsoft Sentinel, you investigate a Microsoft 365 incident. You need to update t...
Microsoft 365 DefenderIncident managementAlert correlationDefender for Cloud Apps - Question #243Manage incident response
You have a Microsoft Sentinel workspace. You investigate an incident that has the following entities: - A user account named User1 - An IP address of 192.168.10.200 - An Azure virt...
Incident responseIndicators of Compromise (IoC)Microsoft SentinelEntity management - Question #244Manage threat mitigation using Microsoft Purview
You have a Microsoft 365 subscription that uses Microsoft Purview and Microsoft Teams. You have a team named Team1 that has a project named Project1. You need to identify any Proje...
Microsoft PurviewKQLContent SearcheDiscovery - Question #245Manage threat mitigation using Microsoft Defender for Endpoint
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint. You need to create a query that will link the AlertInfo, AlertEvidence, and DeviceLogonEvents ta...
KQLDefender for EndpointQuerying dataTable operators - Question #246Manage threat mitigation using Microsoft Defender for Endpoint
You have a Microsoft 365 E5 subscription that contains 100 Windows 10 devices. You onboard the devices to Microsoft Defender 365. You need to ensure that you can initiate remote sh...
Microsoft Defender for EndpointLive ResponseRBACPermissions - Question #249Manage threat mitigation using Microsoft Defender for Endpoint
You have a Microsoft 365 E5 subscription that contains 100 Linux devices. The devices are onboarded to Microsoft Defender 365. You need to initiate the collection of investigation...
Microsoft Defender for EndpointDevice response actionsInvestigation packageMicrosoft 365 Defender portal - Question #250Configure protections and detections
You need to configure Microsoft Defender for Cloud Apps to generate alerts and trigger remediation actions in response to external sharing of confidential files. Which two actions...
Microsoft Defender for Cloud AppsFile policyMicrosoft Information ProtectionExternal sharing - Question #251Configure protections and detections
You have a Microsoft Sentinel workspace that has User and Entity Behavior Analytics (UEBA) enabled for Signin Logs. You need to ensure that failed interactive sign-ins are detected...
Microsoft SentinelUEBADetectionSignin Logs - Question #255Manage incident response
You have 50 Microsoft Sentinel workspaces. You need to view all the incidents from all the workspaces on a single page in the Azure portal. The solution must minimize administrativ...
Microsoft SentinelIncident ManagementAzure PortalMulti-workspace - Question #256Detect and remediate threats using Microsoft Sentinel
Case Study 4 - Litware Inc Overview Adatum Corporation is a United States-based financial services company that has regional offices in New York, Chicago, and San Francisco. Existi...
Microsoft SentinelAnalytics RulesEntity MappingIncident Generation - Question #257Manage incident response
Case Study 4 - Litware Inc Overview Adatum Corporation is a United States-based financial services company that has regional offices in New York, Chicago, and San Francisco. Existi...
Microsoft SentinelPlaybooksIncident AutomationLogic Apps - Question #260Manage log connection to Microsoft Sentinel
Case Study 4 - Litware Inc Overview Adatum Corporation is a United States-based financial services company that has regional offices in New York, Chicago, and San Francisco. Existi...
Microsoft SentinelData Collection Rule (DCR)Azure Monitor Agent (AMA)Log Ingestion - Question #262Detect and remediate threats using Microsoft Sentinel
Case Study 4 - Litware Inc Overview Adatum Corporation is a United States-based financial services company that has regional offices in New York, Chicago, and San Francisco. Existi...
Microsoft SentinelPlaybooksRBACAzure Logic Apps - Question #263Manage threat hunting in Microsoft Sentinel
Case Study 4 - Litware Inc Overview Adatum Corporation is a United States-based financial services company that has regional offices in New York, Chicago, and San Francisco. Existi...
Microsoft SentinelThreat HuntingHunting QueriesAzure Portal - Question #265Manage threat mitigation using Microsoft Defender for Cloud
Case Study 4 - Litware Inc Overview Adatum Corporation is a United States-based financial services company that has regional offices in New York, Chicago, and San Francisco. Existi...
Microsoft Defender for CloudAgentless scanningResource taggingServer protection - Question #266Manage threat mitigation using Microsoft Defender for Cloud
Case Study 4 - Litware Inc Overview Adatum Corporation is a United States-based financial services company that has regional offices in New York, Chicago, and San Francisco. Existi...
Azure RBACMicrosoft Defender for CloudRegulatory ComplianceSecurity Roles - Question #268Manage threat mitigation using Microsoft Defender for Cloud
You have an Azure subscription that uses Microsoft Defender for Cloud and contains 100 virtual machines that run Windows Server. You need to configure Defender for Cloud to collect...
Microsoft Defender for CloudSecurity Event CollectionAuto-provisioningMicrosoft Defender for Servers - Question #269Manage threat mitigation using Microsoft Defender for Cloud
You have an Azure subscription that uses Microsoft Defender for Cloud. You have an Amazon Web Services (AWS) subscription. The subscription contains multiple virtual machines that...
Microsoft Defender for CloudAWS IntegrationMulti-cloud SecurityDefender for Servers - Question #271Manage threat mitigation using Microsoft Defender for Cloud
You create an Azure subscription named sub1. In sub1, you create a Log Analytics workspace named workspace1. You enable Microsoft Defender for Cloud and configure Defender for Clou...
Microsoft Defender for CloudLog AnalyticsSecurity Event CollectionMicrosoft Defender for Servers - Question #272Manage log connection to Microsoft Sentinel
You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1 and 100 virtual machines that run Windows Server. You need to configure the collection of Wind...
Microsoft SentinelData ConnectorsEvent Log CollectionLog Volume Optimization - Question #273Manage threat mitigation using Microsoft Defender XDR
You have a Microsoft 365 subscription that uses Microsoft Defender for Cloud Apps and has Cloud Discovery enabled. You need to enrich the Cloud Discovery data. The solution must en...
Microsoft Defender for Cloud AppsCloud DiscoveryApp ConnectorsUser Mapping - Question #274Configure protections and detections
You have a Microsoft 365 subscription that contains the following resources: - 100 users that are assigned a Microsoft 365 E5 license - 100 Windows 11 devices that are joined to th...
Conditional AccessSession ControlMicrosoft Entra IDAccount Compromise - Question #275Manage threat mitigation using Microsoft Defender for Cloud
You have an Azure subscription that uses Microsoft Defender for Cloud. You need to configure Defender for Cloud to mitigate the following risks: - Vulnerabilities within the applic...
Microsoft Defender for CloudDefender for Resource ManagerDefender for DevOpsApplication Security - Question #285Manage a security operations environment
You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a user named User1. You need to ensure that User1 can manage Microsoft Defender XDR custom de...
RBACMicrosoft Defender XDRLeast PrivilegeSecurity Operator role - Question #287Create KQL queries for Microsoft Sentinel
You have a Microsoft Sentinel workspace that contains a custom workbook named Workbook1. You need to create a visual based on the SecurityEvent table. The solution must meet the fo...
Microsoft SentinelWorkbooksKQLData Visualization - Question #289Manage a security operations environment
You have an Azure subscription. You need to stream the Microsoft Graph activity logs to a third-party security information and event management (SIEM) tool. The solution must minim...
Log StreamingAzure Event HubsSIEM IntegrationMicrosoft Graph Logs - Question #290Manage threat mitigation using Microsoft Defender for Endpoint
You have 500 on-premises devices. You have a Microsoft 365 E5 subscription that uses Microsoft Defender 365. You onboard 100 devices to Microsoft Defender 365. You need to identify...
Microsoft Defender for EndpointDevice DiscoveryUnmanaged devicesSecurity configuration - Question #291
You have a Microsoft 365 E5 subscription that contains a device named Device1. Device1 is enrolled in Microsoft Defender for Endpoint. Device1 reports an incident that includes a f...
- Question #292
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You have a virtual machine named Server1 that runs Windows Server 2022 and is hosted in Amazon Web Ser...
- Question #293
You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You are investigating an attacker that is known to use the Microsoft Graph API as an attack vector. The atta...
- Question #296
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains 500 Windows devices. You plan to create a Microsoft Defender XDR custom deceptio...
- Question #297
You have an Azure subscription that contains a user named User1 and a Microsoft Sentinel workspace named WS1. WS1 uses Microsoft Defender for Cloud. You have the Microsoft security...
- Question #298
You have an on-premises network. You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Identity. From the Microsoft Defender portal, you investigate an incident...
- Question #302
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains 1,000 Windows devices. You have a PowerShell script named Script1.ps1 that is si...
- Question #304
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some q...
- Question #305
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some q...
- Question #306
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some q...
- Question #308
Your on-premises network contains an Active Directory Domain Services (AD DS) forest. You have a Microsoft Entra tenant that uses Microsoft Defender for Identity. The AD DS forest...
- Question #310
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains a macOS device named Device1. You need to investigate a Defender for Endpoint ag...
- Question #313
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains 500 Windows devices. As part of an incident investigation, you identify the foll...
- Question #314
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint and contains a user named User1 and a Microsoft 365 group named Group1. All users are assigned a Def...
- Question #316
You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You need to assign the PCI DSS 4.0 initiative to Sub1 and have the initiative displayed in the Def...
- Question #317
You have a Microsoft Sentinel workspace named SW1. You need to identify which anomaly rules are enabled in SW1. What should you review in Microsoft Sentinel?
- Question #318
You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1. You create a hunting query that detects a new attack vector. The attack vector maps to a tact...
- Question #319
You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR. The security team at your company detects command and control (C2) agent traffic on the network. Agents c...
- Question #322
You have a Microsoft 365 E5 subscription. Automated investigation and response (AIR) is enabled in Microsoft Defender for Office 365 and devices use full automation in Microsoft De...
- Question #323
You have a Microsoft 365 subscription that uses Microsoft Defender XDR and contains a Windows device named Device1. The timeline of Device1 includes three files named File1.ps1, Fi...