SC-200 Exam Questions

You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to identify all the entities affected by an incident. Which tab should you use in the Microsoft Def...

You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You are investigating an attacker that is known to use the Microsoft Graph API as an attack vector. The atta...

You have a Microsoft Sentinel workspace named SW1. In SW1, you investigate an incident that is associated with the following entities: - Host - IP address - User account - Malware...

You have 500 on-premises Windows 11 devices that use Microsoft Defender for Endpoint. You enable Network device discovery. You need to create a hunting query that will identify dis...

You have an Azure subscription that contains a resource group named RG1. RG1 contains a Microsoft Sentinel workspace. The subscription is linked to a Microsoft Entra tenant that co...

You have a Microsoft 365 subscription that uses Microsoft Purview. Your company has a project named Project1. You need to identify all the email messages that have the word Project...

You have an Azure subscription that contains a Microsoft Sentinel workspace named Workspace1. From Content Hub, you deploy the Microsoft Entra solution for Microsoft Sentinel and c...

You have an Azure subscription that contains a Microsoft Sentinel workspace named Workspace1 and a user named User1. You need to ensure that User1 can investigate incidents by usin...

You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You have a query that contains the following statements. You need to configure a custom detection rule that...

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint and contains the devices shown in the following table. You initiate a live response session on each...

You have a Microsoft Sentinel workspace. You are investigating an incident that involves multiple alerts, events, and entities. You need to create a bookmark for the investigation....

You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You discover that when Microsoft Defender for Endpoint generates alerts for a commonly used executable file,...

Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether th...

Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether th...

Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether th...

Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether th...

You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to implement deception rules. The solution must ensure that you can limit the scope of the rules. W...

You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You are investigating an incident. You need to review the incident tasks that were performed. The solution m...

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some q...

You have a Microsoft 365 E5 subscription that contains two users named User1 and User2 and uses Microsoft Copilot for Security. From the Copilot for Security portal, User1 starts a...

You have a Microsoft 365 E5 subscription that uses Microsoft Copilot for Security. Copilot for Security has the default settings configured. You need to ensure that a user named Us...

You have a Microsoft 365 E5 subscription. You have a PowerShell script that queries the unified audit log. You discover that the query returns only the first page of results due to...

You have a Microsoft 365 E5 subscription that contains two groups named Group1 and Group2 and uses Microsoft Copilot for Security. You need to configure Copilot for Security role a...

You have a Microsoft 365 E5 subscription that contains a device named Device1. From the Microsoft Defender portal, you discover that an alert was triggered for Device1. From the De...

You have a Microsoft 365 E5 subscription that contains a user named User1. The subscription uses Microsoft 365 Copilot for Security. Copilot for Security uses the Sentinel plugin....

You have a Microsoft 365 subscription that contains a user named User1 and two Windows devices named Device1 and Device2. Device1 and Device2 are onboarded to Microsoft Defender fo...

You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1. WS1 has the Azure Activity connector and the Microsoft Entra ID connector configured. You nee...

You have a Microsoft 365 E5 subscription that uses Microsoft Copilot for Security. You plan to run the following code to create a custom Copilot for Security plugin. You need to sp...

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR. You are investigating an incident. You need to review the incident tasks that were performed. What can yo...

You have a Microsoft 365 E5 subscription that uses Microsoft Copilot for Security. You have a Copilot for Security workspace that uses the following plugins: - Microsoft Entra - Mi...

You have a Microsoft 365 E5 subscription that uses Microsoft Copilot for Security. You start a Copilot for Security session and enter five prompts that each provide responses. You...

You have 1,000 on-premises Windows 11 Pro devices that are onboarded to Microsoft Defender for Endpoint. You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You...

Your on-premises network contains two Active Directory Domain Services (AD DS) domains named contoso.com and fabrikam.com. Contoso.com contains a group named Group1. Fabrikam.com c...

You have a Microsoft 365 subscription. You have the following KQL query. You need to ensure that you can create a Microsoft Defender XDR custom detection rule by using the query. W...

You have a Microsoft 365 E5 subscription that contains a database server named DB1. DB1 is onboarded to Microsoft Defender XDR. You need to ensure that DB1 appears on the attack su...

You have a Microsoft 365 E5 subscription. You need to configure Microsoft Defender XDR automatic attack disruption to use signals generated by Microsoft Defender for Cloud Apps. Wh...

You have a Microsoft 365 E5 subscription that contains the users shown in the following table. You configure Microsoft Entra Internet Access. Which users can manage Microsoft Entra...

You have a Microsoft 365 E5 subscription. You need to search the Microsoft Purview audit log by using PowerShell on a Windows device. What should you do first?

You have a Microsoft 365 E5 subscription. You have the following KQL query. You need to use the query to create a Microsoft Defender XDR custom detection rule that can isolate an o...

You have a Microsoft 365 E5 subscription. You need to ensure that an alert is generated in Microsoft Defender XDR when attackers attempt to connect to a specific device. The soluti...

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1. You need to enable Microsoft Defender for Cloud Apps session control for Site...

You have a Microsoft Sentinel workspace. You are investigating an incident that involves the following entities: - A host named Host1 - A user account named User1 - An IP address o...

You have a Microsoft 365 subscription that uses Microsoft Copilot for Security. You create a promptbook named Book1. For Book1, you need to create a prompt that contains an input n...

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR. You have a custom detection rule named Rule1 that generates an alert if more than five antivirus detectio...

You have a Microsoft 365 E5 subscription that contains a device named Device1. From the Microsoft Defender portal, you discover that an alert was triggered for Device1. From the De...

You have a Microsoft 365 subscription that uses Microsoft Defender XDR. The subscription contains 500 Windows 11 devices that are onboarded to Microsoft Defender for Endpoint. You...

You have a Microsoft 365 subscription that uses Microsoft Defender XDR, Microsoft Purview, and Exchange Online. You have a partner company named Contoso, Ltd. You need to review al...

You have an Azure subscription that uses Microsoft Sentinel. You need to create a custom workbook that will calculate the average time it takes to close security incidents. The sol...

You have a Microsoft 365 E5 subscription that contains 500 Windows 11 devices. You have a Microsoft Defender for Endpoint deployment that has the following settings: - Discovery mo...

You have a Microsoft 365 subscription that uses Microsoft Security Copilot. You plan to configure a custom GPT plugin for Copilot. Which GPT model should you use?