SC-200 Practice Exam Questions and Answers

Your company uses Microsoft Defender for Endpoint.

The company has Microsoft Word documents that contain macros. The documents are used frequently on the devices of the company’s accounting team.

You need to hide false positive in the Alerts queue, while maintaining the existing security posture. Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

You need to meet the Microsoft Defender for Cloud Apps requirements

What should you do? To answer. select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a custom analytics rule to detect threats in Azure Sentinel.

You discover that the analytics rule stopped running. The rule was disabled, and the rule name has a prefix of AUTO DISABLE

D.  

What is a possible cause of the issue?

You have 500 on-premises Windows 11 devices that use Microsoft Defender for Endpoint

You enable Network device discovery.

You need to create a hunting query that will identify discovered network devices and return the identity of the onboarded device that discovered each network device.

Which built-in function should you use?

You provision Azure Sentinel for a new Azure subscription. You are configuring the Security Events connector.

While creating a new rule from a template in the connector, you decide to generate a new alert for every event. You create the following rule query.

By which two components can you group alerts into incidents? Each correct answer presents a complete

solution.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that contains Windows 11 and Linux CentOS devices.

In Microsoft Defender XDR, Deception is set to On.

You plan to create a deception rule that will use a custom lure.

You need to specify the type of file, and the planting path for for the custom lure,

What should you specify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a Windows device named Device1.

You detect malicious activity on Device1.

You initiate a live response session on Device1.

You need to perform the following actions:

• Download a file from the live response library.

• Stop a process that is running on Device1.

Which live response command should you run for each action? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Your company has a single office in Istanbul and a Microsoft 365 subscription.

The company plans to use conditional access policies to enforce multi-factor authentication (MFA).

You need to enforce MFA for all users who work remotely.

What should you include in the solution?

You have an Azure subscription that contains a Microsoft Sentinel workspace. The workspace contains a Microsoft Defender for Cloud data connector. You need to customize which details will be included when an alert is created for a specific event. What should you do?

You need to meet the Microsoft Sentinel requirements for collecting Windows Security event logs. What should you do? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.