DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Master the Microsoft SC-200 Exam with Realistic Practice Tests

The SPOTO Microsoft SC-200 Exam Questions offer a comprehensive set of exam questions and answers, test questions, and exam questions specifically designed for effective exam preparation for the Microsoft Security Operations Analyst certification. These study materials and exam resources are meticulously crafted to equip candidates with the knowledge and skills required to pass successfully and demonstrate their expertise in securing an organization's information technology systems. SPOTO's mock exams simulate the real exam environment, enabling candidates to assess their preparedness and identify areas for improvement. With SPOTO's exam resources, candidates can confidently tackle the SC-200 exam and achieve their certification goals, validating their proficiency in security operations analysis within the Microsoft ecosystem. The exam questions and answers cover a wide range of topics, ensuring thorough preparation for the role's responsibilities.
Take other online exams

Question #1
DRAG DROP (Drag and Drop is not supported)You open the Cloud App Security portal as shown in the following exhibit.You need to remediate the risk for the Launchpad app.Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #2
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for EndpointYou need to create a query that will link the Alertlnfo, AlertEvidence, and DeviceLogonEvents tables. The solution must return all the rows in the tables.Which operator should you use?
A. oin kind = inner
B. valuate hint
C. earch *
D. nion kind = inner
View answer
Correct Answer: A
Question #3
HOTSPOT (Drag and Drop is not supported)You purchase a Microsoft 365 subscription.You plan to configure Microsoft Cloud App Security.You need to create a custom template-based policy that detects connections to Microsoft 365 apps that originate from a botnet network.What should you use? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. fraud alert
B. user risk policy
C. named location
D. sign-in user policy
View answer
Correct Answer: A
Question #4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You are configuring Microsoft Defender for Identity integration with Active Dire
A. es
B. o
View answer
Correct Answer: B
Question #5
You have an Azure subscription that uses Microsoft Defender for Cloud.You need to filter the security alerts view to show the following alerts:-Unusual user accessed a key vault-Log on from an unusual location-Impossible travel activityWhich severity should you use?
A. nformational
B. ow
C. edium
D. igh
View answer
Correct Answer: C
Question #6
HOTSPOT (Drag and Drop is not supported)You need to recommend remediation actions for the Azure Defender alerts for Fabrikam.What should you recommend for each threat? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #7
You have an Azure subscription that contains a user named User1.User1 is assigned an Azure Active Directory Premium Plan 2 license.You need to identify whether the identity of User1 was compromised during the last 90 days.What should you use?
A. he risk detections report
B. he risky users report
C. dentity Secure Score recommendations
D. he risky sign-ins report
View answer
Correct Answer: B
Question #8
The issue for which team can be resolved by using Microsoft Defender for Endpoint?
A. xecutive
B. ales
C. arketing
View answer
Correct Answer: B
Question #9
You have an Azure subscription that has Microsoft Defender for Cloud enabled.You have a virtual machine that runs Windows 10 and has the Log Analytics agent installed.You need to simulate an attack on the virtual machine that will generate an alert.What should you do first?
A. un the Log Analytics Troubleshooting Tool
B. opy and executable and rename the file as ASC_AlertTest_662jfi039N
C. odify the settings of the Microsoft Monitoring Agent
D. un the MMASetup executable and specify the –foo argument
View answer
Correct Answer: B
Question #10
You need to implement the query for Workbook1 and Webapp1. The solution must meet the Microsoft Sentinel requirements.How should you configure the query? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #11
You provision a Linux virtual machine in a new Azure subscription.You enable Azure Defender and onboard the virtual machine to Azure Defender.You need to verify that an attack on the virtual machine triggers an alert in Azure Defender.Which two Bash commands should you run on the virtual machine? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
A. cp /bin/echo
B.
C. cp /bin/echo
D.
View answer
Correct Answer: AD
Question #12
You need to deploy the native cloud connector to Account 1 to meet the Microsoft Defender for Cloud requirements.What should you do in Account1 first?
A. reate an AWS user for Defender for Cloud
B. onfigure AWS Security Hub
C. eploy the AWS Systems Manager (SSM) agent
D. reate an Access control (IAM) role for Defender for Cloud
View answer
Correct Answer: A
Question #13
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have Linux virtual machines on Amazon Web Services (AWS).You deploy Azure De
A. es
B. o
View answer
Correct Answer: B
Question #14
DRAG DROP (Drag and Drop is not supported)You have an Azure subscription that uses Microsoft Defender for Cloud.You need to create a workflow that will send a Microsoft Teams message to the IT department of your company when a new Microsoft Secure Score action is generated.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #15
HOTSPOT (Drag and Drop is not supported)You have a Microsoft 365 E5 subscription that contains 200 Windows 10 devices enrolled in Microsoft Defender for Endpoint.You need to ensure that users can access the devices by using a remote shell connection directly from the Microsoft 365 Defender portal. The solution must use the principle of least privilege.What should you do in the Microsoft 365 Defender portal? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth on
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #16
You need to recommend a solution to meet the technical requirements for the Azure virtual machines. What should you include in the recommendation?
A. ust-in-time (JIT) access
B. icrosoft Defender for Cloud
C. zure Firewall
D. zure Application Gateway
View answer
Correct Answer: B
Question #17
You have a Microsoft 365 subscription that uses Microsoft 365 Defender.You need to identify all the entities affected by an incident.Which tab should you use in the Microsoft 365 Defender portal?
A. nvestigations
B. evices
C. vidence and Response
D. lerts
View answer
Correct Answer: C
Question #18
You need to configure event monitoring for Server1. The solution must meet the Microsoft Sentinel requirements.What should you create first?
A. Microsoft Sentinel automation rule
B. n Azure Event Grid topic
C. Microsoft Sentinel scheduled query rule
D. Data Collection Rule (DCR)
View answer
Correct Answer: D
Question #19
You have a Microsoft 365 subscription that contains 1,000 Windows 10 devices. The devices have Microsoft Office 365 installed.You need to mitigate the following device threats:-Microsoft Excel macros that download scripts from untrusted websites-Users that open executable attachments in Microsoft Outlook-Outlook rules and forms exploitsWhat should you use?
A. icrosoft Defender Antivirus
B. ttack surface reduction rules in Microsoft Defender for Endpoint
C. indows Defender Firewall
D. daptive application control in Azure Defender
View answer
Correct Answer: B
Question #20
You need to implement the Defender for Cloud requirements.Which subscription-level role should you assign to Group1?
A. ecurity Assessment Contributor
B. ontributor
C. ecurity Admin
D. wner
View answer
Correct Answer: C
Question #21
You have a Microsoft 365 E5 subscription that uses Microsoft 365 Defender.You need to review new attack techniques discovered by Microsoft and identify vulnerable resources in the subscription. The solution must minimize administrative effort.Which blade should you use in the Microsoft 365 Defender portal?
A. dvanced hunting
B. hreat analytics
C. ncidents & alerts
D. earning hub
View answer
Correct Answer: B
Question #22
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint.You need to add threat indicators for all the IP addresses in a range of 171.23.34.32-171.23.34.63. The solution must minimize administrative effort.What should you do in the Microsoft 365 Defender portal?
A. reate an import file that contains the individual IP addresses in the range
B. reate an import file that contains the IP address of 171
C. elect Add indicator and set the IP address to 171
D. elect Add indicator and set the IP address to 171
View answer
Correct Answer: A
Question #23
HOTSPOT (Drag and Drop is not supported)You have a Microsoft 365 E5 subscription that uses Microsoft Defender 365.Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with Azure AD.You need to identify the 100 most recent sign-in attempts recorded on devices and AD DS domain controllers.How should you complete the KQL query? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #24
You need to ensure that the Group1 members can meet the Microsoft Sentinel requirements.Which role should you assign to Group1?
A. icrosoft Sentinel Playbook Operator
B. ogic App Contributor
C. utomation Operator
D. icrosoft Sentinel Automation Contributor
View answer
Correct Answer: B
Question #25
You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.You have Microsoft SharePoint Online sites that contain sensitive documents. The documents contain customer account numbers that each consists of 32 alphanumeric characters.You need to create a data loss prevention (DLP) policy to protect the sensitive documents. What should you use to detect which documents are sensitive?
A. harePoint search
B. hunting query in Microsoft 365 Defender
C. zure Information Protection
D. egEx pattern matching
View answer
Correct Answer: C
Question #26
HOTSPOT (Drag and Drop is not supported)You have a Microsoft 365 E5 subscription that uses Microsoft Defender 365.Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with Azure AD.You need to identify LDAP requests by AD DS users to enumerate AD DS objects.How should you complete the KQL query? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #27
You need to deploy the native cloud connector to Account! to meet the Microsoft Defender for Cloud requirements. What should you do in Account! first?
A. reate an AWS user for Defender for Cloud
B. reate an Access control (1AM) role for Defender for Cloud
C. onfigure AWS Security Hub
D. eploy the AWS Systems Manager (SSM) agent
View answer
Correct Answer: D
Question #28
HOTSPOT (Drag and Drop is not supported)You have a Microsoft 365 E5 subscription.You need to create a hunting query that will return every email that contains an attachment named Document.pdf. The query must meet the following requirements:-Only show emails sent during the last hour.-Optimize query performance.How should you complete the query? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #29
You have a Microsoft 365 subscription that uses Azure Defender. You have 100 virtual machines in a resource group named RG1.You assign the Security Admin roles to a new user named SecAdmin1.You need to ensure that SecAdmin1 can apply quick fixes to the virtual machines by using Azure Defender. The solution must use the principle of least privilege.Which role should you assign to SecAdmin1?
A. he Security Reader role for the subscription
B. he Contributor for the subscription
C. he Contributor role for RG1
D. he Owner role for RG1
View answer
Correct Answer: C
Question #30
You have five on-premises Linux servers.You have an Azure subscription that uses Microsoft Defender for Cloud.You need to use Defender for Cloud to protect the Linux servers.What should you install on the servers first?
A. he Dependency agent
B. he Log Analytics agent
C. he Azure Connected Machine agent
D. he Guest Configuration extension
View answer
Correct Answer: B
Question #31
You have a Microsoft 365 subscription that has Microsoft 365 Defender enabled.You need to identify all the changes made to sensitivity labels during the past seven days.What should you use?
A. he Incidents blade of the Microsoft 365 Defender portal
B. he Alerts settings on the Data Loss Prevention blade of the Microsoft 365 compliance center
C. ctivity explorer in the Microsoft 365 compliance center
D. he Explorer settings on the Email & collaboration blade of the Microsoft 365 Defender portal
View answer
Correct Answer: C
Question #32
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You are configuring Microsoft Defender for Identity integration with Active Dire
A. es
B. o
View answer
Correct Answer: B
Question #33
You have an Azure subscription that contains a Log Analytics workspace.You need to enable just-in-time (JIT) VM access and network detections for Azure resources.Where should you enable Azure Defender?
A. t the subscription level
B. t the workspace level
C. t the resource level
View answer
Correct Answer: A
Question #34
You receive a security bulletin about a potential attack that uses an image file.You need to create an indicator of compromise (IoC) in Microsoft Defender for Endpoint to prevent the attack.Which indicator type should you use?
A. URL/domain indicator that has Action set to Alert only
B. URL/domain indicator that has Action set to Alert and block
C. file hash indicator that has Action set to Alert and block
D. certificate indicator that has Action set to Alert and block
View answer
Correct Answer: C
Question #35
DRAG DROP (Drag and Drop is not supported)You have a Microsoft Sentinel workspace that contains a custom workbook to meet the Microsoft Sentinel requirements and the business requirements.Which role should you assign to each group? To answer, drag the appropriate roles to the correct groups. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.Note: Each correct selection is worth one point.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #36
You have a Microsoft 365 E5 subscription that uses Microsoft SharePoint Online.You delete users from the subscription.You need to be notified if the deleted users downloaded numerous documents from SharePoint Online sites during the month before their accounts were deleted.What should you use?
A. file policy in Microsoft Defender for Cloud Apps
B. n access review policy
C. n alert policy in Microsoft Defender for Office 365
D. n insider risk policy
View answer
Correct Answer: C
Question #37
You need to ensure that the processing of incidents generated by rulequery1 meets the Microsoft Sentinel requirements.What should you create first?
A. playbook with an incident trigger
B. playbook with an alert trigger
C. n Azure Automation rule
D. playbook with an entity trigger
View answer
Correct Answer: B
Question #38
You have an Azure subscription that has Microsoft Defender for Cloud enabled for all supported resource types.You need to configure the continuous export of high-severity alerts to enable their retrieval from a third-party security information and event management (SIEM) solution.To which service should you export the alerts?
A. zure Cosmos DB
B. zure Event Grid
C. zure Event Hubs
D. zure Data Lake
View answer
Correct Answer: C
Question #39
You need to implement the Azure Information Protection requirements. What should you configure first?
A. evice health and compliance reports settings in Microsoft Defender Security Center
B. canner clusters in Azure Information Protection from the Azure portal
C. ontent scan jobs in Azure Information Protection from the Azure portal
D. dvanced features from Settings in Microsoft Defender Security Center
View answer
Correct Answer: D
Question #40
HOTSPOT (Drag and Drop is not supported)You have a Microsoft 365 E5 subscription that uses Microsoft Purview and contains a user named User1.User1 shares a Microsoft Power BI report file from the Microsoft OneDrive folder of your company to an external user by using Microsoft Teams.You need to identify which Power BI report file was shared.How should you configure the search? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #41
You have a third-party security information and event management (SIEM) solution.You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD) sign-events in near real time.What should you do to route events to the SIEM solution?
A. reate an Azure Sentinel workspace that has a Security Events connector
B. onfigure the Diagnostics settings in Azure AD to stream to an event hub
C. reate an Azure Sentinel workspace that has an Azure Active Directory connector
D. onfigure the Diagnostics settings in Azure AD to archive to a storage account
View answer
Correct Answer: B
Question #42
HOTSPOT (Drag and Drop is not supported)You need to use an Azure Resource Manager template to create a workflow automation that will trigger an automatic remediation when specific security alerts are received by Microsoft Defender for Cloud.How should you complete the portion of the template that will provision the required Azure resources? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #43
You create an Azure subscription.You enable Microsoft Defender for Cloud for the subscription.You need to use Defender for Cloud to protect on-premises computers.What should you do on the on-premises computers?
A. nstall the Log Analytics agent
B. nstall the Dependency agent
C. onfigure the Hybrid Runbook Worker role
D. nstall the Connected Machine agent
View answer
Correct Answer: A
Question #44
HOTSPOT (Drag and Drop is not supported)You need to recommend remediation actions for the Microsoft Defender for Cloud alerts for Fabrikam.What should you recommend for each threat? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #45
You are responsible for responding to Azure Defender for Key Vault alerts.During an investigation of an alert, you discover unauthorized attempts to access a key vault from a Tor exit node.What should you configure to mitigate the threat?
A. Key Vault firewalls and virtual networks
B. Azure Active Directory (Azure AD) permissions
C. role-based access control (RBAC) for the key vault
D. the access policy settings of the key vault
View answer
Correct Answer: A
Question #46
HOTSPOT (Drag and Drop is not supported)You need to assign role-based access control (RBAC) roles to Group1 and Group2 to meet the Microsoft Defender for Cloud requirements and the business requirements.Which role should you assign to each group? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #47
You need to minimize the effort required to investigate the Microsoft Defender for Identity false positive alerts. What should you review?
A. he status update time
B. he alert status
C. he certainty of the source computer
D. he resolution method of the source computer
View answer
Correct Answer: B
Question #48
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud.You have an Azure DevOps organization named AzDO1.You need to integrate Sub1 and AzDO1. The solution must meet the following requirements:•Detect secrets exposed in pipelines by using Defender for Cloud.•Minimize administrative effort.What should you do? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #49
You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in.Which anomaly detection policy should you use?
A. mpossible travel
B. ctivity from anonymous IP addresses
C. ctivity from infrequent country
D. alware detection
View answer
Correct Answer: C
Question #50
You need to modify the anomaly detection policy settings to meet the Cloud App Security requirements. Which policy should you modify?
A. ctivity from suspicious IP addresses
B. ctivity from anonymous IP addresses
C. mpossible travel
D. isky sign-in
View answer
Correct Answer: C
Question #51
You have an Azure subscription that uses Microsoft Defender for Cloud and contains a resource group named RG1. RG1 contains 20 virtual machines that run Windows Server 2019.You need to configure just-in-time (JIT) access for the virtual machines in RG1. The solution must meet the following requirements:-Limit the maximum request time to two hours.-Limit protocols access to Remote Desktop Protocol (RDP) only.-Minimize administrative effort.What should you use?
A. zure AD Privileged Identity Management (PIM)
B. zure Policy
C. zure Bastion
D. zure Front Door
View answer
Correct Answer: C
Question #52
You have a Microsoft 365 subscription that uses Microsoft 365 Defender.You plan to create a hunting query from Microsoft Defender.You need to create a custom tracked query that will be used to assess the threat status of the subscription.From the Microsoft 365 Defender portal, which page should you use to create the query?
A. hreat analytics
B. dvanced Hunting
C. xplorer
D. olicies & rules
View answer
Correct Answer: B
Question #53
HOTSPOT (Drag and Drop is not supported)You have an Azure Storage account that will be accessed by multiple Azure Function apps during the development of an application.You need to hide Azure Defender alerts for the storage account.Which entity type and field should you use in a suppression rule? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #54
You have an Azure subscription that uses resource type for Cloud. You need to filter the security alerts view to show the following alerts.* Unusual user accessed a key vault* Log on from an unusual location* Impossible travel activityWhich severity should you use?
A. nformational
B. ow
C. edium
D. igh
View answer
Correct Answer: C
Question #55
HOTSPOT (Drag and Drop is not supported)Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with Azure AD.You have a Microsoft 365 E5 subscription that uses Microsoft Defender 365.You need to identify all the interactive authentication attempts by the users in the finance department of your company.How should you complete the KQL query? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ncidents
B. emediation
C. nvestigations
D. dvanced hunting
View answer
Correct Answer: A
Question #56
You create an Azure subscription named sub1.In sub1, you create a Log Analytics workspace named workspace1.You enable Microsoft Defender for Cloud and configure Defender for Cloud to use workspace1.You need to collect security event logs from the Azure virtual machines that report to workspace1.What should you do?
A. rom Defender for Cloud, modify Microsoft Defender for Servers plan settings
B. n sub1, register a provider
C. rom Defender for Cloud, create a workflow automation
D. n workspace1, create a workbook
View answer
Correct Answer: A
Question #57
You create an Azure subscription named sub1.In sub1, you create a Log Analytics workspace named workspace1.You enable Microsoft Defender for Cloud and configure Defender for Cloud to use workspace1.What should you do?
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #58
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You use Azure Security Center.You receive a security alert in Security Center.Yo
A. es
B. o
View answer
Correct Answer: A
Question #59
You have an Azure subscription that uses Microsoft Defender for Cloud.You have an Amazon Web Services (AWS) account that contains an Amazon Elastic Compute Cloud (EC2) instance named EC2-1.You need to onboard EC2-1 to Defender for Cloud.What should you install on EC2-1?
A. he Log Analytics agent
B. he Azure Connected Machine agent
C. he unified Microsoft Defender for Endpoint solution package
D. icrosoft Monitoring Agent
View answer
Correct Answer: A
Question #60
You are responsible for responding to Azure Defender for Key Vault alerts.During an investigation of an alert, you discover unauthorized attempts to access a key vault from a Tor exit node.What should you configure to mitigate the threat?
A. ey Vault firewalls and virtual networks
B. zure Active Directory (Azure AD) permissions
C. ole-based access control (RBAC) for the key vault
D. he access policy settings of the key vault
View answer
Correct Answer: A
Question #61
DRAG DROP (Drag and Drop is not supported)You are investigating an incident by using Microsoft 365 Defender.You need to create an advanced hunting query to detect failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop.How should you complete the query? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #62
The issue for which team can be resolved by using Microsoft Defender for Office 365?
A. xecutive
B. arketing
C. ecurity
D. ales
View answer
Correct Answer: B
Question #63
Your company uses Azure Security Center and Azure Defender.The security operations team at the company informs you that it does NOT receive email notifications for security alerts.What should you configure in Security Center to enable the email notifications?
A. ecurity solutions
B. ecurity policy
C. ricing & settings
D. ecurity alerts
E. zure Defender
View answer
Correct Answer: C
Question #64
You have a Microsoft 365 E5 subscription that uses Microsoft Defender 365.You need to ensure that you can investigate threats by using data in the unified audit log of Microsoft Defender for Cloud Apps.What should you configure first?
A. he User enrichment settings
B. he Azure connector
C. he Office 365 connector
D. he Automatic log upload settings
View answer
Correct Answer: C
Question #65
You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in.Which anomaly detection policy should you use?
A. harePoint search
B. hunting query in Microsoft 365 Defender
C. zure Information Protection
D. egEx pattern matching
View answer
Correct Answer: C
Question #66
You receive an alert from Azure Defender for Key Vault.You discover that the alert is generated from multiple suspicious IP addresses.You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must minimize the impact on legitimate users.What should you do first?
A. odify the access control settings for the key vault
B. nable the Key Vault firewall
C. reate an application security group
D. odify the access policy for the key vault
View answer
Correct Answer: B
Question #67
DRAG DROP (Drag and Drop is not supported)You have an Azure subscription.You need to delegate permissions to meet the following requirements:-Enable and disable Azure Defender.-Apply security recommendations to resource.-The solution must use the principle of least privilege.Which Azure Security Center role should you use for each requirement? To answer, drag the appropriate roles to the correct requirements. Each role may be used once, more than once, or not at all. You may need to drag the split bar betwe
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #68
You need to monitor the password resets. The solution must meet the Microsoft Sentinel requirements.What should you do? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #69
You need to implement the Microsoft Sentinel NRT rule for monitoring the designated break glass account. The solution must meet the Microsoft Sentinel requirements.How should you complete the query? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #70
You need to correlate data from the SecurityEvent Log Analytics table to meet the Microsoft Sentinel requirements for using UEBA.Which Log Analytics table should you use?
A. dentityInfo
B. ADRiskyUsers
C. entinelAudit
D. dentityDirectoryEvents
View answer
Correct Answer: A
Question #71
You have a Microsoft Sentinel workspace that has user and Entity Behavior Analytics (UEBA) enabled for Signin Logs.You need to ensure that failed interactive sign-ins are detected.The solution must minimize administrative effort.What should you use?
A. scheduled alert query
B. UEBA activity template
C. he Activity Log data connector
D. hunting query
View answer
Correct Answer: B
Question #72
You have an Azure subscription that uses Microsoft Defender for Cloud and contains 100 virtual machines that run Windows Server.You need to configure Defender for Cloud to collect event data from the virtual machines. The solution must minimize administrative effort and costs.Which two actions should you perform? Each correct answer presents part of the solution.Note: Each correct selection is worth one point.
A. ecurity operator
B. ecurity Admin
C. wner
D. ontributor
View answer
Correct Answer: AE

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: