FEFreeExamDumps.in

SC-200 Practice Questions — Page 12

Question 111

Open question ↗

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Azure Sentinel.

You need to create an incident in Azure Sentinel when a sign-in to an Azure virtual machine from a malicious IP address is detected.

Solution: You create a Microsoft incident creation rule for a data connector.

Does this meet the goal?

  • A.Yes
  • B.No

Question 112

Open question ↗

You are configuring Azure Sentinel.

You need to send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected.

Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

  • A.Add a playbook.
  • B.Associate a playbook to an incident.
  • C.Enable Entity behavior analytics.
  • D.Create a workbook.
  • E.Enable the Fusion rule.

Question 113

Open question ↗

You need to visualize Azure Sentinel data and enrich the data by using third-party data sources to identify indicators of compromise (IoC).

What should you use?

  • A.notebooks in Azure Sentinel
  • B.Microsoft Cloud App Security
  • C.Azure Monitor
  • D.hunting queries in Azure Sentinel

Question 114

Open question ↗

You have the following environment:

Azure Sentinel

✑ A Microsoft 365 subscription

✑ Microsoft Defender for Identity

✑ An Azure Active Directory (Azure AD) tenant

You configure Azure Sentinel to collect security logs from all the Active Directory member servers and domain controllers.

You deploy Microsoft Defender for Identity by using standalone sensors.

You need to ensure that you can detect when sensitive groups are modified in Active Directory.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Question 114
  • A.Configure the Advanced Audit Policy Configuration settings for the domain controllers.
  • B.Modify the permissions of the Domain Controllers organizational unit (OU).
  • C.Configure auditing in the Microsoft 365 compliance center.
  • D.Configure Windows Event Forwarding on the domain controllers.

Question 115

Open question ↗

You use Azure Sentinel.

You need to use a built-in role to provide a security analyst with the ability to edit the queries of custom Azure Sentinel workbooks. The solution must use the principle of least privilege.

Which role should you assign to the analyst?

  • A.Azure Sentinel Contributor
  • B.Security Administrator
  • C.Azure Sentinel Responder
  • D.Logic App Contributor

Question 116

Open question ↗

You have an Azure subscription named Sub1 and a Microsoft 365 subscription. Sub1 is linked to an Azure Active Directory (Azure AD) tenant named contoso.com.

You create an Azure Sentinel workspace named workspace1. In workspace1, you activate an Azure AD connector for contoso.com and an Office 365 connector for the Microsoft 365 subscription.

You need to use the Fusion rule to detect multi-staged attacks that include suspicious sign-ins to contoso.com followed by anomalous Microsoft Office 365 activity.

Which two actions should you perform? Each correct answer present part of the solution.

NOTE: Each correct selection is worth one point.

  • A.Create custom rule based on the Office 365 connector templates.
  • B.Create a Microsoft incident creation rule based on Azure Security Center.
  • C.Create a Microsoft Cloud App Security connector.
  • D.Create an Azure AD Identity Protection connector.

Question 117

Open question ↗

You need to create a query for a workbook. The query must meet the following requirements:

✑ List all incidents by incident number.

✑ Only include the most recent log for each incident.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Question 117

Question 118

Open question ↗

You have an Azure subscription that uses Microsoft Sentinel.

You need to minimize the administrative effort required to respond to the incidents and remediate the security threats detected by Microsoft Sentinel.

Which two features should you use? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

  • A.Microsoft Sentinel bookmarks
  • B.Azure Automation runbooks
  • C.Microsoft Sentinel automation rules
  • D.Microsoft Sentinel playbooks
  • E.Azure Functions apps

Question 119

Open question ↗

You have a Microsoft Sentinel workspace named sws1.

You need to create a hunting query to identify users that list storage keys of multiple Azure Storage accounts. The solution must exclude users that list storage keys for a single storage account.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Question 119

Question 120

Open question ↗

You have a Microsoft Sentinel workspace named workspace1 and an Azure virtual machine named VM1.

You receive an alert for suspicious use of PowerShell on VM1.

You need to investigate the incident, identify which event triggered the alert, and identify whether the following actions occurred on VM1 after the alert:

The modification of local group memberships

✑ The purging of event logs

Which three actions should you perform in sequence in the Azure portal? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

Question 120