FEFreeExamDumps.in

SC-200 Practice Questions — Page 18

Question 171

Open question ↗

You have a Microsoft 365 E5 subscription that contains two groups named Group1 and Group2 and uses Microsoft Copilot for Security.

You need to configure Copilot for Security role assignments to meet the following requirements:

• Ensure that members of Group1 can run prompts and respond to Microsoft Defender XDR security incidents.

• Ensure that members of Group2 can run prompts.

• Follow the principle of least privilege.

You remove Everyone from the Copilot Contributor role.

Which two actions should you perform next? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

  • A.Assign the Security Operator role to Group1.
  • B.Assign the Copilot Owner role to Group2.
  • C.Assign the Copilot Owner role to Group1
  • D.Assign the Security Operator role to Group2.
  • E.Assign the Copilot Contributor role to Group2.

Question 172

Open question ↗

You have an on-premises Linux server that runs a background process named App1 and has the Azure Connected Machine agent installed.

You have a Microsoft Sentinel workspace named WS1.

You need to configure a data collection rule (DCR) named DCR1 that will use the Syslog via AMA connector to collect messages related to App1. The solution must meet the following requirements:

• Only collect messages that have a priority level of critical.

• Minimize the volume of data collected.

Which facility and log level should you configure for DCR1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 172

Question 173

Open question ↗

Your on-premises network contains a Hyper-V cluster. The cluster contains the virtual machines shown in the following table.

You have a Microsoft Sentinel workspace named SW1.

You have a data collection rule (DCR) that has the following configurations:

• Name: DCR1

• Destination: SW1

• Platform type: All

• Data collection endpoint: None

• Data source: Windows event logs, Linux syslog

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question 173

Question 174

Open question ↗

You have a Microsoft 365 E5 subscription.

You need to configure Microsoft Defender XDR automatic attack disruption to use signals generated by Microsoft Defender for Cloud Apps.

Which two actions should you perform for Defender for Cloud Apps in the Microsoft Defender portal? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

  • A.Enable the Microsoft 365 connector.
  • B.Add a log collector for automatic log upload.
  • C.Turn on app governance.
  • D.Deploy Cloud Discovery user enrichment.
  • E.From Information protection, enable file monitoring.

Question 175

Open question ↗

You have an Azure subscription named Sub1 that contains an Azure key vault named Vault1 and an Azure Automation account named Automation1.

You need to ensure that Automation1 can access Vault1. The solution1 must meet the following requirements:

• Ensure that if Automation1 is deleted, the permissions granted for Vault1 will be removed automatically.

• Ensure that runbooks created in Automation1 can read secret values stored in Vault1.

• Follow the principle of least privilege.

What should you configure for Automation1, and which built-in role should Automation1 use to access Vault1? To answer, select the appropriate options in the answer area.

NOTE: Each correct answer is worth one point.

Question 175

Question 176

Open question ↗

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

You configure Microsoft Entra Internet Access.

Which users can manage Microsoft Entra Internet Access?

Question 176
  • A.User1 only
  • B.User2 only
  • C.User3 only
  • D.User1 and User2 only
  • E.User1, User2 and User3

Question 177

Open question ↗

You have an Azure subscription named Sub1 that contains a resource group named RG1. RG1 contains two Azure key vaults named KV1 and KV2 that use Azure role-based access control (Azure RBAC).

The subscription contains the users shown in the following table.

KV1 contains a secret named Secret1. KV2 contains a secret named Secret2.

Which users can read the values of each secret? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 177

Question 178

Open question ↗

You have a Microsoft Sentinel workspace.

You need to create playbooks that meet the following requirements:

• Use an automation rule to trigger actions on an entity.

• Call the Entities - Get Hosts action.

Which types of playbooks should you use, and which parameters should you specify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 178

Question 179

Open question ↗

You have an Azure subscription that uses Microsoft Defender for Cloud.

You need to use an Azure Resource Manager (ARM) template to create a workflow automation that will trigger a logic app when specific alerts are received by Microsoft Defender for Cloud.

How should you complete the template? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 179

Question 180

Open question ↗

You have a Microsoft 365 subscription. The subscription contains 500 Windows 11 devices that are onboarded to Microsoft Defender for Endpoint.

You need to configure Defender for Endpoint to meet the following requirements:

• Ensure that security operation analysts can run PowerShell scripts on client computers.

• Perform the automatic remediation of threats on client computers.

Which Endpoints settings should you configure in the Microsoft Defender XDR portal? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 180