SC-200 Practice Questions — Page 2

Question 11

Your company deploys the following services:

✑ Microsoft Defender for Identity

✑ Microsoft Defender for Endpoint

✑ Microsoft Defender for Office 365

You need to provide a security analyst with the ability to use the Microsoft 365 security center. The analyst must be able to approve and reject pending actions generated by Microsoft Defender for Endpoint. The solution must use the principle of least privilege.

Which two roles should assign to the analyst? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.the Compliance Data Administrator in Azure Active Directory (Azure AD)
B.the Active remediation actions role in Microsoft Defender for Endpoint
C.the Security Administrator role in Azure Active Directory (Azure AD)
D.the Security Reader role in Azure Active Directory (Azure AD)

Question 12

Open question ↗

You have a Microsoft 365 E5 subscription that uses Microsoft Defender and an Azure subscription that uses Azure Sentinel.

You need to identify all the devices that contain files in emails sent by a known malicious email sender. The query will be based on the match of the SHA256 hash.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Question 13

Open question ↗

You purchase a Microsoft 365 subscription.

You plan to configure Microsoft Cloud App Security.

You need to create a custom template-based policy that detects connections to Microsoft 365 apps that originate from a botnet network.

What should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Question 14

Open question ↗

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

Solution: You add each account as a Sensitive account.

Does this meet the goal?

A.Yes
B.No

Question 15

Open question ↗

You have a Microsoft 365 tenant that uses Microsoft Exchange Online and Microsoft Defender for Office 365.

What should you use to identify whether zero-hour auto purge (ZAP) moved an email message from the mailbox of a user?

A.the Threat Protection Status report in Microsoft Defender for Office 365
B.the mailbox audit log in Exchange
C.the Safe Attachments file types report in Microsoft Defender for Office 365
D.the mail flow report in Exchange

Question 16

Open question ↗

You have a Microsoft 365 subscription that contains 1,000 Windows 10 devices. The devices have Microsoft Office 365 installed.

You need to mitigate the following device threats:

✑ Microsoft Excel macros that download scripts from untrusted websites

✑ Users that open executable attachments in Microsoft Outlook

✑ Outlook rules and forms exploits

What should you use?

A.Microsoft Defender Antivirus
B.attack surface reduction rules in Microsoft Defender for Endpoint
C.Windows Defender Firewall
D.adaptive application control in Azure Defender

Question 17

Open question ↗

You have a third-party security information and event management (SIEM) solution.

You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD) sign-events in near real time.

What should you do to route events to the SIEM solution?

A.Create an Azure Sentinel workspace that has a Security Events connector.
B.Configure the Diagnostics settings in Azure AD to stream to an event hub.
C.Create an Azure Sentinel workspace that has an Azure Active Directory connector.
D.Configure the Diagnostics settings in Azure AD to archive to a storage account.

Question 18

Open question ↗

You have an Azure subscription linked to an Azure Active Directory (Azure AD) tenant. The tenant contains two users named User1 and User2.

You plan to deploy Azure Defender.

You need to enable User1 and User2 to perform tasks at the subscription level as shown in the following table.

The solution must use the principle of least privilege.

Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all.

You may need to drag the split bar between panes or scroll to view content.

Select and Place:

Question 19

Open question ↗

You have a Microsoft 365 subscription that uses Microsoft 365 Defender and contains a user named User1.

You are notified that the account of User1 is compromised.

You need to review the alerts triggered on the devices to which User1 signed in.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Question 20

Open question ↗

You have a Microsoft 365 subscription that has Microsoft 365 Defender enabled.

You need to identify all the changes made to sensitivity labels during the past seven days.

What should you use?

A.the Incidents blade of the Microsoft 365 Defender portal
B.the Alerts settings on the Data Loss Prevention blade of the Microsoft 365 compliance center
C.Activity explorer in the Microsoft 365 compliance center
D.the Explorer settings on the Email & collaboration blade of the Microsoft 365 Defender portal