FEFreeExamDumps.in

SC-200 Practice Questions — Page 20

Question 191

Open question ↗

You have an Azure subscription that uses Microsoft Defender for Cloud.

You need to configure Defender for Cloud to mitigate the following risks:

• Vulnerabilities within the application source code

• Exploitation toolkits in declarative templates

• Operations from malicious IP addresses

• Exposed secrets

Which two Defender for Cloud services should you use? Each correct answer presents part of the solution.

NOTE: Each correct answer is worth one point.

  • A.Microsoft Defender for Resource Manager
  • B.Microsoft Defender for DNS
  • C.Microsoft Defender for App Service
  • D.Microsoft Defender for Servers
  • E.Microsoft Defender for DevOps

Question 192

Open question ↗

You need to configure DC1 to meet the business requirements.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

Question 192

Question 193

Open question ↗

You have an Azure DevOps organization that contains an Azure Repos repository named Repo1 and is onboarded to Microsoft Defender for DevOps.

You create infrastructure as code (IaC) files and store them in Repo1. The IaC files are formatted as Bicep files and Helm charts.

You need to configure Defender for DevOps to identify misconfigurations in the IaC files.

Which scanning tool should you use for each type of files? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 193

Question 194

Open question ↗

You have a Microsoft 365 E5 subscription that uses Microsoft 365 Defender for Endpoint.

You need to ensure that you can initiate remote shell connections to Windows servers by using the Microsoft 365 Defender portal.

What should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 194

Question 195

Open question ↗

You have a Microsoft Sentinel workspace that contains the following Advanced Security Information Model (ASIM) parsers:

• _Im_ProcessCreate

• imProcessCreate

You create a new source-specific parser named vimProcessCreate.

You need to modify the parsers to meet the following requirements:

• Call all the ProcessCreate parsers.

• Standardize fields to the Process schema.

Which parser should you modify to meet each requirement? To answer, drag the appropriate parsers to the correct requirements.

Each parser may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Question 195

Question 196

Open question ↗

You have on-premises servers that run Windows Server.

You have a Microsoft Sentinel workspace named SW1. SW1 is configured to collect Windows Security log entries from the servers by using the Azure Monitor Agent data connector.

You plan to limit the scope of collected events to events 4624 and 4625 only.

You need to use a PowerShell script to validate the syntax of the filter applied to the connector.

How should you complete the script? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 196

Question 197

Open question ↗

You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud.

You need to assign the PCI DSS 4.0 initiative to Sub1 and have the initiative displayed in the Defender for Cloud Regulatory compliance dashboard.

From Security policies in the Environment settings, you discover that the option to add more industry and regulatory standards is unavailable.

What should you do first?

  • A.Configure the Continuous export settings for Log Analytics.
  • B.Enable the Cloud Security Posture Management (CSPM) plan for the subscription.
  • C.Configure the Continuous export settings for Azure Event Hubs.
  • D.Disable the Microsoft Cloud Security Benchmark (MCSB) assignment.

Question 198

Open question ↗

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.

You have a query that contains the following statements.

You need to configure a custom detection rule that will use the query. The solution must minimize how long it takes to be notified about events that match the query.

Which frequency should you select for the rule?

Question 198
  • A.Every hour
  • B.Continuous (NRT)
  • C.Every 12 hours
  • D.Every 3 hours

Question 199

Open question ↗

You have a Microsoft 365 E5 subscription that contains the hosts shown in the following table.

You have indicators in Microsoft Defender for Endpoint as shown in the following table.

ID1 and ID2 reference the same file as ID3.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question 199

Question 200

Open question ↗

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR.

You have a Microsoft Sentinel workspace.

Microsoft Sentinel connectors are configured as shown in the following table.

You use Microsoft Sentinel to investigate suspicious Microsoft Graph API activity related to Conditional Access policies.

You need to search for the following activities:

• Downloads of the Conditional Access policies by using PowerShell

• Updates to the Conditional Access policies by using the Microsoft Entra admin center

Which tables should you query for each activity? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 200