FEFreeExamDumps.in

SC-200 Practice Questions — Page 21

Question 201

Open question ↗

You have a Microsoft 365 subscription that contains three users named User1, User2 and User3 and the resources shown in the following table.

You have a Microsoft Defender XDR detection rule named Rule1 that has the following configurations:

• Scope:DevGroup1

• File hash: File1.exe

• Actions

o Devices: Collect investigation package

o User: Mark as compromised

o Files: Block

Each user attempts to run File1.exe on their device.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question 201

Question 202

Open question ↗

You have a Microsoft 365 E5 subscription.

You have the following KQL query.

You need to use the query to create a Microsoft Defender XDR custom detection rule that can isolate an onboarded device.

How should you modify the query?

Question 202
  • A.Add the AccountUpn and Timestamp columns to the project operator.
  • B.Add a distinct operator.
  • C.Add a summarize operator.
  • D.Add the DeviceId and Timestamp columns to the project operator.

Question 203

Open question ↗

You have a Microsoft 365 E5 subscription that contains Windows 11 and Linux CentOS devices.

In Microsoft Defender XDR, Deception is set to On.

You plan to create a deception rule that will use a custom lure.

You need to specify the type of file, and the planting path for the custom lure.

What should you specify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 203

Question 204

Open question ↗

You have a Microsoft 365 E5 subscription.

You need to ensure that an alert is generated in Microsoft Defender XDR when attackers attempt to connect to a specific device. The solution must minimize administrative effort.

What should you do in the Microsoft Defender portal?

  • A.Create a deception rule that includes a decoy.
  • B.Tag an existing device as a honeytoken entity.
  • C.Create a deception rule that includes a lure.
  • D.Tag an existing device as a sensitive entity.

Question 205

Open question ↗

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1.

You need to enable Microsoft Defender for Cloud Apps session control for Site1.

Which type of policy should you create first?

  • A.access
  • B.session
  • C.app governance
  • D.Conditional Access

Question 206

Open question ↗

You have a Microsoft 365 E5 subscription that has a Conditional Access policy named Policy1.

You need to perform the following actions:

• Create a Conditional Access App Control custom policy named Custom1.

• Configure Policy1 to use Custom1.

What should you use co create Custom1, and in which settings of Policy1 should you enable Conditional Access App Control? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 206

Question 207

Open question ↗

You have an Azure subscription that uses Microsoft Defender for Cloud.

You need to configure Defender for Cloud to mitigate the following risks:

• Vulnerabilities within the application source code

• Exploitation toolkits in declarative templates

• Operations from malicious IP addresses

• Exposed secrets

Which two Defender for Cloud services should you use? Each correct answer presents part of the solution.

NOTE: Each correct answer is worth one point.

  • A.Microsoft Defender for APIs
  • B.Microsoft Defender for Resource Manager ✓
  • C.Microsoft Defender for App Service
  • D.Microsoft Defender for Servers
  • E.Microsoft Defender for DevOps ✓

Question 208

Open question ↗

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR.

You have a custom detection rule named Rule1 that generates an alert if more than five antivirus detections are identified on a device. Rule1 has a lookback period of 12 hours.

You need to change the lookback period to 48 hours.

What should you modify for Rule1?

  • A.the scope
  • B.the summarize operator of the KQL query
  • C.the frequency
  • D.the where operator of the KQL query

Question 209

Open question ↗

You have a Microsoft 365 subscription. The subscription contains 500 Windows 11 devices that are onboarded to Microsoft Defender for Endpoint.

You need to perform the following actions in Microsoft Defender XDR:

• For your company’s finance department, populate random endpoints with fake cached credentials.

• Ensure that an incident is created in Microsoft Defender XDR if an attacker attempts to use the fake cached credentials.

The solution must ensure that the fake cached credentials are planted only on endpoints of the finance department.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

Question 209

Question 210

Open question ↗

You have a Microsoft 365 E5 subscription that uses Microsoft Exchange Online.

You need to identify phishing email messages.

Which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.

Question 210