FEFreeExamDumps.in

SC-200 Practice Questions — Page 5

Question 41

Open question ↗

You have a Microsoft 365 subscription that uses Microsoft Purview and Microsoft Teams.

You have a team named Team1 that has a project named Project1.

You need to identify any Project1 files that were stored on the team site of Team1 between February 1, 2023, and February 10, 2023.

Which KQL query should you run?

  • A.(c:c)(Project1)(date=(2023-02-01)..date=(2023-02-10))
  • B.AuditLogs -
  • C.Project1(c:c)(date=2023-02-01..2023-02-10)
  • D.AuditLogs -

Question 42

Open question ↗

You have a Microsoft 365 E5 subscription that contains 100 Windows 10 devices.

You onboard the devices to Microsoft Defender 365.

You need to ensure that you can initiate remote shell connections to the onboarded devices from the Microsoft 365 Defender portal.

What should you do first?

  • A.Modify the permissions for Microsoft 365 Defender.
  • B.Create a device group.
  • C.From Advanced features in the Endpoints settings of the Microsoft 365 Defender portal, enable automated investigation.
  • D.Configure role-based access control (RBAC).

Question 43

Open question ↗

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint.

You need to create a detection rule that meets the following requirements:

• Is triggered when a device that has critical software vulnerabilities was active during the last hour

• Limits the number of duplicate results

How should you complete the KQL query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 43

Question 44

Open question ↗

You have a Microsoft 365 E5 subscription that uses Microsoft Teams.

You need to perform a content search of Teams chats for a user by using the Microsoft Purview compliance portal. The solution must minimize the scope of the search.

How should you configure the content search? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 44

Question 45

Open question ↗

You have a Microsoft 365 E5 subscription that contains 100 Linux devices. The devices are onboarded to Microsoft Defender 365.

You need to initiate the collection of investigation packages from the devices by using the Microsoft 365 Defender portal.

Which response action should you use?

  • A.Run antivirus scan
  • B.Initiate Automated Investigation
  • C.Collect investigation package
  • D.Initiate Live Response Session

Question 46

Open question ↗

You need to configure Microsoft Defender for Cloud Apps to generate alerts and trigger remediation actions in response to external sharing of confidential files.

Which two actions should you perform in the Microsoft 365 Defender portal? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

  • A.From Settings, select Cloud App, select Microsoft Information Protection, and then select Only scan files for Microsoft Information Protection sensitivity labels and content inspection warnings from this tenant.
  • B.From Cloud apps, select Files, and then filter File Type to Document.
  • C.From Settings, select Cloud App, select Microsoft Information Protection, select Files, and then enable file monitoring.
  • D.From Cloud apps, select Files, and then filter App to Office 365.
  • E.From Cloud apps, select Files, and then select New policy from search.
  • F.From Settings, select Cloud App, select Microsoft Information Protection, and then select Automatically scan new files for Microsoft Information Protection sensitivity labels and content inspection warnings.

Question 47

Open question ↗

You have a Microsoft 365 subscription that uses Microsoft Purview.

Your company has a project named Project1.

You need to identify all the email messages that have the word Project1 in the subject line. The solution must search only the mailboxes of users that worked on Project1.

What should you do?

  • A.Perform a user data search.
  • B.Create a records management disposition.
  • C.Perform an audit search.
  • D.Perform a content search.

Question 48

Open question ↗

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.

You discover that when Microsoft Defender for Endpoint generates alerts for a commonly used executable file, it causes alert fatigue.

You need to tune the alerts.

Which two actions can an alert tuning rule perform for the alerts? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

  • A.delete
  • B.hide
  • C.resolve
  • D.merge
  • E.assign

Question 49

Open question ↗

Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.

After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.

You have a Microsoft 365 subscription.

You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode.

You need to ensure that the devices are protected from malicious artifacts that were undetected by the third-party antivirus product.

Solution: You configure endpoint detection and response (EDR) in block mode.

Does this meet the goal?

  • A.Yes
  • B.No

Question 50

Open question ↗

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.

You need to implement deception rules. The solution must ensure that you can limit the scope of the rules.

What should you create first?

  • A.device groups
  • B.device tags
  • C.honeytoken entity tags
  • D.sensitive entity tags