FEFreeExamDumps.in

SC-200 Practice Questions — Page 8

Question 71

Open question ↗

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have Linux virtual machines on Amazon Web Services (AWS).

You deploy Azure Defender and enable auto-provisioning.

You need to monitor the virtual machines by using Azure Defender.

Solution: You manually install the Log Analytics agent on the virtual machines.

Does this meet the goal?

  • A.Yes
  • B.No

Question 72

Open question ↗

You have five on-premises Linux servers.

You have an Azure subscription that uses Microsoft Defender for Cloud.

You need to use Defender for Cloud to protect the Linux servers.

What should you install on the servers first?

  • A.the Dependency agent
  • B.the Log Analytics agent
  • C.the Azure Connected Machine agent
  • D.the Guest Configuration extension

Question 73

Open question ↗

You have a Microsoft subscription that has Microsoft Defender for Cloud enabled.

You configure the Azure logic apps shown in the following table.

You need to configure an automatic action that will run if a Suspicious process executed alert is triggered. The solution must minimize administrative effort.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Question 73

Question 74

Open question ↗

You have an Azure subscription that uses Microsoft Defender for Cloud and contains a storage account named storage1.

You receive an alert that there was an unusually high volume of delete operations on the blobs in storage1.

You need to identify which blobs were deleted.

What should you review?

  • A.the activity logs of storage1
  • B.the Azure Storage Analytics logs
  • C.the alert details
  • D.the related entities of the alert

Question 75

Open question ↗

You have an Azure subscription that uses Microsoft Defender for Cloud.

You need to filter the security alerts view to show the following alerts:

• Unusual user accessed a key vault

• Log on from an unusual location

• Impossible travel activity

Which severity should you use?

  • A.Informational
  • B.Low
  • C.Medium
  • D.High

Question 76

Open question ↗

You plan to review Microsoft Defender for Cloud alerts by using a third-party security information and event management (SIEM) solution.

You need to locate alerts that indicate the use of the Privilege Escalation MITRE ATT&CK tactic.

Which JSON key should you search?

  • A.Description
  • B.Intent
  • C.ExtendedProperies
  • D.Entities

Question 77

Open question ↗

You have 50 on-premises servers.

You have an Azure subscription that uses Microsoft Defender for Cloud. The Defender for Cloud deployment has Microsoft Defender for Servers and automatic provisioning enabled.

You need to configure Defender for Cloud to support the on-premises servers. The solution must meet the following requirements:

• Provide threat and vulnerability management.

• Support data collection rules.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Question 77

Question 78

Open question ↗

You have an Azure subscription that uses Microsoft Defender for Cloud and contains an Azure logic app named app1.

You need to ensure that app1 launches when a specific Defender for Cloud security alert is generated.

How should you complete the Azure Resource Manager (ARM) template? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 78

Question 79

Open question ↗

You have an Azure subscription that has Microsoft Defender for Cloud enabled for all supported resource types.

You create an Azure logic app named LA1.

You plan to use LA1 to automatically remediate security risks detected in Defender for Cloud.

You need to test LA1 in Defender for Cloud.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 79

Question 80

Open question ↗

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You have a virtual machine that runs Windows 10 and has the Log Analytics agent installed.

You need to simulate an attack on the virtual machine that will generate an alert.

What should you do first?

  • A.Run the Log Analytics Troubleshooting Tool.
  • B.Copy and executable and rename the file as ASC_AlertTest_662jfi039N.exe.
  • C.Modify the settings of the Microsoft Monitoring Agent.
  • D.Run the MMASetup executable and specify the –foo argument.