Microsoft SC-200 Exam Practice Test Instant Access

Question 1

You have 500 on-premises devices.

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR.

You onboard 100 devices to Microsoft Defender XDR.

You need to identify any unmanaged on-premises devices. The solution must ensure that only specific onboarded devices perform the discovery.

What should you do first?

ASet Discovery mode to Basic

BCreate a device group.

CCreate a tag.

DCreate an exclusion.

Answer : D

Question 2

You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You need to implement deception rules. The solution must ensure that you can limit the scope of the rules.

What should you create first?

Adevice groups

Bdevice tags

Choneytoken entity tags

Dsensitive entity tags

Answer : A, A

Question 3

You have a Microsoft 365 subscription.

You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode. You need to ensure that the devices are protected from malicious artifacts that were undetected by the third-party antivirus product Solution: You enable automated investigation and response (AIR) Does this meet the goal?

AYes

BNo

Answer : A

Question 4

You have a Microsoft 365 subscription.

You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode. You need to ensure that the devices are protected from malicious artifacts that were undetected by the third-party antivirus product. Solution: You configure Controlled folder access. Does this meet the goal?

AYes

BNo

Answer : B

Question 5

You have a Microsoft 365 subscription.

You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode.

You need to ensure that the devices are protected from malicious artifacts that were undetected by the third -party antivirus product.

Solution: You configure endpoint detection and response (EDR) in block mode.

Does this meet the goal?

AYes

BNo

Answer : A

Question 6

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR.

You need to ensure that you can investigate threats by using data in the unified audit log of Microsoft Defender for Cloud Apps.

What should you configure first?

Athe Azure connector

Bthe User enrichment settings

Cthe Automatic log upload settings

Dthe Microsoft 365 connector

Answer : D

Question 7

You have a Microsoft Sentinel workspace named SW1.

You need to identify which anomaly rules are enabled in SW1.

What should you review in Microsoft Sentine1?

ASettings

BEntity behavior

CAnalytics

DContent hub

Answer : C

Microsoft SC-200 Microsoft Security Operations Analyst Exam Practice Test