Microsoft SC-200 Exam Practice Test Instant Access

Question 1

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.

You discover that when Microsoft Defender for Endpoint generates alerts for a commonly used executable file, it causes alert fatigue. You need to tune the alerts.

Which two actions can an alert tuning rule perform for the alerts?

Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Adelete

Bhide

Cresolve

Dmerge

Eassign

Answer : B, C

Question 2

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint and contains the devices shown in the following table.

You initiate a live response session on each device.

You need to collect a Defender for Endpoint investigation package from each device.

On which devices can you collect the package by running advanced live response commands from the command-line interface (CLI)?

ADevice1 and Device2 only

BDevice1, Device2, and Device3 only

CDevice3 and Device4 only

DDevice1, Devke2, Device3, and Device4

Answer : B

Question 3

You have an Azure subscription that uses Microsoft Defender XDR.

From the Microsoft Defender portal, you perform an audit search and export the results as a file named Filel.csv that contains 10,000 rows.

You use Microsoft Excel to perform Get & Transform Data operations to parse the AuditData column from Filel.csv. The operations fail to generate columns for specific JSON properties.

You need to ensure that Excel generates columns for the specific JSON properties in the audit search results.

Solution: From Excel, you apply filters to the existing columns in Filel.csv to reduce the number of rows, and then you perform the Get & Transform Data operations to parse the AuditData column.

Does this meet the requirement?

AYes

BNo

Answer : B

Question 4

You have an Azure subscription that uses Microsoft Defender XDR.

From the Microsoft Defender portal, you perform an audit search and export the results as a file named Filel.csv that contains 10,000 rows.

You use Microsoft Excel to perform Get & Transform Data operations to parse the AuditData column from Filel.csv. The operations fail to generate columns for specific JSON properties.

You need to ensure that Excel generates columns for the specific JSON properties in the audit search results.

Solution: From Defender, you modify the search criteria of the audit search to reduce the number of returned records, and then you export the results. From Excel, you perform the Get & Transform Data operations by using the new export.

Does this meet the requirement?

AYes

BNo

Answer : A

Question 5

You have an Azure subscription.

You need to stream the Microsoft Graph activity logs to a third-party security information and event management (SIEM) tool. The solution must minimize administrative effort.

To where should you stream the logs?

Aan Azure Event Hubs namespace

Ban Azure Event Grid namespace

Can Azure Storage account

Da Log Analytics workspace

Answer : A

Question 6

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains 500 Windows devices. You plan to create a Microsoft Defender XDR custom deception rule. You need to ensure that the rule will be applied to only 10 specific devices. What should you do first?

AAdd the IP address of each device to the list of decoy accounts and hosts of the rule.

BAdd the devices to a group.

CAdd custom lures to the rule.

DAssign a tag to the devices

Answer : B

Question 7

You have an Azure subscription that contains a user named User1 and a Microsoft Sentinel workspace named WS1. WS1 uses Microsoft Defender for Cloud.

You have the Microsoft security analytics rules shown in the following table.

User1 performs an action that matches Rule1, Rule2, Rule3, and Rule4. How many incidents will be created in WS1?

Answer : A

Microsoft SC-200 Microsoft Security Operations Analyst Exam Practice Test