This page was exported from Best Free Exam Guide [ http://free.exams4sures.com ] Export date:Sat Mar 15 10:41:03 2025 / +0000 GMT ___________________________________________________ Title: Microsoft New 2023 SC-200 Test Tutorial (Updated 225 Questions) [Q15-Q34] --------------------------------------------------- Microsoft New 2023 SC-200 Test Tutorial (Updated 225 Questions) SC-200 Exam Questions Dumps, Selling Microsoft Products The Microsoft SC-200 exam comprises of 40-60 questions and has a time limit of 180 minutes. The questions are presented in multiple-choice format and may include simulations, case studies, and other types of questions. SC-200 exam is available in English and Japanese, and the cost of the exam is $165.   QUESTION 15You have a Microsoft Sentinel workspace named Workspace1 and 200 custom Advanced Security Information Model (ASIM) parsers based on the DNS schem a. You need to make the 200 parsers available in Workspace1. The solution must minimize administrative effort. What should you do first?  Copy the parsers to the Azure Monitor Logs page.  Create a JSON file based on the DNS template.  Create an XML file based on the DNS template.  Create a YAML file based on the DNS template. QUESTION 16You have a Microsoft Sentinel workspace.You need to configure a report visual for a custom workbook. The solution must meet the following requirements:* The count and usage trend of AppDisplayName must be included* The TrendList column must be useable in a sparkline visual,How should you complete the KQL query? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. QUESTION 17You have a Microsoft Sentinel workspace.You have a query named Query1 as shown in the following exhibit.You plan to create a custom parser named Parser 1. You need to use Query1 in Parser1. What should you do first?  Remove line 2.  In line 4. remove the TimeGenerated predicate.  Remove line 5.  In line 3, replace the ‘contains operator with the !has operator. ExplanationThis can be confirmed by referring to the official Microsoft documentation on creating custom log queries in Azure Sentinel, which states that the “has” operator should not be used in the query, and that it is unnecessary.Reference: https://docs.microsoft.com/en-us/azure/sentinel/query-custom-logsTopic 1, Litware inc.Case studyThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case studyTo display the first question in this case study, click the button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the button to return to the question.OverviewLitware Inc. is a renewable company.Litware has offices in Boston and Seattle. Litware also has remote users located across the United States. To access Litware resources, including cloud resources, the remote users establish a VPN connection to either office.Existing EnvironmentIdentity EnvironmentThe network contains an Active Directory forest named litware.com that syncs to an Azure Active Directory (Azure AD) tenant named litware.com.Microsoft 365 EnvironmentLitware has a Microsoft 365 E5 subscription linked to the litware.com Azure AD tenant. Microsoft Defender for Endpoint is deployed to all computers that run Windows 10. All Microsoft Cloud App Security built-in anomaly detection policies are enabled.Azure EnvironmentLitware has an Azure subscription linked to the litware.com Azure AD tenant. The subscription contains resources in the East US Azure region as shown in the following table.Network EnvironmentEach Litware office connects directly to the internet and has a site-to-site VPN connection to the virtual networks in the Azure subscription.On-premises EnvironmentThe on-premises network contains the computers shown in the following table.Current problemsCloud App Security frequently generates false positive alerts when users connect to both offices simultaneously.Planned ChangesLitware plans to implement the following changes:Create and configure Azure Sentinel in the Azure subscription.Validate Azure Sentinel functionality by using Azure AD test user accounts.Business RequirementsLitware identifies the following business requirements:The principle of least privilege must be used whenever possible.Costs must be minimized, as long as all other requirements are met.Logs collected by Log Analytics must provide a full audit trail of user activities.All domain controllers must be protected by using Microsoft Defender for Identity.Azure Information Protection RequirementsAll files that have security labels and are stored on the Windows 10 computers must be available from the Azure Information Protection – Data discovery dashboard.Microsoft Defender for Endpoint requirementsAll Cloud App Security unsanctioned apps must be blocked on the Windows 10 computers by using Microsoft Defender for Endpoint.Microsoft Cloud App Security requirementsCloud App Security must identify whether a user connection is anomalous based on tenant-level data.Azure Defender RequirementsAll servers must send logs to the same Log Analytics workspace.Azure Sentinel RequirementsLitware must meet the following Azure Sentinel requirements:Integrate Azure Sentinel and Cloud App Security.Ensure that a user named admin1 can configure Azure Sentinel playbooks.Create an Azure Sentinel analytics rule based on a custom query. The rule must automatically initiate the execution of a playbook.Add notes to events that represent data access from a specific IP address to provide the ability to reference the IP address when navigating through an investigation graph while hunting.Create a test rule that generates alerts when inbound access to Microsoft Office 365 by the Azure AD test user accounts is detected. Alerts generated by the rule must be grouped into individual incidents, with one incident per test user account.QUESTION 18You have an Azure subscription that has Azure Defender enabled for all supported resource types.You create an Azure logic app named LA1.You plan to use LA1 to automatically remediate security risks detected in Defenders for Cloud.You need to test LA1 in Defender for Cloud.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. QUESTION 19You are informed of an increase in malicious email being received by users.You need to create an advanced hunting query in Microsoft 365 Defender to identify whether the accounts of the email recipients were compromised. The query must return the most recent 20 sign-ins performed by the recipients within an hour of receiving the known malicious email.How should you complete the query? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/microsoft-365/security/defender/advanced-hunting-query-emails-devices?view=o365-worldwideQUESTION 20You have an Azure Storage account that will be accessed by multiple Azure Function apps during the development of an application.You need to hide Azure Defender alerts for the storage account.Which entity type and field should you use in a suppression rule? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://techcommunity.microsoft.com/t5/azure-security-center/suppression-rules-for-azure-security-center-alerts-are-now/ba-p/1404920QUESTION 21Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with Azure AD.You have a Microsoft 365 E5 subscription that uses Microsoft Defender 365.You need to identify all the interactive authentication attempts by the users in the finance department of your company.How should you complete the KQL query? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationQUESTION 22You need to configure DC1 to meet the business requirements.Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. 1 – Provide global administrator credentials to the litware.com Azure AD tenant.2 – Create an instance of Microsoft Defender for Identity.3 – Provide domain administrator credentials to the litware.com Active Directory domain.4 – Install the sensor on DC1.Reference:https://docs.microsoft.com/en-us/defender-for-identity/install-step1https://docs.microsoft.com/en-us/defender-for-identity/install-step4QUESTION 23You have an Azure subscription that has Azure Defender enabled for all supported resource types.You need to configure the continuous export of high-severity alerts to enable their retrieval from a third-party security information and event management (SIEM) solution.To which service should you export the alerts?  Azure Cosmos DB  Azure Event Grid  Azure Event Hubs  Azure Data Lake QUESTION 24You need to implement Azure Sentinel queries for Contoso and Fabrikam to meet the technical requirements.What should you include in the solution? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/sentinel/extend-sentinel-across-workspaces-tenants This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case studyTo display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.OverviewLitware Inc. is a renewable company.Litware has offices in Boston and Seattle. Litware also has remote users located across the United States. To access Litware resources, including cloud resources, the remote users establish a VPN connection to either office.QUESTION 25You have 50 Microsoft Sentinel workspaces.You need to view all the incidents from all the workspaces on a single page in the Azure portal. The solution must minimize administrative effort.Which page should you use in the Azure portal?  Microsoft Sentinel – Incidents  Microsoft Sentinel – Workbooks  Microsoft Sentinel  Log Analytics workspaces QUESTION 26HOTSPOTYou need to configure the Azure Sentinel integration to meet the Azure Sentinel requirements.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: Section: [none]Explanation/Reference:https://docs.microsoft.com/en-us/cloud-app-security/siem-sentinelQUESTION 27You have a Microsoft 365 subscription that uses Microsoft 365 Defender.You need to identify all the entities affected by an incident.Which tab should you use in the Microsoft 365 Defender portal?  Investigations  Devices  Evidence and Response  Alerts The Evidence and Response tab shows all the supported events and suspicious entities in the alerts in the incident.QUESTION 28You need to implement Azure Sentinel queries for Contoso and Fabrikam to meet the technical requirements.What should you include in the solution? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationReference:https://docs.microsoft.com/en-us/azure/sentinel/extend-sentinel-across-workspaces-tenantsQUESTION 29You deploy Azure Sentinel.You need to implement connectors in Azure Sentinel to monitor Microsoft Teams and Linux virtual machines in Azure. The solution must minimize administrative effort.Which data connector type should you use for each workload? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/sentinel/connect-office-365https://docs.microsoft.com/en-us/azure/sentinel/connect-syslogQUESTION 30You are informed of a new common vulnerabilities and exposures (CVE) vulnerability that affects your environment.You need to use Microsoft Defender Security Center to request remediation from the team responsible for the affected systems if there is a documented active exploit available.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. ExplanationReference:https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/microsoft-defender-atp-remediate-appsQUESTION 31You need to recommend a solution to meet the technical requirements for the Azure virtual machines.What should you include in the recommendation?  just-in-time (JIT) access  Azure Defender  Azure Firewall  Azure Application Gateway Section: [none]Explanation/Reference:https://docs.microsoft.com/en-us/azure/security-center/azure-defenderQuestion Set 3QUESTION 32From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown in the following exhibit.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/sentinel/tutorial-investigate-cases#use-the-investigation-graph-to-deep-diveQUESTION 33You have an Azure Sentinel deployment.You need to query for all suspicious credential access activities.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. QUESTION 34You have an Azure subscription that contains a user named User1.User1 is assigned an Azure Active Directory Premium Plan 2 licenseYou need to identify whether the identity of User1 was compromised during the last 90 days.What should you use?  the risk detections report  the risky users report  Identity Secure Score recommendations  the risky sign-ins report  Loading … SC-200 Cert Guide PDF 100% Cover Real Exam Questions: https://www.exams4sures.com/Microsoft/SC-200-practice-exam-dumps.html --------------------------------------------------- Images: https://free.exams4sures.com/wp-content/plugins/watu/loading.gif https://free.exams4sures.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2023-10-24 14:39:55 Post date GMT: 2023-10-24 14:39:55 Post modified date: 2023-10-24 14:39:55 Post modified date GMT: 2023-10-24 14:39:55