Microsoft Microsoft Certifications SC-200 Questions & Answers

• Question 131:

  Your company uses line-of-business apps that contain Microsoft Office VBA macros.

  You plan to enable protection against downloading and running additional payloads from the Office VBA macros as additional child processes.

  You need to identify which Office VBA macros might be affected.

  Which two commands can you run to achieve the goal? Each correct answer presents a complete solution.

  NOTE: Each correct selection is worth one point.

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: AD

  Reference: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide#powershell

• Question 132:

  Your company uses Microsoft Defender for Endpoint.

  The company has Microsoft Word documents that contain macros. The documents are used frequently on the devices of the company's accounting team.

  You need to hide false positive in the Alerts queue, while maintaining the existing security posture.

  Which three actions should you perform? Each correct answer presents part of the solution.

  NOTE: Each correct selection is worth one point.

  A. Resolve the alert automatically.

  B. Hide the alert.

  C. Create a suppression rule scoped to any device.

  D. Create a suppression rule scoped to a device group.

  E. Generate the alert.

  Correct Answer: BCE

  Reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/manage-alerts

• Question 133:

  You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.

  You have Microsoft SharePoint Online sites that contain sensitive documents. The documents contain customer account numbers that each consists of 32 alphanumeric characters.

  You need to create a data loss prevention (DLP) policy to protect the sensitive documents.

  What should you use to detect which documents are sensitive?

  A. SharePoint search

  B. a hunting query in Microsoft 365 Defender

  C. Azure Information Protection

  D. RegEx pattern matching

  Correct Answer: D

  To detect sensitive documents in SharePoint Online, you can use a RegEx (regular expression) pattern matching rule in the data loss prevention (DLP) policy. A RegEx pattern is a sequence of characters that defines a search pattern, which can be used to match specific sequences of characters in the documents.

  In this scenario, you can use a RegEx pattern to match the customer account numbers, which consist of 32 alphanumeric characters. By using a RegEx pattern, you can accurately identify the sensitive documents that contain the customer account numbers and take appropriate action, such as blocking access to the documents or sending notifications to the appropriate users.

  Once you have defined the RegEx pattern, you can create a DLP policy in Microsoft Defender for Office 365 that uses the pattern to detect sensitive documents. The DLP policy can then be configured to take appropriate action, such as blocking access to the sensitive documents or sending notifications to the appropriate users.

• Question 134:

  You need to implement the scheduled rule for incident generation based on rulequery1. What should you configure first?

  A. entity mapping

  B. custom details

  C. event grouping

  D. alert details

  Correct Answer: A

• Question 135:

  You need to ensure that the configuration of HuntingQuery1 meets the Microsoft Sentinel requirements. What should you do?

  A. Add HuntingQuery1 to a livestream.

  B. Create a watch list.

  C. Create an Azure Automation rule.

  D. Add HuntingQuery1 to favorites.

  Correct Answer: D

• Question 136:

  You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in. Which anomaly detection policy should you use?

  A. Impossible travel

  B. Activity from anonymous IP addresses

  C. Activity from infrequent country

  D. Malware detection

  Correct Answer: C

  Activity from a country/region that could indicate malicious activity. This policy profiles your environment and triggers alerts when activity is detected from a location that was not recently or was never visited by any user in the organization.

  Activity from the same user in different locations within a time period that is shorter than the expected travel time between the two locations. This can indicate a credential breach, however, it's also possible that the user's actual location is

  masked, for example, by using a VPN.

  Reference:

  https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy

• Question 137:

  You need to configure event monitoring for Server1. The solution must meet the Microsoft Sentinel requirements. What should you create first?

  A. a Microsoft Sentinel automation rule

  B. a Microsoft Sentinel scheduled query rule

  C. a Data Collection Rule (DCR)

  D. an Azure Event Grid topic

  Correct Answer: C

• Question 138:

  You need to ensure that the Group1 members can meet the Microsoft Sentinel requirements. Which role should you assign to Group1?

  A. Microsoft Sentinel Automation Contributor

  B. Logic App Contributor

  C. Automation Operator

  D. Microsoft Sentinel Playbook Operator

  Correct Answer: B

• Question 139:

  You need to implement the Defender for Cloud requirements. What should you configure for Server2?

  A. the Microsoft Antimalware extension

  B. an Azure resource lock

  C. an Azure resource tag

  D. the Azure Automanage machine configuration extension for Windows

  Correct Answer: C

• Question 140:

  You need to ensure that the processing of incidents generated by rulequery1 meets the Microsoft Sentinel requirements.

  What should you create first?

  A. a playbook with an incident trigger

  B. a playbook with an entity trigger

  C. an Azure Automation rule

  D. a playbook with an alert trigger

  Correct Answer: A