You have an Azure subscription that uses Microsoft Defender for Cloud. You need to configure Defender for Cloud to mitigate the following risks:
1.
Vulnerabilities within the application source code
2.
Exploitation toolkits in declarative templates
3.
Operations from malicious IP addresses
4.
Exposed secrets
Which two Defender for Cloud services should you use? Each correct answer presents part of the solution.
NOTE: Each correct answer is worth one point.
A. Microsoft Defender for Resource Manager
B. Microsoft Defender for DNS
C. Microsoft Defender for App Service
D. Microsoft Defender for Servers
E. Microsoft Defender for DevOps
You have 500 on-premises devices.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender 365.
You onboard 100 devices to Microsoft Defender 365.
You need to identify any unmanaged on-premises devices. The solution must ensure that only specific onboarded devices perform the discovery.
What should you do first?
A. Create a device group.
B. Create an exclusion.
C. Set Discovery mode to Basic.
D. Create a tag.
You have a Microsoft 365 E5 subscription that contains a device named Device1. Device1 is enrolled in Microsoft Defender for Endpoint.
Device1 reports an incident that includes a file named File1.exe as evidence.
You initiate the Collect Investigation Package action and download the ZIP file.
You need to identify the first and last time File1.exe was executed.
What should you review in the investigation package?
A. Processes
B. Autoruns
C. Security event log
D. Scheduled tasks
E. Prefetch files
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains 500 Windows devices.
You plan to create a Microsoft Defender XDR custom deception rule.
You need to ensure that the rule will be applied to only 10 specific devices.
What should you do first?
A. Add custom lures to the rule.
B. Add the IP address of each device to the list of decoy accounts and hosts of the rule.
C. Add the devices to a group.
D. Assign a tag to the devices.
You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud.
You need to assign the PCI DSS 4.0 initiative to Sub1 and have the initiative displayed in the Defender for Cloud Regulatory compliance dashboard.
From Security policies in the Environment settings, you discover that the option to add more industry and regulatory standards is unavailable.
What should you do first?
A. Configure the Continuous export settings for Log Analytics.
B. Enable the Cloud Security Posture Management (CSPM) plan for the subscription.
C. Configure the Continuous export settings for Azure Event Hubs.
D. Disable the Microsoft Cloud Security Benchmark (MCSB) assignment.
You have a Microsoft Sentinel workspace named SW1.
You need to identify which anomaly rules are enabled in SW1.
What should you review in Microsoft Sentinel?
A. Content hub
B. Entity behavior
C. Analytics
D. Settings
You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1.
You create a hunting query that detects a new attack vector. The attack vector maps to a tactic listed in the MITRE ATTandCK database.
You need to ensure that an incident is created in WS1 when the new attack vector is detected.
What should you configure?
A. a hunting livestream session
B. a query bookmark
C. a scheduled query rule
D. a Fusion rule
You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR.
The security team at your company detects command and control (C2) agent traffic on the network. Agents communicate once every 50 hours.
You need to create a Microsoft Defender XDR custom detection rule that will identify compromised devices and establish a pattern of communication. The solution must meet the following requirements:
1.
Identify all the devices that have communicated during the past 14 days.
2.
Minimize how long it takes to identify the devices. To what should you set the detection frequency for the rule?
A. Every 12 hours
B. Every 24 hours
C. Every three hours
D. Every hour
You have an on-premises network.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Identity.
From the Microsoft Defender portal, you investigate an incident on a device named Device1 of a user named User1. The incident contains the following Defender for Identity alert.
Suspected identity theft (pass-the-ticket) (external ID 2018)
You need to contain the incident without affecting users and devices. The solution must minimize administrative effort.
What should you do?
A. Disable User1 only.
B. Quarantine Device1 only.
C. Reset the password for all the accounts that previously signed in to Device1.
D. Disable User1 and quarantine Device1.
E. Disable User1, quarantine Device1, and reset the password for all the accounts that previously signed in to Device1.
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains 1,000 Windows devices.
You have a PowerShell script named Script1.ps1 that is signed digitally.
You need to ensure that you can run Script1.ps1 in a live response session on one of the devices.
What should you do first from the live response session?
A. Run the library command.
B. Upload Script1.ps1 to the library.
C. Run the putfile command.
D. Modify the PowerShell execution policy of the device.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-200 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.