Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that uses Microsoft Defender XDR.
From the Microsoft Defender portal, you perform an audit search and export the results as a file named File1.csv that contains 10,000 rows.
You use Microsoft Excel to perform Get and Transform Data operations to parse the AuditData column from File1.csv. The operations fail to generate columns for specific JSON properties.
You need to ensure that Excel generates columns for the specific JSON properties in the audit search results.
Solution: From Defender, you modify the search criteria of the audit search to increase the number of returned records, and then you export the results. From Excel, you perform the Get and Transform Data operations by using the new export.
Does this meet the requirement?
A. Yes
B. No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that uses Microsoft Defender XDR.
From the Microsoft Defender portal, you perform an audit search and export the results as a file named File1.csv that contains 10,000 rows.
You use Microsoft Excel to perform Get and Transform Data operations to parse the AuditData column from File1.csv. The operations fail to generate columns for specific JSON properties.
You need to ensure that Excel generates columns for the specific JSON properties in the audit search results.
Solution: From Excel, you apply filters to the existing columns in File1.csv to reduce the number of rows, and then you perform the Get and Transform Data operations to parse the AuditData column.
Does this meet the requirement?
A. Yes
B. No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that uses Microsoft Defender XDR.
From the Microsoft Defender portal, you perform an audit search and export the results as a file named File1.csv that contains 10,000 rows.
You use Microsoft Excel to perform Get and Transform Data operations to parse the AuditData column from File1.csv. The operations fail to generate columns for specific JSON properties.
You need to ensure that Excel generates columns for the specific JSON properties in the audit search results.
Solution: From Defender, you modify the search criteria of the audit search to reduce the number of returned records, and then you export the results. From Excel, you perform the Get and Transform Data operations by using the new export.
Does this meet the requirement?
A. Yes
B. No
You have a Microsoft 365 E5 subscription.
Automated investigation and response (AIR) is enabled in Microsoft Defender for Office 365 and devices use full automation in Microsoft Defender for Endpoint.
You have an incident involving a user that received malware-infected email messages on a managed device.
Which action requires manual remediation of the incident?
A. soft deleting the email message
B. hard deleting the email message
C. isolating the device
D. containing the device
You have a Microsoft 365 subscription that uses Microsoft Defender XDR and contains a Windows device named Device1.
The timeline of Device1 includes three files named File1.ps1, File2.exe, and File3.dll.
You need to submit files for deep analysis in Microsoft Defender XDR.
Which files can you submit?
A. File1.ps1 only
B. File2.exe only
C. File3.dll only
D. File2.exe and File3.dll only
E. File1.ps1 and File2.exe only
F. File1.ps1, File2.exe, and File3.dll
Your on-premises network contains an Active Directory Domain Services (AD DS) forest.
You have a Microsoft Entra tenant that uses Microsoft Defender for Identity. The AD DS forest syncs with the tenant.
You need to create a hunting query that will identify LDAP simple binds to the AD DS domain controllers.
Which table should you query?
A. AADServicePrincipalRiskEvents
B. AADDomainServicesAccountLogon
C. SigninLogs
D. IdentityLogonEvents
You have a Microsoft Sentinel workspace named SW1.
In SW1, you investigate an incident that is associated with the following entities:
1.
Host
2.
IP address
3.
User account
4.
Malware name
Which entity can be labeled as an indicator of compromise (IoC) directly from the incident's page?
A. malware name
B. host
C. user account
D. IP address
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains a macOS device named Device1. You need to investigate a Defender for Endpoint agent alert on Device1. The solution must meet the following requirements:
1.
Identify all the active network connections on Device1.
2.
Identify all the running processes on Device1.
3.
Retrieve the login history of Device1.
4.
Minimize administrative effort.
What should you do first from the Microsoft Defender portal?
A. From Devices, click Collect investigation package for Device1.
B. From Advanced features in Endpoints, enable Live Response unsigned script execution.
C. From Devices, initiate a live response session on Device1.
D. From Advanced features in Endpoints, disable Authenticated telemetry.
You have 500 on-premises Windows 11 devices that use Microsoft Defender for Endpoint.
You enable Network device discovery.
You need to create a hunting query that will identify discovered network devices and return the identity of the onboarded device that discovered each network device.
Which built-in function should you use?
A. SeenBy()
B. DeviceFromIP()
C. next()
D. current_cluster_endpoint()
You have an Azure subscription that contains a resource group named RG1. RG1 contains a Microsoft Sentinel workspace. The subscription is linked to a Microsoft Entra tenant that contains a user named User1.
You need to ensure that User1 can deploy and customize Microsoft Sentinel workbook templates. The solution must follow the principle of least privilege.
Which role should you assign to User1 for RG1?
A. Microsoft Sentinel Contributor
B. Workbook Contributor
C. Microsoft Sentinel Automation Contributor
D. Contributor
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-200 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.