Microsoft Microsoft Certifications SC-200 Questions & Answers

• Question 251:

  HOTSPOT

  You have an Azure DevOps organization that contains an Azure Repos repository named Repo1 and is onboarded to Microsoft Defender for DevOps.

  You create infrastructure as code (IaC) files and store them in Repo1. The IaC files are formatted as Bicep files and Helm charts.

  You need to configure Defender for DevOps to identify misconfigurations in the IaC files.

  Which scanning tool should you use for each type of files? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 252:

  HOTSPOT

  You have a Microsoft 365 E5 subscription that uses Microsoft 365 Defender for Endpoint.

  You need to ensure that you can initiate remote shell connections to Windows servers by using the Microsoft 365 Defender portal.

  What should you configure? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 253:

  HOTSPOT

  You have on-premises servers that run Windows Server.

  You have a Microsoft Sentinel workspace named SW1. SW1 is configured to collect Windows Security log entries from the servers by using the Azure Monitor Agent data connector.

  You plan to limit the scope of collected events to events 4624 and 4625 only.

  You need to use a PowerShell script to validate the syntax of the filter applied to the connector.

  How should you complete the script? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 254:

  HOTSPOT

  You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1.

  You need to ensure that the incidents in WS1 include a list of actions that must be performed. The solution must meet the following requirements:

  1.

  Ensure that you can build a tailored list of actions for each type of incident.

  2.

  Minimize administrative effort.

  What should you do? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 255:

  HOTSPOT

  You have an Azure subscription that contains a Log Analytics workspace named Workspace1.

  You configure Azure activity logs and Microsoft Entra ID logs to be forwarded to Workspace1.

  You need to identify which Azure resources have been queried or modified by risky users.

  How should you complete the KQL query? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 256:

  HOTSPOT

  You have a Microsoft 365 subscription that uses Microsoft Defender XDR and contains a Windows device named Device1.

  You investigate a suspicious process named Prod on Device1 by using a live response session.

  You need to perform the following actions:

  1.

  Stop Prod.

  2.

  Send Prod for further review.

  Which live response command should you run for each action? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 257:

  HOTSPOT

  You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint and contains a Windows device named Device1.

  You need to investigate a suspicious executable file detected on Device1. The solution must meet the following requirements:

  1.

  Identify the image file path of the file.

  2.

  Identify when the file was first detected on Device1.

  What should you review from the timeline of the detection event? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 258:

  HOTSPOT

  You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains a Windows device named Device1.

  You initiated a live response session on Device1.

  You need to run a command that will download a 250-MB file named File1.exe from the live response library to Device1. The solution must ensure that File1.exe is downloaded as a background process.

  How should you complete the live response command? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 259:

  HOTSPOT

  You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a Windows device named Device1.

  You investigate Device1 for malicious activity and discover a suspicious file named File1.exe. You collect an investigation package from Device1.

  You need to review the following forensic data points:

  1.

  Is an attacker currently accessing Device1 remotely?

  2.

  When was File1.exe first executed?

  Which folder in the investigation package should you review for each data point? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 260:

  HOTSPOT

  You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains a Windows device named Device1.

  Twenty files on Device1 are quarantined by custom indicators as part of an investigation.

  You need to release the 20 files from quarantine.

  How should you complete the command? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer: