Microsoft SC-200 Exam Actual Questions 100% Correct Verified 2024 Version
Course
Academic Avengers Verified Papers
Institution
Academic Avengers Verified Papers
Microsoft SC-200 Exam Actual Questions |
100% Correct | Verified | 2024 Version
You are investigating an incident by using Microsoft 365 Defender.
You need to create an advanced hunting query to count failed sign-in authentications on
three devices named CFOLaptop, CEOLaptop, and COOLaptop.
Co...
Microsoft SC-200 Exam Actual Questions |
100% Correct | Verified | 2024 Version
You are investigating an incident by using Microsoft 365 Defender.
You need to create an advanced hunting query to count failed sign-in authentications on
three devices named CFOLaptop, CEOLaptop, and COOLaptop.
Complete the query.
You need to receive a security alert when a user attempts to sign in from a location that
was never used by the other users in your organization to sign in.
Which anomaly detection policy should you use?
A. Impossible travel
B. Activity from anonymous IP addresses
C. Activity from infrequent country
D. Malware detection
A. Impossible travel
B. Activity from anonymous IP addresses
C. Activity from infrequent country
D. Malware detection
You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.
You have Microsoft SharePoint Online sites that contain sensitive documents.
The documents contain customer account numbers that each consists of 32
alphanumeric characters.
You need to create a data loss prevention (DLP) policy to protect the sensitive
documents.
What should you use to detect which documents are sensitive?
A. SharePoint search
B. a hunting query in Microsoft 365 Defender
C. Azure Information Protection
D. RegEx pattern matching
A. SharePoint search
,B. a hunting query in Microsoft 365 Defender
C. Azure Information Protection
D. RegEx pattern matching
Your company uses line-of-business apps that contain Microsoft Office VBA macros.
You need to prevent users from downloading and running additional payloads from the
Office VBA macros as additional child processes.
Which two commands can you run to achieve the goal? Each correct answer presents a
complete solution.
Your company uses Microsoft Defender for Endpoint.
The company has Microsoft Word documents that contain macros. The documents are
used frequently on the devices of the company's accounting team.
You need to hide false positive in the Alerts queue, while maintaining the existing
security posture.
Which three actions should you perform? Each correct answer presents part of the
solution.
A. Resolve the alert automatically.
B. Hide the alert.
C. Create a suppression rule scoped to any device.
D. Create a suppression rule scoped to a device group.
E. Generate the alert.
A. Resolve the alert automatically.
B. Hide the alert.
C. Create a suppression rule scoped to any device.
D. Create a suppression rule scoped to a device group.
E. Generate the alert.
B -> C -> E
Your environment does NOT have Microsoft Defender for Endpoint enabled.
You need to remediate the risk for the Launchpad app.Which four actions should you
perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.
, You have a Microsoft 365 E5 subscription.
You plan to perform cross-domain investigations by using Microsoft 365 Defender.
You need to create an advanced hunting query to identify devices affected by a
malicious email attachment.
How should you complete the query?
You have the following advanced hunting query in Microsoft 365 Defender.
You need to receive an alert when any process disables System Restore on a device
managed by Microsoft Defender during the last 24 hours.
Which two actions should you perform? Each correct answer presents part of the
solution.
A. Create a detection rule.
B. Create a suppression rule.
C. Add | order by Timestamp to the query.
D. Replace DeviceProcessEvents with DeviceNetworkEvents.
E. Add DeviceId and ReportId to the output of the query.
A. Create a detection rule.
B. Create a suppression rule.
C. Add | order by Timestamp to the query.
D. Replace DeviceProcessEvents with DeviceNetworkEvents.
E. Add DeviceId and ReportId to the output of the query.
You are investigating a potential attack that deploys a new ransomware strain.
You have three custom device groups. The groups contain devices that store highly
sensitive information.
You plan to perform automated actions on all devices.You need to be able to
temporarily group the machines to perform actions on the devices.
Which three actions should you perform? Each correct answer presents part of the
solution.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller hov. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $8.49. You're not tied to anything after your purchase.