Microsoft SC-200 Exam Practice Test Instant Access

Question 1

Your company uses Microsoft Defender for Endpoint.

The company has Microsoft Word documents that contain macros. The documents are used frequently on the devices of the company's accounting team.

You need to hide false positive in the Alerts queue, while maintaining the existing security posture. Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

AResolve the alert automatically.

BHide the alert.

CCreate a suppression rule scoped to any device.

DCreate a suppression rule scoped to a device group.

EGenerate the alert.

Answer : B, C, E

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/manage-alerts

Question 2

You have a Microsoft 365 subscription that uses Microsoft Copilot for Security.

You create a promptbook named Book1.

For Book1, you need to create a prompt that contains an input named IncidentID.

How should you format IncidentID?

A<IncidentID>

BSIncidentlD$

C##IncidentID##

D[IncidentID]

Answer : A

Question 3

You are responsible for responding to Azure Defender for Key Vault alerts.

During an investigation of an alert, you discover unauthorized attempts to access a key vault from a Tor exit node.

What should you configure to mitigate the threat?

AKey Vault firewalls and virtual networks

BAzure Active Directory (Azure AD) permissions

Crole-based access control (RBAC) for the key vault

Dthe access policy settings of the key vault

Answer : A

https://docs.microsoft.com/en-us/azure/key-vault/general/network-security

Question 4

The issue for which team can be resolved by using Microsoft Defender for Office 365?

Aexecutive

Bmarketing

Csecurity

Dsales

Answer : B

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/atp-for-spo-odb-and-teams? view=o365-worldwide

Question 5

You have an Azure subscription that uses Microsoft Defender for Cloud and contains a storage account named storage1. You receive an alert that there was an unusually high volume of delete operations on the blobs in storage1.

You need to identify which blobs were deleted.

What should you review?

Athe Azure Storage Analytics logs

Bthe activity logs of storage1

Cthe alert details

Dthe related entities of the alert

Answer : B

Question 6

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You have a virtual machine that runs Windows 10 and has the Log Analytics agent installed.

You need to simulate an attack on the virtual machine that will generate an alert.

What should you do first?

ARun the Log Analytics Troubleshooting Tool.

BCopy a executable and rename the file as ASC_AlerTest_662jf10N,exe

CModify the settings of the Microsoft Monitoring Agent.

DRun the MMASetup executable and specify the -foo argument

Answer : B

Question 7

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.

You have a query that contains the following statements.

You need to configure a custom detection rule that will use the query. The solution must minimize how long it takes to be notified about events that match the query.

Which frequency should you select for the rule?

AContinuous (NRT)

BEvery hour

CEvery 12 hours

DEvery 3 hours

Answer : A

Microsoft Security Operations Analyst SC-200 Exam Practice Test