Dumps4free
Go Back on SC-200 Exam
Available in 1, 3, 6 and 12 Months Free Updates Plans
PDF: $15 $60

Test Engine: $20 $80

PDF + Engine: $25 $99

SC-200 Practice Test


Page 10 out of 32 Pages

Topic 3: Misc. Questions

You have a Microsoft Sentinel workspace named Workspaces
You need to exclude a built-in. source-specific Advanced Security Information Model
(ASIM) parser from a built-in unified ASIM parser.
What should you create in Workspace1?


A.

a workbook


B.

a hunting query


C.

a watchlist


D.

an analytic rule





D.   

an analytic rule



Explanation:
To exclude a built-in, source-specific Advanced Security Information Model (ASIM) parser
from a built-in unified ASIM parser, you should create an analytic rule in the Microsoft
Sentinel workspace. An analytic rule allows you to customize the behavior of the unified
ASIM parser and exclude specific source-specific parsers from being used.
Reference: https://docs.microsoft.com/en-us/azure/sentinel/analytics-create-analytic-rule

You are investigating a potential attack that deploys a new ransomware strain.
You plan to perform automated actions on a group of highly valuable machines that contain
sensitive information.
You have three custom device groups.
You need to be able to temporarily group the machines to perform actions on the devices.
Which three actions should you perform? Each correct answer presents part of the
solution. NOTE: Each correct selection is worth one point.


A.

Add a tag to the device group.


B.

Add the device users to the admin role.


C.

Add a tag to the machines.


D.

Create a new device group that has a rank of 1.


E.

Create a new admin role.


F.

Create a new device group that has a rank of 4.





A.   

Add a tag to the device group.



C.   

Add a tag to the machines.



D.   

Create a new device group that has a rank of 1.



You have an existing Azure logic app that is used to block Azure Active Directory (Azure
AD) users. The logic app is triggered manually.
You deploy Azure Sentinel.
You need to use the existing logic app as a playbook in Azure Sentinel. What should you
do first?


A.

And a new scheduled query rule.


B.

Add a data connector to Azure Sentinel


C.

Configure a custom Threat Intelligence connector in Azure Sentinel


D.

Modify the trigger in the logic app.





D.   

Modify the trigger in the logic app.



You have a Microsoft 365 subscription that uses Microsoft 365 Defender.
You need to identify all the entities affected by an incident.
Which tab should you use in the Microsoft 365 Defender portal?


A.

Investigations


B.

Devices


C.

Evidence and Response


D.

Alerts





C.   

Evidence and Response



Explanation:
The Evidence and Response tab shows all the supported events and suspicious entities in
the alerts in the incident.
Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender/investigateincidents

You create an Azure subscription named sub1.
In sub1, you create a Log Analytics workspace named workspace1.
You enable Azure Security Center and configure Security Center to use workspace1.
You need to ensure that Security Center processes events from the Azure virtual machines
that report to workspace1.
What should you do?


A.

In workspace1, install a solution.


B.

In sub1, register a provider


C.

From Security Center, create a Workflow automation


D.

In workspace1, create a workbook





A.   

In workspace1, install a solution.




Page 10 out of 32 Pages
Previous