SC-200 Practice Test

You receive an alert from Azure Defender for Key Vault.
You discover that the alert is generated from multiple suspicious IP addresses.
You need to reduce the potential of Key Vault secrets being leaked while you investigate
the issue. The solution must be implemented as soon as possible and must minimize the
impact on legitimate users.
What should you do first?

A.

Modify the access control settings for the key vault

B.

Enable the Key Vault firewall

C.

Create an application security group.

D.

Modify the access policy for the key vault

Your company uses Microsoft Sentinel
A new security analyst reports that she cannot assign and resolve incidents in Microsoft
Sentinel.
You need to ensure that the analyst can assign and resolve incidents. The solution must
use the principle of least privilege.
Which role should you assign to the analyst?

A.

Microsoft Sentinel Responder

B.

Logic App Contributor

C.

Microsoft Sentinel Reader

D.

Microsoft Sentinel Contributor

You have an Azure subscription that contains a Log Analytics workspace.
You need to enable just-in-time (JIT) VM access and network detections for Azure
resources.
Where should you enable Azure Defender?

A.

at the subscription level

B.

at the workspace level

C.

at the resource level

You need to visualize Azure Sentinel data and enrich the data by using third-party data
sources to identify indicators of compromise (IoC).
What should you use?

A.

notebooks in Azure Sentinel

B.

Microsoft Cloud App Security

C.

Azure Monitor

D.

hunting queries in Azure Sentinel

Your company has a single office in Istanbul and a Microsoft 365 subscription.
The company plans to use conditional access policies to enforce multi-factor authentication
(MFA).
You need to enforce MFA for all users who work remotely.
What should you include in the solution?

A.

a fraud alert

B.

a user risk policy

C.

a named location

D.

a sign-in user policy