SC-200 Practice Test

You have a suppression rule in Azure Security Center for 10 virtual machines that are used
for testing. The virtual machines run Windows Server.
You are troubleshooting an issue on the virtual machines.
In Security Center, you need to view the alerts generated by the virtual machines during
the last five days.
What should you do?

A.

Change the rule expiration date of the suppression rule.

B.

Change the state of the suppression rule to Disabled.

C.

Modify the filter for the Security alerts page.

D.

View the Windows event logs on the virtual machines.

You have an Azure subscription named Sub1 and a Microsoft 365 subscription. Sub1 is
linked to an Azure Active Directory (Azure AD) tenant named contoso.com.
You create an Azure Sentinel workspace named workspace1. In workspace1, you activate
an Azure AD connector for contoso.com and an Office 365 connector for the Microsoft 365
subscription.
You need to use the Fusion rule to detect multi-staged attacks that include suspicious signins
to contoso.com followed by anomalous Microsoft Office 365 activity.
Which two actions should you perform? Each correct answer present part of the solution.
NOTE: Each correct selection is worth one point.

A.

Create custom rule based on the Office 365 connector templates.

B.

Create a Microsoft incident creation rule based on Azure Security Center.

C.

Create a Microsoft Cloud App Security connector.

D.

Create an Azure AD Identity Protection connector.

You have the following environment:

Azure Sentinel
A Microsoft 365 subscription
Microsoft Defender for Identity
An Azure Active Directory (Azure AD) tenant
You configure Azure Sentinel to collect security logs from all the Active Directory member
servers and domain controllers.
You deploy Microsoft Defender for Identity by using standalone sensors.
You need to ensure that you can detect when sensitive groups are modified in Active
Directory.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A.

Configure the Advanced Audit Policy Configuration settings for the domain controllers.

B.

Modify the permissions of the Domain Controllers organizational unit (OU).

C.

Configure auditing in the Microsoft 365 compliance center.

D.

Configure Windows Event Forwarding on the domain controllers.

You implement Safe Attachments policies in Microsoft Defender for Office 365.
Users report that email messages containing attachments take longer than expected to be
received.
You need to reduce the amount of time it takes to deliver messages that contain
attachments without compromising security. The attachments must be scanned for
malware, and any messages that contain malware must be blocked.
What should you configure in the Safe Attachments policies?

A.

Dynamic Delivery

B.

Replace

C.

Block and Enable redirect

D.

Monitor and Enable redirect

You have a playbook in Azure Sentinel.
When you trigger the playbook, it sends an email to a distribution group.
You need to modify the playbook to send the email to the owner of the resource instead of
the distribution group.
What should you do?

A.

Add a parameter and modify the trigger.

B.

Add a custom data connector and modify the trigger.

C.

Add a condition and modify the action.

D.

Add a parameter and modify the action.