Latest SC-200 Exam Questions

You have a Microsoft 365 E5 subscription that contains 200 Windows 10 devices enrolled
in Microsoft Defender for Endpoint.
You need to ensure that users can access the devices by using a remote shell connection
directly from the Microsoft 365 Defender portal. The solution must use the principle of least
privilege.
What should you do in the Microsoft 365 Defender portal? To answer, select the
appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure subscription.
You plan to implement an Microsoft Sentinel workspace. You anticipate that you will ingest
20 GB of security log data per day.
You need to configure storage for the workspace. The solution must meet the following
requirements:
• Minimize costs for daily ingested data.
• Maximize the data retention period without incurring extra costs.
What should you do for each requirement? To answer, select the appropriate options in the
answer area. NOTE Each correct selection is worth one point.

A company wants to analyze by using Microsoft 365 Apps.
You need to describe the connected experiences the company can use.
Which connected experiences should you describe? To answer, drag the appropriate
connected experiences to the correct description. Each connected experience may be used
once, more than once, or not at all. You may need to drag the split between panes or scroll
to view content.
NOTE: Each correct selection is worth one point.

You have a Microsoft Sentinel workspace that contains an Azure AD data connector.
You need to associate a bookmark with an Azure AD-related incident.
What should you do? To answer, drag the appropriate blades to the correct tasks. Each
blade may be used once, more than once, or not at all. You may need to drag the split bar
between panes or scroll to view content
NOTE: Each correct selection is worth one point.

You have a Microsoft Sentinel workspace.
You have a query named Query1 as shown in the following exhibit.

You plan to create a custom parser named Parser 1. You need to use Query1 in Parser1.
What should you do first?

You need to use an Azure Resource Manager template to create a workflow automation
that will trigger an automatic remediation when specific security alerts are received by
Azure Security Center.
How should you complete the portion of the template that will provision the required Azure
resources? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have resources in Azure and Google cloud.
You need to ingest Google Cloud Platform (GCP) data into Azure Defender.
In which order should you perform the actions? To answer, move all actions from the list of
actions to the answer area and arrange them in the correct order.

You have a Microsoft 365 subscription that uses Microsoft 365 Defender and contains a
user named User1.
You are notified that the account of User1 is compromised.
You need to review the alerts triggered on the devices to which User1 signed in.
How should you complete the query? To answer, select the appropriate options in the
answer area.
NOTE: Each correct selection is worth one point.

You use Azure Sentinel to monitor irregular Azure activity.
You create custom analytics rules to detect threats as shown in the following exhibit.

You have an Azure subscription that has Azure Defender enabled for all supported
resource types.
You create an Azure logic app named LA1.
You plan to use LA1 to automatically remediate security risks detected in Defenders for
Cloud.
You need to test LA1 in Defender for Cloud.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.