Free Preparation Discussions
MENU
Microsoft SC-200 Exam Questions
- Topic 1: Manage a security operations environment: This topic of the exam covers how to configure settings in Microsoft Defender XDR, Manage assets and environments, Design and configure a Microsoft Sentinel workspace, and Ingest data sources in Microsoft Sentinel.
- Topic 2: Configure protections and detections: This section deals with configuring protections in Microsoft Defender security technologies, configuring detection in Microsoft Defender XDR, and configuring detections in Microsoft Sentinel.
- Topic 3: Manage incident response: This section is about responding to alerts and incidents in Microsoft Defender XDR, it also covers responding to alerts and incidents identified by Microsoft Defender for Endpoint as well as configuring security orchestration, automation, and response (SOAR) in Microsoft Sentinel.
- Topic 4: Perform threat hunting: This section of the exam covers hunting for threats by using KQL and Microsoft Sentinel. It also involves analyzing and interpreting data by using workbooks.
Free Microsoft SC-200 Exam Actual Questions
Note: Premium Questions for SC-200 were last updated On Dec. 06, 2024 (see below)
You have a Microsoft 365 subscription that uses Microsoft Defender XDR.
You are investigating an attacker that is known to use the Microsoft Graph API as an attack vector. The attacker performs the tactics shown the following table.
You need to search for malicious activities in your organization.
Which tactics can you analyze by using the MicrosoftGraphActivityLogs table?
You have a Microsoft 365 subscription that contains the following resources:
* 100 users that are assigned a Microsoft 365 E5 license
* 100 Windows 11 devices that are joined to the Microsoft Entra tenant
The users access their Microsoft Exchange Online mailbox by using Outlook on the web.
You need to ensure that if a user account is compromised, the Outlook on the web session token can be revoked.
What should you configure?
You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a user named User1.
You need to ensure that User1 can manage Microsoft Defender XDR custom detection rules and Endpoint security policies. The solution must follow the principle of least privilege.
Which role should you assign to User1?
You have a Microsoft 365 E5 subscription that contains a device named Device 1. Device 1 is enrolled in Microsoft Defender for End point.
Device1 reports an incident that includes a file named File1 exe as evidence.
You initiate the Collect Investigation Package action and download the ZIP file.
You need to identify the first and last time File1.exe was executed.
What should you review in the investigation package?
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains 500 Windows devices. As part of an incident investigation, you identify the following suspected malware files:
* sys
* docx
* xlsx
You need to create indicator hashes to block users from downloading the files to the devices. Which files can you block by using the indicator hashes?
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Macy
2 days agoAlishia
7 days agoAdell
19 days agoJennifer
1 months agoLucina
1 months agoAsha
2 months agoRyan
2 months agoMichal
2 months agoLeigha
3 months agoLinsey
3 months agoDell
3 months agoSantos
3 months agoSabra
3 months agoClaudio
4 months agoMila
4 months agoJoni
5 months agoDella
6 months agoMaryann
6 months agoGerald
6 months agoTenesha
6 months agodarrena
6 months agokalasan
6 months ago