Free SC-200 Exam Dumps

Question 6

- (Exam Topic 3)
You have a Microsoft 365 E5 subscription.
You plan to perform cross-domain investigations by using Microsoft 365 Defender.
You need to create an advanced hunting query to identify devices affected by a malicious email attachment. How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
SC-200 dumps exhibit
Solution:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-query-emails-devices?view=o36

Does this meet the goal?

A. Yes
B. No

Correct Answer:A

Question 7

- (Exam Topic 3)
You create an Azure subscription named sub1.
In sub1, you create a Log Analytics workspace named workspace1.
You enable Azure Security Center and configure Security Center to use workspace1.
You need to ensure that Security Center processes events from the Azure virtual machines that report to workspace1.
What should you do?

A. In workspace1, install a solution.
B. In sub1, register a provider.
C. From Security Center, create a Workflow automation.
D. In workspace1, create a workbook.

Correct Answer:A
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection

Question 8

- (Exam Topic 3)
You have a custom analytics rule to detect threats in Azure Sentinel.
You discover that the analytics rule stopped running. The rule was disabled, and the rule name has a prefix of AUTO DISABLED.
What is a possible cause of the issue?

A. There are connectivity issues between the data sources and Log Analytics.
B. The number of alerts exceeded 10,000 within two minutes.
C. The rule query takes too long to run and times out.
D. Permissions to one of the data sources of the rule query were modified.

Correct Answer:D
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-custom

Question 9

- (Exam Topic 3)
You need to create a query for a workbook. The query must meet the following requirements:
SC-200 dumps exhibit List all incidents by incident number.
Only include the most recent log for each incident.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Solution:
Graphical user interface Description automatically generated
Reference:
https://www.drware.com/whats-new-soc-operational-metrics-now-available-in-sentinel/

Does this meet the goal?

A. Yes
B. No

Correct Answer:A

Question 10

- (Exam Topic 3)
You have an Azure subscription that uses Azure Defender.
You plan to use Azure Security Center workflow automation to respond to Azure Defender threat alerts. You need to create an Azure policy that will perform threat remediation automatically.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
SC-200 dumps exhibit
Solution:
Graphical user interface, text, application Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects https://docs.microsoft.com/en-us/azure/security-center/workflow-automation

Does this meet the goal?

A. Yes
B. No

Correct Answer:A