Free Microsoft SC-200 Practice Exam with Questions & Answers | Set: 2

You need to recommend remediation actions for the Azure Defender alerts for Fabrikam.

What should you recommend for each threat? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to minimize the effort required to investigate the Microsoft Defender for Identity false positive alerts. What should you review?

You implement Safe Attachments policies in Microsoft Defender for Office 365.

Users report that email messages containing attachments take longer than expected to be received.

You need to reduce the amount of time it takes to deliver messages that contain attachments without compromising security. The attachments must be scanned for malware, and any messages that contain malware must be blocked.

What should you configure in the Safe Attachments policies?

You need to remediate active attacks to meet the technical requirements.

What should you include in the solution?

You have a Microsoft 365 E5 subscription that contains a database server named DB1. DB1 is onboarded to Microsoft Defender XDR.

You need to ensure that DB1 appears on the attack surface map.

What should you configure?

You have a Microsoft 365 subscription that uses Microsoft Purview and contains a Microsoft SharePoint Online site named Site1. Site1 contains the files shown in the following table.

From Microsoft Purview, you create the content search queries shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE; Each correct selection is worth one point.

You have a Microsoft Sentinel workspace named Workspace1.

You need to exclude a built-in, source-specific Advanced Security information Model (ASIM) parse from a built-in unified ASIM parser.

What should you create in Workspace1?

You have a suppression rule in Azure Security Center for 10 virtual machines that are used for testing. The virtual machines run Windows Server.

You are troubleshooting an issue on the virtual machines.

In Security Center, you need to view the alerts generated by the virtual machines during the last five days.

What should you do?

Your on-premises network contains a Hyper-V cluster. The cluster contains the virtual machines shown in the following table.

You have a Microsoft Sentinel workspace named SW1.

You have a data collection rule (OCR) that has the following configurations:

• Name: DCR1

• Destination: SW1

• Platform type: All

• Data collection endpoint: None

• Data source: Windows event logs, Linux syslog

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You have a custom analytics rule to detect threats in Azure Sentinel.

You discover that the analytics rule stopped running. The rule was disabled, and the rule name has a prefix of AUTO DISABLED.

What is a possible cause of the issue?