Free Access Microsoft.SC-200.v2025-02-04.q228 Practice Test (Page 36)

Question 171

You are investigating a potential attack that deploys a new ransomware strain.
You plan to perform automated actions on a group of highly valuable machines that contain sensitive information.
You have three custom device groups.
You need to be able to temporarily group the machines to perform actions on the devices.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A.Add a tag to the device group.

B.Add the device users to the admin role.

C.Add a tag to the machines.

D.Create a new device group that has a rank of 1.

E.Create a new admin role.

F.Create a new device group that has a rank of 4.

Question 172

You have a Microsoft 365 subscription
You need to identify all the security principals that submitted requests to change or delete groups. How should you complete the KQL query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Question 173

You are investigating an incident by using Microsoft 365 Defender.
You need to create an advanced hunting query to detect failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Topic 1, Litware inc.
Existing Environment
Identity Environment
The network contains an Active Directory forest named litware.com that syncs to an Azure Active Directory (Azure AD) tenant named litware.com.
Microsoft 365 Environment
Litware has a Microsoft 365 E5 subscription linked to the litware.com Azure AD tenant. Microsoft Defender for Endpoint is deployed to all computers that run Windows 10. All Microsoft Cloud App Security built-in anomaly detection policies are enabled.
Azure Environment
Litware has an Azure subscription linked to the litware.com Azure AD tenant. The subscription contains resources in the East US Azure region as shown in the following table.

Network Environment
Each Litware office connects directly to the internet and has a site-to-site VPN connection to the virtual networks in the Azure subscription.
On-premises Environment
The on-premises network contains the computers shown in the following table.

Current problems
Cloud App Security frequently generates false positive alerts when users connect to both offices simultaneously.
Planned Changes
Litware plans to implement the following changes:
Create and configure Azure Sentinel in the Azure subscription.
Validate Azure Sentinel functionality by using Azure AD test user accounts.
Business Requirements
Litware identifies the following business requirements:

Azure Information Protection Requirements
All files that have security labels and are stored on the Windows 10 computers must be available from the Azure Information Protection - Data discovery dashboard.
Microsoft Defender for Endpoint Requirements
All Cloud App Security unsanctioned apps must be blocked on the Windows 10 computers by using Microsoft Defender for Endpoint.
Microsoft Cloud App Security Requirements
Cloud App Security must identify whether a user connection is anomalous based on tenant-level data.
Azure Defender Requirements
All servers must send logs to the same Log Analytics workspace.
Azure Sentinel Requirements
Litware must meet the following Azure Sentinel requirements:
Integrate Azure Sentinel and Cloud App Security.
Ensure that a user named admin1 can configure Azure Sentinel playbooks.
Create an Azure Sentinel analytics rule based on a custom query. The rule must automatically initiate the execution of a playbook.
Add notes to events that represent data access from a specific IP address to provide the ability to reference the IP address when navigating through an investigation graph while hunting.
Create a test rule that generates alerts when inbound access to Microsoft Office 365 by the Azure AD test user accounts is detected. Alerts generated by the rule must be grouped into individual incidents, with one incident per test user account.

Question 174

You have an Azure subscription that contains an Microsoft Sentinel workspace.
You need to create a hunting query using Kusto Query Language (KQL) that meets the following requirements:
* Identifies an anomalous number of changes to the rules of a network security group (NSG) made by the same security principal
* Automatically associates the security principal with an Microsoft Sentinel entity How should you complete the query? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

Question 175

You have an Azure subscription that contains 100 Linux virtual machines.
You need to configure Microsoft Sentinel to collect event logs from the virtual machines.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Other Version: 1285Microsoft.SC-200.v2024-08-28.q262; 1348Microsoft.SC-200.v2023-03-24.q53; 1049Microsoft.SC-200.v2023-01-30.q41; 1765Microsoft.SC-200.v2022-12-27.q112; 2659Microsoft.SC-200.v2022-07-31.q102; 3432Microsoft.SC-200.v2022-02-20.q104; 50Microsoft.Examcollectionpass.SC-200.v2021-09-10.by.cora.41q.pdf; 3462Microsoft.SC-200.v2021-09-09.q39

Latest Upload: 104Fortinet.NSE8_812.v2025-10-22.q86; 129HP.HPE2-B04.v2025-10-21.q38; 111Oracle.1Z0-1160-1.v2025-10-21.q18; 119GitHub.GitHub-Advanced-Security.v2025-10-21.q27; 132Oracle.1Z0-084.v2025-10-21.q31; 314CuramSoftware.CS0-003.v2025-10-18.q211; 197GAQM.Databricks-Certified-Data-Engineer-Associate.v2025-10-18.q113; 192SAP.C-C4HCX-2405.v2025-10-17.q85; 250Huawei.H12-831_V1.0.v2025-10-16.q126; 182SAP.C-THR70-2411.v2025-10-16.q55

Question 171

Question 172

Question 173

Question 174

Question 175

Download PDF File