Free Access Microsoft.SC-200.v2025-10-27.q144 Practice Test (Page 17)

Question 76

You have a Microsoft 365 subscription that uses Microsoft Defender XOR and contains a Windows device named Oevice1. You investigate a suspicious process named Prod on Device! by using a live response session. You need to perform the following actions:
* Stop Prod.
* Send Prod for further review.
Which live response command should you run for each action? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Question 77

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint and contains a Windows device named Device1. You need to investigate a suspicious executable file detected on Device1. The solution must meet the following requirements:
* Identify the image file path of the file.
* Identify when the file was first detected on Device1.
What should you review from the timeline of the detection event? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

Question 78

You have a Microsoft 365 E5 subscription that uses Microsoft SharePoint Online.
You delete users from the subscription.
You need to be notified if the deleted users downloaded numerous documents from SharePoint Online sites during the month before their accounts were deleted.
What should you use?

A.a file policy in Microsoft Defender for Cloud Apps

B.an access review policy

C.an alert policy in Microsoft Defender for Office 365

D.an insider risk policy

Question 79

You create an Azure subscription.
You enable Azure Defender for the subscription.
You need to use Azure Defender to protect on-premises computers.
What should you do on the on-premises computers?

A.Install the Log Analytics agent.

B.Install the Dependency agent.

C.Configure the Hybrid Runbook Worker role.

D.Install the Connected Machine agent.

Question 80

You have a custom analytics rule to detect threats in Azure Sentinel.
You discover that the analytics rule stopped running. The rule was disabled, and the rule name has a prefix of AUTO DISABLED.
What is a possible cause of the issue?

A.There are connectivity issues between the data sources and Log Analytics.

B.The number of alerts exceeded 10,000 within two minutes.

C.The rule query takes too long to run and times out.

D.Permissions to one of the data sources of the rule query were modified.

Other Version: 1059Microsoft.SC-200.v2025-02-04.q228; 1320Microsoft.SC-200.v2024-08-28.q262; 1359Microsoft.SC-200.v2023-03-24.q53; 1066Microsoft.SC-200.v2023-01-30.q41; 1821Microsoft.SC-200.v2022-12-27.q112; 2682Microsoft.SC-200.v2022-07-31.q102; 3461Microsoft.SC-200.v2022-02-20.q104; 50Microsoft.Examcollectionpass.SC-200.v2021-09-10.by.cora.41q.pdf; 3486Microsoft.SC-200.v2021-09-09.q39

Latest Upload: 150Huawei.H19-315-ENU.v2025-10-27.q108; 115Salesforce.CRT-550.v2025-10-27.q146; 132SAP.E-S4CPE-2405.v2025-10-27.q51; 125Microsoft.SC-200.v2025-10-27.q144; 205CompTIA.SY0-701.v2025-10-27.q603; 119MedicalTests.AAPC-CPC.v2025-10-27.q53; 109ICF.ICF-ACC.v2025-10-27.q28; 160Cisco.400-007.v2025-10-27.q275; 138Salesforce.Certified-Business-Analyst.v2025-10-24.q293; 190Salesforce.B2C-Solution-Architect.v2025-10-23.q111

Question 76

Question 77

Question 78

Question 79

Question 80

Download PDF File