Microsoft SC-200 Exam Questions - Real Practice Questions for Guaranteed Success

Question 1

Your on-premises network contains an Active Directory Domain Services (AD DS) forest.

You have a Microsoft Entra tenant that uses Microsoft Defender for Identity. The AD DS forest syncs with the tenant

You need to create a hunting query that will identify LDAP simple binds to the AD DS domain controllers.

Which table should you query?

AAADServicePrincipalRiskEventi

BIdentityLOgonEvents

CAADDomainServicesAccountLogon

DSigninlogs

Correct : B

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AAADServicePrincipalRiskEventi

BIdentityLOgonEvents

CAADDomainServicesAccountLogon

DSigninlogs

0 / 1500

Question 2

You have a Microsoft Sentinel workspace that contains a custom workbook named Workbook1.

You need to create a visual based on the SecuntyEvent table. The solution must meet the following requirements:

* Identify the number of security events ingested during the past week.

* Display the count of events by day in a timechart

What should you add to Workbook1?

Aa query

Ba metric

Ca group

Dlinks or tabs

Correct : A

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

Aa query

Ba metric

Ca group

Dlinks or tabs

0 / 1500

Question 3

You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1.

You create a hunting query that detects a new attack vector. The attack vector maps to a tactic listed in the MITRE ATT&CK database.

You need to ensure that an incident is created in WS1 when the new attack vector is detected.

What should you configure?

Aa Fusion rule

Ba query bookmark

Ca scheduled query rule

Da hunting livestream session

Correct : C

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

Aa Fusion rule

Ba query bookmark

Ca scheduled query rule

Da hunting livestream session

0 / 1500

Question 4

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR.

The security team at your company detects command and control (C2) agent traffic on the network. Agents communicate once every 50 hours.

You need to create a Microsoft Defender XDR custom detection rule that will identify compromised devices and establish a pattern of communication. The solution must meet the following requirements:

* Identify all the devices that have communicated during the past 14 days.

* Minimize how long it takes to identify the devices.

To what should you set the detection frequency for the rule?

AEvery three hours

BEvery 24 hours

CEvery hour

DEvery 12 hours

Correct : C

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AEvery three hours

BEvery 24 hours

CEvery hour

DEvery 12 hours

0 / 1500

Question 5

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint and contains a user named user1 and a Microsoft 365 group named Group1. All users are assigned a Defender for Endpoint Plan 1 license.

You enable Microsoft Defender XDR Unified role-based access control (RBAC) for Endpoints & Vulnerability Management.

You need to ensure that User1 can configure alerts that will send email notifications to Group1. The solution must follow the principle of least privilege.

Which permissions should you assign to User1?

AAlerts investigation

BManage security settings

CDefender Vulnerability Management - Remediation handling

DLive response capabilities: Basic

Correct : A

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AAlerts investigation

BManage security settings

CDefender Vulnerability Management - Remediation handling

DLive response capabilities: Basic

0 / 1500

Master Microsoft SC-200 Exam with Reliable Practice Questions

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users: