New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-200 Exam - Topic 6 Question 18 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 18
Topic #: 6
[All SC-200 Questions]

You have an Azure subscription named Sub1 and a Microsoft 365 subscription. Sub1 is linked to an Azure Active Directory (Azure AD) tenant named contoso.com.

You create an Azure Sentinel workspace named workspace1. In workspace1, you activate an Azure AD connector for contoso.com and an Office 365 connector for the Microsoft 365 subscription.

You need to use the Fusion rule to detect multi-staged attacks that include suspicious sign-ins to contoso.com followed by anomalous Microsoft Office 365 activity.

Which two actions should you perform? Each correct answer present part of the solution.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer: A, B

by Maurine at May 04, 2022, 09:15 AM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Malcom
4 months ago
Agreed, A is a must for this scenario!
upvoted 0 times
...
Lakeesha
4 months ago
Wait, why would we need a Cloud App Security connector?
upvoted 0 times
...
Laine
4 months ago
Definitely A, but I’m skeptical about D.
upvoted 0 times
...
Alecia
5 months ago
I think B could also be useful, but not sure.
upvoted 0 times
...
Regenia
5 months ago
A and D are the right moves here.
upvoted 0 times
...
Maurine
5 months ago
I vaguely recall that creating a Microsoft incident creation rule based on Azure Security Center might not be directly related to the Fusion rule. It seems like it’s more about general security management.
upvoted 0 times
...
Gerry
5 months ago
I'm a bit confused about the Azure AD Identity Protection connector. I know it relates to sign-ins, but does it really tie into the Fusion rule for multi-staged attacks?
upvoted 0 times
...
Elliott
5 months ago
I think we practiced a similar question where we had to set up rules for detecting suspicious activities. I feel like creating a custom rule based on the Office 365 connector templates could be a good option.
upvoted 0 times
...
In
5 months ago
I remember we discussed the importance of connectors in Azure Sentinel, but I'm not sure if the Microsoft Cloud App Security connector is the right choice here.
upvoted 0 times
...
Theron
5 months ago
Okay, I've got a strategy for this. First, I'll carefully examine the code snippet and look for any clues or patterns that might indicate the type of language. Then, I'll compare that to the answer choices and select the one that best matches what I've observed.
upvoted 0 times
...
Adolph
5 months ago
Hmm, I'm not sure about this one. I'll need to think it through carefully to make sure I select the right 3 options.
upvoted 0 times
...

Save Cancel