Free Preparation Discussions
MENU
Microsoft SC-200 Exam
- Topic 1: Mitigate threats using Azure Defender/ Identify and remediate security risks using Secure Score
- Topic 2: Identify and remediate security risks related to Conditional Access events/ manage data retention, alert notification, and advanced features
- Topic 3: Identify and remediate security risks related to Azure Active Directory/ Remediate incidents by using Azure Defender recommendations
- Topic 4: Identify and remediate security risks related to sign-in risk policies/ Identify data sources to be ingested for Azure Sentinel
- Topic 5: Detect, investigate, respond, and remediate identity threats/ Configure and manage custom detections and alerts
- Topic 6: Manage user data discovered during an investigation/ Assess and recommend insider risk policies
- Topic 7: Investigate Azure Defender alerts and incidents/ Configure device attack surface reduction rules
- Topic 8: Design and Configure Windows Events collections/ Manage data loss prevention policy alerts
- Topic 9: Design and configure an Azure Defender implementation/ Configure automated responses in Azure Security Center
- Topic 10: Identify, investigate, and remediate security risks related to privileged identities/ Design and configure playbook in Azure Defender
- Topic 11: Identify the prerequisites for a data connector/ Configure detection alerts in Azure AD Identity Protection
Free Microsoft SC-200 Exam Actual Questions
The questions for SC-200 were last updated On Nov. 27, 2022
Your company has an on-premises network that uses Microsoft Defender for Identity.
The Microsoft Secure Score for the company includes a security assessment associated with unsecure Kerberos delegation.
You need remediate the security risk.
What should you do?
You have an Azure subscription that uses Microsoft Defender for Endpoint.
You need to ensure that you can allow or block a user-specified range of IP addresses and URLs.
What should you enable first in the advanced features from the Endpoints Settings in the Microsoft 365 Defender portal?
You have an Azure subscription that uses Microsoft Defender for Cloud and contains a storage account named storage1. You receive an alert that there was an unusually high volume of delete operations on the blobs in storage1.
You need to identify which blobs were deleted.
What should you review?
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You have a virtual machine that runs Windows 10 and has the Log Analytics agent installed.
You need to simulate an attack on the virtual machine that will generate an alert.
What should you do first?
You have a Microsoft Sentinel workspace named workspace1 that contains custom Kusto queries.
You need to create a Python-based Jupyter notebook that will create visuals. The visuals will display the results of the queries and be pinned to a dashboard. The solution must minimize development effort.
What should you use to create the visuals?
msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to: query log data from multiple sources. enrich the data with Threat Intelligence, geolocations and Azure resource data. extract Indicators of Activity (IoA) from logs and unpack encoded data.
MSTICPy reduces the amount of code that customers need to write for Microsoft Sentinel, and provides:
Data query capabilities, against Microsoft Sentinel tables, Microsoft Defender for Endpoint, Splunk, and other data sources.
Threat intelligence lookups with TI providers, such as VirusTotal and AlienVault OTX.
Enrichment functions like geolocation of IP addresses, Indicator of Compromise (IoC) extraction, and WhoIs lookups.
Visualization tools using event timelines, process trees, and geo mapping.
Advanced analyses, such as time series decomposition, anomaly detection, and clustering.
https://docs.microsoft.com/en-us/azure/sentinel/notebook-get-started
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Submit Cancel