Microsoft SC-200 Quiz 1 Topic 5 Questions 1-5

Question: 1

You have two Azure subscriptions that use Microsoft Defender for Cloud.

You need to ensure that specific Defender for Cloud security alerts are suppressed at the root management group level. The solution must minimize administrative effort.

What should you do in the Azure portal?

ACreate an Azure Policy assignment.

BModify the Workload protections settings in Defender for Cloud.

CCreate an alert rule in Azure Monitor.

DModify the alert settings in Defender for Cloud.

Show Answer

Question: 2

Your company stores the data for every project in a different Azure subscription. All the subscriptions use the same Azure Active Directory (Azure AD) tenant.

Every project consists of multiple Azure virtual machines that run Windows Server. The Windows events of the virtual machines are stored in a Log Analytics workspace in each machine's respective subscription.

You deploy Azure Sentinel to a new Azure subscription.

You need to perform hunting queries in Azure Sentinel to search across all the Log Analytics workspaces of all the subscriptions.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

AAdd the Security Events connector to the Azure Sentinel workspace.

BCreate a query that uses the workspace expression and the union operator.

CUse the alias statement.

DCreate a query that uses the resource expression and the alias operator.

EAdd the Azure Sentinel solution to each workspace.

Show Answer

Question: 3

You need to restrict cloud apps running on CUENT1 to meet the Microsoft Defender for Endpoint requirements. Which two configurations should you modify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Athe Cloud Discovery settings in Microsoft Defender for Cloud Apps

Bthe Onboarding settings from Device management in Settings in Microsoft 365 Defender portal

CMicrosoft Defender for Cloud Apps anomaly detection policies

DAdvanced features from the Endpoints Settings in the Microsoft 365 Defender portal

Show Answer

Question: 4

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

Solution: From Entity tags, you add the accounts as Honeytoken accounts.

Does this meet the goal?

AYes

BNo

Show Answer

Question: 5

You have an Azure subscription that contains a user named User1.

User1 is assigned an Azure Active Directory Premium Plan 2 license

You need to identify whether the identity of User1 was compromised during the last 90 days.

Microsoft SC-200 Quiz:1 Topic:5 Questions:1-5