ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 6 question 19 discussion

Actual exam question from Microsoft's SC-200
Question #: 19
Topic #: 6
[All SC-200 Questions]

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.

You are investigating an attacker that is known to use the Microsoft Graph API as an attack vector. The attacker performs the tactics shown the following table.



You need to search for malicious activities in your organization.

Which tactics can you analyze by using the MicrosoftGraphActivityLogs table?

  • A. Tactic1 only
  • B. Tactic2 only
  • C. Tactic1 and Tactic3 only
  • D. Tactic2 and Tactic3 only
  • E. Tactic1, Tactic2, and Tactic3
Show Suggested Answer Hide Answer
Suggested Answer: E 🗳️
by 90158a0 at July 10, 2024, 12:03 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Optimizor_IT
1 month ago
Selected Answer: E
E. Tactic 1, Tactic 2, and Tactic 3 (with caveat): Why: Tactic 1 and Tactic 2 are definitively in MicrosoftGraphActivityLogs. Tactic 3 (VM deletion) isn’t typically Graph API, but if the attacker used Graph API for related Azure enumeration (e.g., /organization), it might be partially traceable. However, deletion itself is in AzureActivity. E assumes all tactics use Graph API, though Tactic 3 stretches this—likely a question intent vs. technical mismatch.
upvoted 1 times
...
user636
8 months, 2 weeks ago
Another vague question. Answer is Tactic1 & Tactic2. But as there is no such option in the answers, go for "E".
upvoted 2 times
...
g_man_rap
8 months, 3 weeks ago
is options are incorrect: Tactic3: Deletes Azure virtual machines Deleting Azure virtual machines is more of an Azure Resource Manager (ARM) operation rather than a Microsoft 365 or Microsoft Graph API-specific action. This would typically be logged in Azure Activity Logs, not the MicrosoftGraphActivityLogs.
upvoted 3 times
...
90158a0
10 months, 1 week ago
From ChatGPT: Tactic1: Discovers misconfigured mailboxes - This would involve API calls to access mailbox settings and configurations, which would be logged in the MicrosoftGraphActivityLogs table. Tactic2: Searches Microsoft Teams chats and exports full conversations - This involves accessing Microsoft Teams data through API calls, which would also be logged in the MicrosoftGraphActivityLogs table. Tactic3: Deletes Azure virtual machines - This is an action related to Azure Resource Management, which might not be directly logged in the MicrosoftGraphActivityLogs table. This activity is more likely to be found in Azure activity logs. Why there is no option 1 and 2?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago