ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 2 question 40 discussion

Actual exam question from Microsoft's SC-200
Question #: 40
Topic #: 2
[All SC-200 Questions]

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You have a virtual machine that runs Windows 10 and has the Log Analytics agent installed.

You need to simulate an attack on the virtual machine that will generate an alert.

What should you do first?

  • A. Run the Log Analytics Troubleshooting Tool.
  • B. Copy and executable and rename the file as ASC_AlertTest_662jfi039N.exe.
  • C. Modify the settings of the Microsoft Monitoring Agent.
  • D. Run the MMASetup executable and specify the –foo argument.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by m_saeed at Feb. 19, 2023, 6:23 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
[Removed]
Highly Voted 1 year, 3 months ago
Selected Answer: B
you can use the built-in ASC AlertTest tool. Here's what you should do first: Connect to the virtual machine. Open a web browser and navigate to the Microsoft Defender Security Center portal. Click on the "Settings" tab in the left-hand menu. Click on the "Advanced features" link to expand the advanced features section. In the "Advanced features" section, click on the "Download" link next to the "ASC AlertTest" tool. Download and save the ASC AlertTest tool to the virtual machine. Double-click the downloaded ASC AlertTest executable to run it. Follow the on-screen prompts to generate an alert in Microsoft Defender for Cloud. You may need to specify the IP address or hostname of the virtual machine, as well as a description and category for the simulated attack.
upvoted 5 times
...
chepeerick
Most Recent 7 months, 2 weeks ago
Correct
upvoted 2 times
...
kazaki
10 months ago
All answers are wrong Correct is powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference = 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\\test-MDATP-test\\invoice.exe');Start-Process 'C:\\test-MDATP-test\\invoice.exe'
upvoted 3 times
kabooze
7 months, 1 week ago
they're all wrong or the question is wrong. I see people refer to "ASC_AlertTest_662jfi039N" but this is only for K8s. Not for windows VM's...
upvoted 2 times
...
...
marv__
1 year, 2 months ago
Selected Answer: B
https://learn.microsoft.com/en-us/azure/defender-for-cloud/alert-validation
upvoted 2 times
...
Comicbookman
1 year, 3 months ago
Selected Answer: B
Simulate alerts on your Azure VMs (Windows) After the Log Analytics agent is installed on your machine, follow these steps from the computer where you want to be the attacked resource of the alert: Copy an executable (for example calc.exe) to the computer's desktop, or another directory of your convenience, and ----------> rename it as ASC_AlertTest_662jfi039N.exe. <----------- Open the command prompt and execute this file with an argument (just a fake argument name), such as ASC_AlertTest_662jfi039N.exe -foo Wait for 5 to 10 minutes and open Defender for Cloud Alerts. An alert should appear.
upvoted 3 times
...
watoz1851
1 year, 3 months ago
Selected Answer: B
https://learn.microsoft.com/en-us/azure/defender-for-cloud/alert-validation#simulate-alerts-on-your-azure-vms-windows-
upvoted 2 times
...
m_saeed
1 year, 3 months ago
Selected Answer: D
chat GPT explanation, To simulate an attack on the virtual machine that will generate an alert, you should first run the MMASetup executable and specify the –foo argument. This will simulate an attack and generate an alert in Defender for Cloud. You can then view the alert in the Azure portal to verify that the attack was successful.
upvoted 2 times
Holii
1 year, 1 month ago
You already have Log Analytics installed...why do you need to run MMASetup executable again? This is B.
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel