Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu
sale

Want to Unlock All Questions for this Exam?

Full Exam Access, Discussions, No Robots Checks

27
Students signed up in the last 24H

Microsoft SC-200 Exam Actual Questions

The questions for SC-200 were last updated on April 13, 2024.
  • Viewing page 1 out of 57 pages.
  • Viewing questions 1-5 out of 287 questions
 

Topic 1 - Question Set 1

Question #1 Topic 1

DRAG DROP -
You are investigating an incident by using Microsoft 365 Defender.
You need to create an advanced hunting query to count failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Select and Place:

Reveal Solution Hide Solution   Discussion   36

Correct Answer:

Question #2 Topic 1

You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in.
Which anomaly detection policy should you use?

  • A. Impossible travel
  • B. Activity from anonymous IP addresses
  • C. Activity from infrequent country
  • D. Malware detection
Reveal Solution Hide Solution   Discussion   37

Correct Answer: C 🗳️
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy

Question #3 Topic 1

You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.
You have Microsoft SharePoint Online sites that contain sensitive documents. The documents contain customer account numbers that each consists of 32 alphanumeric characters.
You need to create a data loss prevention (DLP) policy to protect the sensitive documents.
What should you use to detect which documents are sensitive?

  • A. SharePoint search
  • B. a hunting query in Microsoft 365 Defender
  • C. Azure Information Protection
  • D. RegEx pattern matching
Reveal Solution Hide Solution   Discussion   65

Correct Answer: C 🗳️
Reference:
https://docs.microsoft.com/en-us/azure/information-protection/what-is-information-protection

Question #4 Topic 1

Your company uses line-of-business apps that contain Microsoft Office VBA macros.
You need to prevent users from downloading and running additional payloads from the Office VBA macros as additional child processes.
Which two commands can you run to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A.

B.

C.

D.

Reveal Solution Hide Solution   Discussion   44

Correct Answer: BC
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction

Question #5 Topic 1

Your company uses Microsoft Defender for Endpoint.
The company has Microsoft Word documents that contain macros. The documents are used frequently on the devices of the company's accounting team.
You need to hide false positive in the Alerts queue, while maintaining the existing security posture.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Resolve the alert automatically.
  • B. Hide the alert.
  • C. Create a suppression rule scoped to any device.
  • D. Create a suppression rule scoped to a device group.
  • E. Generate the alert.
Reveal Solution Hide Solution   Discussion   80

Correct Answer: BCE 🗳️
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/manage-alerts

Next Questions

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel