Online Access Free Microsoft.SC-200.v2022-01-10.q42 Practice Test (Page 7)

SC-200 Exam Question 26

You create a new Azure subscription and start collecting logs for Azure Monitor.
You need to configure Azure Security Center to detect possible threats related to sign-ins from suspicious IP addresses to Azure virtual machines. The solution must validate the configuration.
Which three actions should you perform in a sequence? To answer, move the appropriate actions from the list of action to the answer area and arrange them in the correct order.

SC-200 Exam Question 27

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring Azure Sentinel.
You need to create an incident in Azure Sentinel when a sign-in to an Azure virtual machine from a malicious IP address is detected.
Solution: You create a Microsoft incident creation rule for a data connector.
Does this meet the goal?

A.Yes

B.No

SC-200 Exam Question 28

The issue for which team can be resolved by using Microsoft Defender for Endpoint?

A.executive

B.sales

C.marketing

Correct Answer: B

Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios
Topic 2, Litware inc.
Overview
Litware Inc. is a renewable company.
Litware has offices in Boston and Seattle. Litware also has remote users located across the United States. To access Litware resources, including cloud resources, the remote users establish a VPN connection to either office.
Existing Environment
Identity Environment
The network contains an Active Directory forest named litware.com that syncs to an Azure Active Directory (Azure AD) tenant named litware.com.
Microsoft 365 Environment
Litware has a Microsoft 365 E5 subscription linked to the litware.com Azure AD tenant. Microsoft Defender for Endpoint is deployed to all computers that run Windows 10. All Microsoft Cloud App Security built-in anomaly detection policies are enabled.
Azure Environment
Litware has an Azure subscription linked to the litware.com Azure AD tenant. The subscription contains resources in the East US Azure region as shown in the following table.

Network Environment
Each Litware office connects directly to the internet and has a site-to-site VPN connection to the virtual networks in the Azure subscription.
On-premises Environment
The on-premises network contains the computers shown in the following table.

Current problems
Cloud App Security frequently generates false positive alerts when users connect to both offices simultaneously.
Planned Changes
Litware plans to implement the following changes:
Create and configure Azure Sentinel in the Azure subscription.
Validate Azure Sentinel functionality by using Azure AD test user accounts.
Business Requirements
Litware identifies the following business requirements:
* Azure Information Protection Requirements
* All files that have security labels and are stored on the Windows 10 computers must be available from the Azure Information * Protection - Data discovery dashboard.
* Microsoft Defender for Endpoint Requirements
All Cloud App Security unsanctioned apps must be blocked on the Windows 10 computers by using Microsoft Defender for Endpoint.
Microsoft Cloud App Security Requirements
Cloud App Security must identify whether a user connection is anomalous based on tenant-level data.
Azure Defender Requirements
All servers must send logs to the same Log Analytics workspace.
Azure Sentinel Requirements
Litware must meet the following Azure Sentinel requirements:
Integrate Azure Sentinel and Cloud App Security.
Ensure that a user named admin1 can configure Azure Sentinel playbooks.
Create an Azure Sentinel analytics rule based on a custom query. The rule must automatically initiate the execution of a playbook.
Add notes to events that represent data access from a specific IP address to provide the ability to reference the IP address when navigating through an investigation graph while hunting.
Create a test rule that generates alerts when inbound access to Microsoft Office 365 by the Azure AD test user accounts is detected. Alerts generated by the rule must be grouped into individual incidents, with one incident per test user account.

SC-200 Exam Question 29

You are responsible for responding to Azure Defender for Key Vault alerts.
During an investigation of an alert, you discover unauthorized attempts to access a key vault from a Tor exit node.
What should you configure to mitigate the threat?

A.Key Vault firewalls and virtual networks

B.Azure Active Directory (Azure AD) permissions

C.role-based access control (RBAC) for the key vault

D.the access policy settings of the key vault

SC-200 Exam Question 30

You use Azure Sentinel.
You need to receive an immediate alert whenever Azure Storage account keys are enumerated.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A.Create a livestream

B.Add a data connector

C.Create an analytics rule

D.Create a hunting query.

E.Create a bookmark.

Other Version: 494Microsoft.SC-200.v2026-05-20.q203; 1331Microsoft.SC-200.v2026-02-21.q170; 672Microsoft.SC-200.v2025-12-18.q155; 715Microsoft.SC-200.v2025-12-15.q150; 2970Microsoft.SC-200.v2025-02-21.q289; 1539Microsoft.SC-200.v2024-01-13.q112; 1402Microsoft.SC-200.v2023-08-25.q90; 1312Microsoft.SC-200.v2023-07-08.q82; 1312Microsoft.SC-200.v2023-07-03.q73; 1444Microsoft.SC-200.v2023-03-10.q64; 1426Microsoft.SC-200.v2023-02-18.q55; 3447Microsoft.SC-200.v2022-06-02.q106; 56Microsoft.Troytecdumps.SC-200.v2022-05-05.by.ian.106q.pdf

Latest Upload: 143CrowdStrike.CCSE-204.v2026-06-12.q25; 162VMware.2V0-17.25.v2026-06-12.q49; 152Appian.ACA-100.v2026-06-11.q23; 208CompTIA.220-1202.v2026-06-11.q114; 164CheckPoint.156-590.v2026-06-11.q47; 224CompTIA.220-1202.v2026-06-10.q109; 206CertiProf.CEHPC.v2026-06-10.q54; 152Hitachi.HQT-4160.v2026-06-10.q25; 405PMI.PMI-ACP-CN.v2026-06-09.q453; 193Splunk.SPLK-5002.v2026-06-08.q52

SC-200 Exam Question 26

SC-200 Exam Question 27

SC-200 Exam Question 28

SC-200 Exam Question 29

SC-200 Exam Question 30

Download PDF File