Online Access Free Microsoft.SC-200.v2023-07-08.q82 Practice Test (Page 16)

SC-200 Exam Question 71

You have an Azure subscription that uses Microsoft Sentinel.
You need to create a custom report that will visualise sign-in information over time.
What should you create first?

A.a notebook

B.a hunting query

C.a playbook

D.a workbook

SC-200 Exam Question 72

You implement Safe Attachments policies in Microsoft Defender for Office 365.
Users report that email messages containing attachments take longer than expected to be received.
You need to reduce the amount of time it takes to deliver messages that contain attachments without compromising security. The attachments must be scanned for malware, and any messages that contain malware must be blocked.
What should you configure in the Safe Attachments policies?

A.Dynamic Delivery

B.Replace

C.Block and Enable redirect

D.Monitor and Enable redirect

SC-200 Exam Question 73

You receive an alert from Azure Defender for Key Vault.
You discover that the alert is generated from multiple suspicious IP addresses.
You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must minimize the impact on legitimate users.
What should you do first?

A.Modify the access control settings for the key vault.

B.Enable the Key Vault firewall.

C.Create an application security group.

D.Modify the access policy for the key vault.

SC-200 Exam Question 74

You have an Azure subscription that uses Microsoft Defender for Cloud and contains a storage account named storage1. You receive an alert that there was an unusually high volume of delete operations on the blobs in storage1. You need to identify which blobs were deleted. What should you review?

A.the activity logs of storage1

B.the Azure Storage Analytics logs

C.the alert details

D.the related entities of the alert

SC-200 Exam Question 75

You have a Microsoft Sentinel workspace that contains the following incident.
Brute force attack against Azure Portal analytics rule has been triggered.
You need to identify the geolocation information that corresponds to the incident.
What should you do?

A.From Overview, review the Potential malicious events map.

B.From Incidents, review the details of the iPCustomEntity entity associated with the incident.

C.From Incidents, review the details of the AccouncCuscomEntity entity associated with the incident.

D.From Investigation, review insights on the incident entity.

Other Version: 468Microsoft.SC-200.v2026-05-20.q203; 1248Microsoft.SC-200.v2026-02-21.q170; 645Microsoft.SC-200.v2025-12-18.q155; 677Microsoft.SC-200.v2025-12-15.q150; 2939Microsoft.SC-200.v2025-02-21.q289; 1511Microsoft.SC-200.v2024-01-13.q112; 1377Microsoft.SC-200.v2023-08-25.q90; 1287Microsoft.SC-200.v2023-07-03.q73; 1434Microsoft.SC-200.v2023-03-10.q64; 1406Microsoft.SC-200.v2023-02-18.q55; 3439Microsoft.SC-200.v2022-06-02.q106; 56Microsoft.Troytecdumps.SC-200.v2022-05-05.by.ian.106q.pdf; 1949Microsoft.SC-200.v2022-01-10.q42

Latest Upload: 156NREMT.EMT.v2026-06-06.q125; 123Juniper.JN0-232.v2026-06-06.q60; 154Oracle.1D0-1057-25-D.v2026-06-03.q29; 286NAHQ.CPHQ.v2026-06-03.q396; 262CompTIA.220-1201.v2026-06-03.q196; 163GIAC.GCFE.v2026-06-03.q78; 160HIMSS.CPHIMS.v2026-06-03.q45; 249Google.Professional-Cloud-Architect.v2026-06-03.q165; 165HP.HPE7-A09.v2026-06-02.q48; 179ACDIS.CCDS-O.v2026-06-02.q56

SC-200 Exam Question 71

SC-200 Exam Question 72

SC-200 Exam Question 73

SC-200 Exam Question 74

SC-200 Exam Question 75

Download PDF File