SC-200 Exam Question 51
You need to implement the Azure Information Protection requirements. What should you configure first?
SC-200 Exam Question 52
You have a Microsoft Sentinel workspace named SW1.
In SW1, you investigate an incident that is associated with the following entities:
* Host
* IP address
* User account
* Malware name
Which entity can be labeled as an indicator of compromise (loC) directly from the incident s page?
In SW1, you investigate an incident that is associated with the following entities:
* Host
* IP address
* User account
* Malware name
Which entity can be labeled as an indicator of compromise (loC) directly from the incident s page?
SC-200 Exam Question 53
You have a Microsoft Sentinel workspace named sws1.
You need to create a hunting query to identify users that list storage keys of multiple Azure Storage accounts.
The solution must exclude users that list storage keys for a single storage account.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to create a hunting query to identify users that list storage keys of multiple Azure Storage accounts.
The solution must exclude users that list storage keys for a single storage account.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
SC-200 Exam Question 54
You have a Microsoft 365 E5 subscription.
You need to create a hunting query that will return every email that contains an attachment named Document.
pdf. The query must meet the following requirements:
* Only show emails sent during the last hour.
* Optimize query performance.
How should you complete the query? To answer, select the appropriate options in the answer area. NOTE:
Each correct selection is worth one point.
You need to create a hunting query that will return every email that contains an attachment named Document.
pdf. The query must meet the following requirements:
* Only show emails sent during the last hour.
* Optimize query performance.
How should you complete the query? To answer, select the appropriate options in the answer area. NOTE:
Each correct selection is worth one point.
SC-200 Exam Question 55
You have a Microsoft 365 E5 subscription that uses Microsoft Copilot for Security. You plan to run the following code to create a custom Copilot for Security plugin.
You need to specify a format and complete the code segment. Which format should you use for the <target> variable?
You need to specify a format and complete the code segment. Which format should you use for the <target> variable?