SC-200 Exam Question 161
You have a Microsoft Sentinel workbook that contains the following KQL query.
You need to create a visual that will change the color of the errCount column based on the value returned.
How should you configure the visual? To answer, select the appropriate options in the answer area. NOTE:
Each correct selection is worth one point.
You need to create a visual that will change the color of the errCount column based on the value returned.
How should you configure the visual? To answer, select the appropriate options in the answer area. NOTE:
Each correct selection is worth one point.
SC-200 Exam Question 162
You have a Microsoft Sentinel workspace that contains a custom workbook named Workbook1.
You need to create a visual based on the SecuntyEvent table. The solution must meet the following requirements:
* Identify the number of security events ingested during the past week.
* Display the count of events by day in a timechart
What should you add to Workbook1?
You need to create a visual based on the SecuntyEvent table. The solution must meet the following requirements:
* Identify the number of security events ingested during the past week.
* Display the count of events by day in a timechart
What should you add to Workbook1?
SC-200 Exam Question 163
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center.
You receive a security alert in Security Center.
You need to view recommendations to resolve the alert in Security Center.
Solution: From Regulatory compliance, you download the report.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center.
You receive a security alert in Security Center.
You need to view recommendations to resolve the alert in Security Center.
Solution: From Regulatory compliance, you download the report.
Does this meet the goal?
SC-200 Exam Question 164
You create an Azure subscription.
You enable Azure Defender for the subscription.
You need to use Azure Defender to protect on-premises computers.
What should you do on the on-premises computers?
You enable Azure Defender for the subscription.
You need to use Azure Defender to protect on-premises computers.
What should you do on the on-premises computers?
SC-200 Exam Question 165
You have a Microsoft Sentinel workspace named workspace1 and an Azure virtual machine named VM1.
You receive an alert for suspicious use of PowerShell on VM1.
You need to investigate the incident, identify which event triggered the alert, and identify whether the following actions occurred on VM1 after the alert:
* The modification of local group memberships
* The purging of event logs
Which three actions should you perform in sequence in the Azure portal? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You receive an alert for suspicious use of PowerShell on VM1.
You need to investigate the incident, identify which event triggered the alert, and identify whether the following actions occurred on VM1 after the alert:
* The modification of local group memberships
* The purging of event logs
Which three actions should you perform in sequence in the Azure portal? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
