Question 1

You use Azure Defender.
You have an Azure Storage account that contains sensitive information.
You need to run a PowerShell script if someone accesses the storage account from a suspicious IP address.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

Options :

A : From Azure Security Center, enable workflow automation.

B : Create an Azure logic appthat has a manual trigger

C : Create an Azure logic app that has an Azure Security Center alert trigger.

D : Create an Azure logic appthat has an HTTP trigger.

E : From Azure Active Directory (Azure AD), add an app registration.

Answer: A,C

Question 2

You have an Azure Sentinel deployment in the East US Azure region.
You create a Log Analytics workspace named LogsWest in the West US Azure region.
You need to ensure that you can use scheduled analytics rules in the existing Azure Sentinel deployment to generate alerts based on queries to LogsWest.
What should you do first?

Options :

A : Deploy Azure Data Catalog to the West US Azure region.

B : Modify the workspace settings of the existing Azure Sentinel deployment

C : Add Microsoft Sentinel to a workspace.

D : Create a data connector in Azure Sentinel.

Answer: C

Question 3

You have 50 Microsoft Sentinel workspaces.

You need to view all the incidents from all the workspaces on a single page in the Azure portal. The solution must minimize administrative effort.

Which page should you use in the Azure portal?

Options :

A : Microsoft Sentinel - Incidents

B : Microsoft Sentinel - Workbooks

C : Microsoft Sentinel

D : Log Analytics workspaces

Answer: D

Question 4

You have the following environment:
Azure Sentinel
A Microsoft 365 subscription
Microsoft Defender for Identity
An Azure Active Directory (Azure AD) tenant
You configure Azure Sentinel to collect security logs from all the Active Directory member servers and domain controllers.
You deploy Microsoft Defender for Identity by using standalone sensors.
You need to ensure that you can detect when sensitive groups are modified in Active Directory.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

Options :

A : Configure the Advanced Audit Policy Configuration settings for the domain controllers.

B : Modify the permissions of the Domain Controllers organizational unit (OU).

C : Configure auditing in the Microsoft 365 compliance center.

D : Configure Windows Event Forwarding on the domain controllers.

Answer: A,D

Question 5

Which rule setting should you configure to meet the Microsoft Sentinel requirements?

Options :

A : From Set rule logic, turn off suppression.

B : From Analytics rule details, configure the tactics.

C : From Set rule logic, map the entities.

D : From Analytics rule details, configure the severity.

Answer: C

Higher Test Marks with Free Online SC-200 Exam Practice

Buying Options: