Question 1

You have the following advanced hunting query in Microsoft 365 Defender.

Other-Image-2e3b9f357-3e81-40fe-b409-d17265778393

You need to receive an alert when any process disables System Restore on a device managed by Microsoft Defender during the last 24 hours.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

Options :

A : Create a detection rule.

B : Create a suppression rule.

C : Add | order by Timestamp to the query.

D : Replace DeviceProcessEvents with DeviceNetworkEvents.

E : Add DeviceId and ReportId to the output of the query.

Answer: A,E

Question 2

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint and contains a user named User1 and a Microsoft 365 group named Group1. All users are assigned a Defender for Endpoint Plan 1 license.

You enable Microsoft Defender XDR Unified role-based access control (RBAC) for Endpoints & Vulnerability Management.

You need to ensure that User1 can configure alerts that will send email notifications to Group1. The solution must follow the principle of least privilege.

Which permissions should you assign to User1?

Options :

A : Defender Vulnerability Management - Remediation handling

B : Alerts investigation

C : Live response capabilities: Basic

D : Manage security settings

Answer: B

Question 3

Your company deploys the following services:
Microsoft Defender for Identity
Microsoft Defender for Endpoint
Microsoft Defender for Office 365
You need to provide a security analyst with the ability to use the Microsoft 365 security center. The analyst must be able to approve and reject pending actions generated by Microsoft Defender for Endpoint. The solution must use the principle of least privilege.
Which two roles should assign to the analyst? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

Options :

A : the Compliance Data Administrator in Azure Active Directory (Azure AD)

B : the Active remediation actions role in Microsoft Defender for Endpoint

C : the Security Administrator role in Azure Active Directory (Azure AD)

D : the Security Reader role in Azure Active Directory (Azure AD)

Answer: B,D

Question 4

You have an Azure subscription that uses Microsoft Defender for Cloud.

You have an Amazon Web Services (AWS) subscription. The subscription contains multiple virtual machines that run Windows Server.

You need to enable Microsoft Defender for Servers on the virtual machines.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct answer is worth one point.

Options :

A : From Defender for Cloud, enable agentless scanning.

B : Onboard the virtual machines to Microsoft Defender for Endpoint.

C : From Defender for Cloud, configure the AWS connector.

D : Install the Azure Virtual Machine Agent (VM Agent) on each virtual machine.

E : From Defender for Cloud, configure auto-provisioning.

Answer: B,D

Question 5

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.

You discover that when Microsoft Defender for Endpoint generates alerts for a commonly used

executable file, it causes alert fatigue. You need to tune the alerts.

Which two actions can an alert tuning rule perform for the alerts?

Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options :

A : delete

B : hide

C : resolve

D : merge

E : assign

Answer: B,C

Higher Test Marks with Free Online SC-200 Exam Practice

Buying Options: