Question 1

You create a hunting query in Azure Sentinel.
You need to receive a notification in the Azure portal as soon as the hunting query detects a match on the query. The solution must minimize effort.
What should you use?

Options :

A : a playbook

B : a notebook

C : a livestream

D : a bookmark

Answer: C

Question 2

A company uses Azure Sentinel.
You need to create an automated threat response.
What should you use?

Options :

A : a data connector

B : a playbook

C : a workbook

D : a Microsoft incident creation rule

Answer: B

Question 3

You need to configure Microsoft Defender for Cloud Apps to generate alerts and trigger remediation actions in response to external sharing of confidential files.

Which two actions should you perform in the Microsoft 365 Defender portal? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options :

A : From Settings, select Information Protection, select Azure Information Protection, and then select Only scan files for Azure Information Protection classification labels and content inspection warnings from this tenant.

B : From Cloud apps, select Files, and then filter File Type to Document.

C : From Settings, select Information Protection, select Files, and then enable file monitoring.

D : From Cloud apps, select Files, and then filter App to Office 365.

E : From Cloud apps, select Files, and then select New policy from search.

F : From Settings, select Information Protection, select Azure Information Protection, and then select Automatically scan new files for Azure Information Protection classification labels and content inspection warnings.

Answer: B,F

Question 4

You have an Azure subscription that uses Microsoft Defender for Cloud and contains a storage account named storage1. You receive an alert that there was an unusually high volume of delete operations on the blobs in storage1.

You need to identify which blobs were deleted.

What should you review?

Options :

A : the Azure Storage Analytics logs

B : the activity logs of storage1

C : the alert details

D : the related entities of the alert

Answer: B

Question 5

You have the following advanced hunting query in Microsoft 365 Defender.

Other-Image-2e3b9f357-3e81-40fe-b409-d17265778393

You need to receive an alert when any process disables System Restore on a device managed by Microsoft Defender during the last 24 hours.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

Options :

A : Create a detection rule.

B : Create a suppression rule.

C : Add | order by Timestamp to the query.

D : Replace DeviceProcessEvents with DeviceNetworkEvents.

E : Add DeviceId and ReportId to the output of the query.

Answer: A,E

Higher Test Marks with Free Online SC-200 Exam Practice

Buying Options: