Welcome to KillTest.com
 About SC-200 Questions

TOP Exams

Want to practice some free Microsoft SC-200 exam questions? You can study the following Microsoft SC-200 exam online questions. Killtest provides 245 Q&As for Microsoft SC-200 exam, which has been proven effective in the SC-200 exam preparation. Besides, you can get full payment fee refund if you fail SC-200 exam by using Killtest SC-200 practice exam questions. Ready? Go!

 Get SC-200 with 245 Q&As

Microsoft SC-200 Online Practice Exam Questions

The questions of SC-200 were last updated on Apr 18,2024 .

Viewing page 1 out of 12 pages.

Viewing questions 1 out of 60 questions

Question#1

A security administrator receives email alerts from Azure Defender for activities such as potential malware uploaded to a storage account and potential successful brute force attacks.
The security administrator does NOT receive email alerts for activities such as antimalware action failed and suspicious network activity. The alerts appear in Azure Security Center.
You need to ensure that the security administrator receives email alerts for all the activities.
What should you configure in the Security Center settings?

A. the severity level of email notifications
B. a cloud connector
C. the Azure Defender plans
D. the integration settings for Threat detection

Explanation:
Reference: https://techcommunity.microsoft.com/t5/microsoft-365-defender/get-email-notifications-on-new-incidents-from-microsoft-365/ba-p/2012518

Question#2

HOTSPOT
You have an Azure Storage account that will be accessed by multiple Azure Function apps during the development of an application.
You need to hide Azure Defender alerts for the storage account.
Which entity type and field should you use in a suppression rule? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


A. 

Explanation:
Graphical user interface, application
Description automatically generated

Question#3

DRAG DROP
You have an Azure Sentinel deployment.
You need to query for all suspicious credential access activities.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


A. 

Question#4

You have a suppression rule in Azure Security Center for 10 virtual machines that are used for testing. The virtual machines run Windows Server.
You are troubleshooting an issue on the virtual machines.
In Security Center, you need to view the alerts generated by the virtual machines during the last five days.
What should you do?

A. Change the rule expiration date of the suppression rule.
B. Change the state of the suppression rule to Disabled.
C. Modify the filter for the Security alerts page.
D. View the Windows event logs on the virtual machines.

Explanation:
Reference: https://docs.microsoft.com/en-us/azure/security-center/alerts-suppression-rules

Question#5

You use Azure Security Center.
You receive a security alert in Security Center.
You need to view recommendations to resolve the alert in Security Center.
What should you do?

A. From Security alerts, select the alert, select Take Action, and then expand the Prevent future attacks section.
B. From Security alerts, select Take Action, and then expand the Mitigate the threat section.
C. From Regulatory compliance, download the report.
D. From Recommendations, download the CSV report.

Explanation:
Reference: https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alerts

Exam Code: SC-200
Q & A: 245 Q&As
Updated:  Apr 18,2024

 Get SC-200 Full Version

KILLTEST CONTACT INFO

[email protected]

GMT+8: Mon-Sat 8:00-18:00

GMT: Mon-Sat 0:00-10:00

Certifications

How to buy

Stay in touch