[13-Apr-2021 Update] Exam SC-200 VCE Dumps and SC-200 PDF Dumps from PassLeader

Valid SC-200 Dumps shared by PassLeader for Helping Passing SC-200 Exam! PassLeader now offer the newest SC-200 VCE dumps and SC-200 PDF dumps, the PassLeader SC-200 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader SC-200 dumps with VCE and PDF here: https://www.passleader.com/sc-200.html (55 Q&As Dumps –> 91 Q&As Dumps –> 116 Q&As Dumps –> 149 Q&As Dumps –> 217 Q&As Dumps –> 264 Q&As Dumps –> 282 Q&As Dumps –> 311 Q&As Dumps –> 346 Q&As Dumps)

BTW, DOWNLOAD part of PassLeader SC-200 dumps from Cloud Storage: https://drive.google.com/drive/folders/1D7sX6DDpE-AaGl4QV9bMBXnyAbBcL2CE

NEW QUESTION 1
You are configuring Microsoft Defender for Identity integration with Active Directory. From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.
Solution: From Azure Identity Protection, you configure the sign-in risk policy.
Does this meet the goal?

A.    Yes
B.    No

Answer: B
Explanation:
https://docs.microsoft.com/en-us/defender-for-identity/manage-sensitive-honeytoken-accounts

NEW QUESTION 2
You use Azure Security Center. You receive a security alert in Security Center. You need to view recommendations to resolve the alert in Security Center.
Solution: From Security alerts, you select the alert, select Take Action, and then expand the Prevent future attacks section.
Does this meet the goal?

A.    Yes
B.    No

Answer: B
Explanation:
You need to resolve the existing alert, not prevent future alerts. Therefore, you need to select the “Mitigate the threat” option.
https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alerts

NEW QUESTION 3
You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in. Which anomaly detection policy should you use?

A.    Impossible travel.
B.    Activity from anonymous IP addresses.
C.    Activity from infrequent country.
D.    Malware detection.

Answer: C
Explanation:
https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy

NEW QUESTION 4
Your company uses Microsoft Defender for Endpoint. The company has Microsoft Word documents that contain macros. The documents are used frequently on the devices of the company’s accounting team. You need to hide false positive in the Alerts queue, while maintaining the existing security posture. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A.    Resolve the alert automatically.
B.    Hide the alert.
C.    Create a suppression rule scoped to any device.
D.    Create a suppression rule scoped to a device group.
E.    Generate the alert.

Answer: BCE
Explanation:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/manage-alerts

NEW QUESTION 5
You are investigating a potential attack that deploys a new ransomware strain. You plan to perform automated actions on a group of highly valuable machines that contain sensitive information. You have three custom device groups. You need to be able to temporarily group the machines to perform actions on the devices. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A.    Add a tag to the device group.
B.    Add the device users to the admin role.
C.    Add a tag to the machines.
D.    Create a new device group that has a rank of 1.
E.    Create a new admin role.
F.    Create a new device group that has a rank of 4.

Answer: BDE
Explanation:
https://www.drware.com/how-to-use-tagging-effectively-in-microsoft-defender-for-endpoint-part-1/

NEW QUESTION 6
You receive an alert from Azure Defender for Key Vault. You discover that the alert is generated from multiple suspicious IP addresses. You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must minimize the impact on legitimate users. What should you do first?

A.    Modify the access control settings for the key vault.
B.    Enable the Key Vault firewall.
C.    Create an application security group.
D.    Modify the access policy for the key vault.

Answer: B
Explanation:
https://docs.microsoft.com/en-us/azure/security-center/defender-for-key-vault-usage

NEW QUESTION 7
You create an Azure subscription named sub1. In sub1, you create a Log Analytics workspace named workspace1. You enable Azure Security Center and configure Security Center to use workspace1. You need to ensure that Security Center processes events from the Azure virtual machines that report to workspace1. What should you do?

A.    In workspace1, install a solution.
B.    In sub1, register a provider.
C.    From Security Center, create a Workflow automation.
D.    In workspace1, create a workbook.

Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection

NEW QUESTION 8
Your company uses Azure Security Center and Azure Defender. The security operations team at the company informs you that it does NOT receive email notifications for security alerts. What should you configure in Security Center to enable the email notifications?

A.    Security solutions.
B.    Security policy.
C.    Pricing & settings.
D.    Security alerts.
E.    Azure Defender.

Answer: C
Explanation:
https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details

NEW QUESTION 9
You plan to create a custom Azure Sentinel query that will track anomalous Azure Active Directory (Azure AD) sign-in activity and present the activity as a time chart aggregated by day. You need to create a query that will be used to display the time chart. What should you include in the query?

A.    extend
B.    bin
C.    makeset
D.    workspace

Answer: B
Explanation:
https://docs.microsoft.com/en-us/azure/azure-monitor/logs/get-started-queries

NEW QUESTION 10
You are configuring Azure Sentinel. You need to send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected. Which two actions should you perform in Azure Sentinel? (Each correct answer presents part of the solution. Choose two.)

A.    Add a playbook.
B.    Associate a playbook to an incident.
C.    Enable Entity behavior analytics.
D.    Create a workbook.
E.    Enable the Fusion rule.

Answer: AB
Explanation:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook

NEW QUESTION 11
You need to visualize Azure Sentinel data and enrich the data by using third-party data sources to identify indicators of compromise (IoC). What should you use?

A.    Notebooks in Azure Sentinel.
B.    Microsoft Cloud App Security.
C.    Azure Monitor.
D.    Hunting queries in Azure Sentinel.

Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/sentinel/notebooks

NEW QUESTION 12
You use Azure Sentinel. You need to receive an immediate alert whenever Azure Storage account keys are enumerated. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Create a livestream.
B.    Add a data connector.
C.    Create an analytics rule.
D.    Create a hunting query.
E.    Create a bookmark.

Answer: BD
Explanation:
https://docs.microsoft.com/en-us/azure/sentinel/livestream

NEW QUESTION 13
You have a playbook in Azure Sentinel. When you trigger the playbook, it sends an email to a distribution group. You need to modify the playbook to send the email to the owner of the resource instead of the distribution group. What should you do?

A.    Add a parameter and modify the trigger.
B.    Add a custom data connector and modify the trigger.
C.    Add a condition and modify the action.
D.    Add a parameter and modify the action.

Answer: D
Explanation:
https://azsec.azurewebsites.net/2020/01/19/notify-azure-sentinel-alert-to-your-email-automatically/

NEW QUESTION 14
Hotspot
You have an Azure subscription that has Azure Defender enabled for all supported resource types. You create an Azure logic app named LA1. You plan to use LA1 to automatically remediate security risks detected in Azure Security Center. You need to test LA1 in Security Center. What should you do? (To answer, select the appropriate options in the answer area.)
SC-200-Exam-Questions-141

Answer:
SC-200-Exam-Questions-142
Explanation:
https://docs.microsoft.com/en-us/azure/security-center/workflow-automation#create-a-logic-app-and-define-when-it-should-automatically-run

NEW QUESTION 15
Drag and Drop
You create a new Azure subscription and start collecting logs for Azure Monitor. You need to configure Azure Security Center to detect possible threats related to sign-ins from suspicious IP addresses to Azure virtual machines. The solution must validate the configuration. Which three actions should you perform in a sequence? (To answer, move the appropriate actions from the list of action to the answer area and arrange them in the correct order.)
SC-200-Exam-Questions-151

Answer:
SC-200-Exam-Questions-152
Explanation:
https://docs.microsoft.com/en-us/azure/security-center/security-center-alert-validation

NEW QUESTION 16
……


Get the newest PassLeader SC-200 VCE dumps here: https://www.passleader.com/sc-200.html (55 Q&As Dumps –> 91 Q&As Dumps –> 116 Q&As Dumps –> 149 Q&As Dumps –> 217 Q&As Dumps –> 264 Q&As Dumps –> 282 Q&As Dumps –> 311 Q&As Dumps –> 346 Q&As Dumps)

And, DOWNLOAD the newest PassLeader SC-200 PDF dumps from Cloud Storage for free: https://drive.google.com/drive/folders/1D7sX6DDpE-AaGl4QV9bMBXnyAbBcL2CE