Valid SC-200 Dumps shared by PassLeader for Helping Passing SC-200 Exam! PassLeader now offer the newest SC-200 VCE dumps and SC-200 PDF dumps, the PassLeader SC-200 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader SC-200 dumps with VCE and PDF here: https://www.passleader.com/sc-200.html (149 Q&As Dumps –> 217 Q&As Dumps –> 264 Q&As Dumps –> 282 Q&As Dumps –> 311 Q&As Dumps –> 346 Q&As Dumps)
BTW, DOWNLOAD part of PassLeader SC-200 dumps from Cloud Storage: https://drive.google.com/drive/folders/1D7sX6DDpE-AaGl4QV9bMBXnyAbBcL2CE
NEW QUESTION 137
You have a Microsoft 365 E5 subscription that uses Microsoft SharePoint Online. You delete users from the subscription. You need to be notified if the deleted users downloaded numerous documents from SharePoint Online sites during the month before their accounts were deleted. What should you use?
A. a file policy in Microsoft Defender for Cloud Apps
B. an access review policy
C. an alert policy in Microsoft Defender for Office 365
D. an insider risk policy
Answer: C
Explanation:
Alert policies let you categorize the alerts that are triggered by a policy, apply the policy to all users in your organization, set a threshold level for when an alert is triggered, and decide whether to receive email notifications when alerts are triggered.
https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies
NEW QUESTION 138
You have a Microsoft 365 subscription that has Microsoft 365 Defender enabled. You need to identify all the changes made to sensitivity labels during the past seven days. What should you use?
A. the Incidents blade of the Microsoft 365 Defender portal
B. the Alerts settings on the Data Loss Prevention blade of the Microsoft 365 compliance center
C. the Activity explorer in the Microsoft 365 compliance center
D. the Explorer settings on the Email & collaboration blade of the Microsoft 365 Defender portal
Answer: C
Explanation:
Labeling activities are available in Activity explorer.
https://docs.microsoft.com/en-us/microsoft-365/compliance/data-classification-activity-explorer-available-events?view=o365-worldwide
NEW QUESTION 139
You have a Microsoft 365 subscription that uses Microsoft 365 Defender. You need to identify all the entities affected by an incident. Which tab should you use in the Microsoft 365 Defender portal?
A. Investigations
B. Devices
C. Evidence and Response
D. Alerts
Answer: C
Explanation:
The Evidence and Response tab shows all the supported events and suspicious entities in the alerts in the incident.
https://docs.microsoft.com/en-us/microsoft-365/security/defender/investigate-incidents
NEW QUESTION 140
You have five on-premises Linux servers. You have an Azure subscription that uses Microsoft Defender for Cloud. You need to use Defender for Cloud to protect the Linux servers. What should you install on the servers first?
A. the Dependency agent
B. the Log Analytics agent
C. the Azure Connected Machine agent
D. the Guest Configuration extension
Answer: B
Explanation:
Defender for Cloud depends on the Log Analytics agent.
https://docs.microsoft.com/en-us/azure/defender-for-cloud/os-coverage
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview#log-analytics-agent
NEW QUESTION 141
You have an Azure subscription that uses Microsoft Sentinel. You need to minimize the administrative effort required to respond to the incidents and remediate the security threats detected by Microsoft Sentinel. Which two features should you use? (Each correct answer presents part of the solution. Choose two.)
A. Microsoft Sentinel bookmarks.
B. Azure Automation runbooks.
C. Microsoft Sentinel automation rules.
D. Microsoft Sentinel playbooks.
E. Azure Functions apps.
Answer: CD
Explanation:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook?tabs=LAC
NEW QUESTION 142
You have a Microsoft Sentinel workspace named workspace1 that contains custom Kusto queries. You need to create a Python-based Jupyter notebook that will create visuals. The visuals will display the results of the queries and be pinned to a dashboard. The solution must minimize development effort. What should you use to create the visuals?
A. plotly
B. TensorFlow
C. msticpy
D. matplotlib
Answer: C
Explanation:
msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to:
– Query log data from multiple sources.
– Enrich the data with Threat Intelligence, geolocations and Azure resource data.
– Extract Indicators of Activity (IoA) from logs and unpack encoded data.
MSTICPy reduces the amount of code that customers need to write for Microsoft Sentinel, and provides:
– Data query capabilities, against Microsoft Sentinel tables, Microsoft Defender for Endpoint, Splunk, and other data sources.
– Threat intelligence lookups with TI providers, such as VirusTotal and AlienVault OTX.
– Enrichment functions like geolocation of IP addresses, Indicator of Compromise (IoC) extraction, and WhoIs lookups.
– Visualization tools using event timelines, process trees, and geo mapping.
– Advanced analyses, such as time series decomposition, anomaly detection, and clustering.
https://docs.microsoft.com/en-us/azure/sentinel/notebook-get-started
https://msticpy.readthedocs.io/en/latest/
NEW QUESTION 143
You have two Azure subscriptions that use Microsoft Defender for Cloud. You need to ensure that specific Defender for Cloud security alerts are suppressed at the root management group level. The solution must minimize administrative effort. What should you do in the Azure portal?
A. Create an Azure Policy assignment.
B. Modify the Workload protections settings in Defender for Cloud.
C. Create an alert rule in Azure Monitor.
D. Modify the alert settings in Defender for Cloud.
Answer: D
Explanation:
You can use alerts suppression rules to suppress false positives or other unwanted security alerts from Defender for Cloud.
https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-suppression-rules
NEW QUESTION 144
HotSpot
You have a Microsoft 365 subscription that uses Microsoft 365 Defender and contains a user named User1. You are notified that the account of User1 is compromised. You need to review the alerts triggered on the devices to which User1 signed in. How should you complete the query? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
https://docs.microsoft.com/en-us/microsoft-365/security/defender/advanced-hunting-query-emails-devices?view=o365-worldwide
NEW QUESTION 145
HotSpot
You have a Microsoft Sentinel workspace named sws1. You need to create a hunting query to identify users that list storage keys of multiple Azure Storage accounts. The solution must exclude users that list storage keys for a single storage account. How should you complete the query? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureActivity/Anomalous_Listing_Of_Storage_Keys.yaml
NEW QUESTION 146
Drag and Drop
You have an Azure subscription. The subscription contains 10 virtual machines that are onboarded to Microsoft Defender for Cloud. You need to ensure that when Defender for Cloud detects digital currency mining behavior on a virtual machine, you receive an email notification. The solution must generate a test email. Which three actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation
NEW QUESTION 147
Drag and Drop
You have a Microsoft Sentinel workspace named workspace1 and an Azure virtual machine named VM1. You receive an alert for suspicious use of PowerShell on VM1. You need to investigate the incident, identify which event triggered the alert, and identify whether the following actions occurred on VM1 after the alert:
– The modification of local group memberships.
– The purging of event logs.
Which three actions should you perform in sequence in the Azure portal? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
Answer:
Explanation:
https://github.com/Azure/Azure-Sentinel/wiki/Investigation-Insights—Overview
https://docs.microsoft.com/en-us/azure/sentinel/investigate-cases
NEW QUESTION 148
……
Get the newest PassLeader SC-200 VCE dumps here: https://www.passleader.com/sc-200.html (149 Q&As Dumps –> 217 Q&As Dumps –> 264 Q&As Dumps –> 282 Q&As Dumps –> 311 Q&As Dumps –> 346 Q&As Dumps)
And, DOWNLOAD the newest PassLeader SC-200 PDF dumps from Cloud Storage for free: https://drive.google.com/drive/folders/1D7sX6DDpE-AaGl4QV9bMBXnyAbBcL2CE