Valid SC-200 Dumps shared by ExamDiscuss.com for Helping Passing SC-200 Exam! ExamDiscuss.com now offer the newest SC-200 exam dumps, the ExamDiscuss.com SC-200 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com SC-200 dumps with Test Engine here:
Access SC-200 Dumps Premium Version
(370 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 22/46
You need to remediate active attacks to meet the technical requirements.
What should you include in the solution?
What should you include in the solution?
Correct Answer: B
D Azure Sentinel livestreams
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks
Topic 1, Contoso Ltd
Existing Environment
End-User Environment
All users at Contoso use Windows 10 devices. Each user is licensed for Microsoft 365. In addition, iOS devices are distributed to the members of the sales team at Contoso.
Cloud and Hybrid Infrastructure
All Contoso applications are deployed to Azure.
You enable Microsoft Cloud App Security.
Contoso and Fabrikam have different Azure Active Directory (Azure AD) tenants. Fabrikam recently purchased an Azure subscription and enabled Azure Defender for all supported resource types.
Current Problems
The security team at Contoso receives a large number of cybersecurity alerts. The security team spends too much time identifying which cybersecurity alerts are legitimate threats, and which are not.
The Contoso sales team uses only iOS devices. The sales team members exchange files with customers by using a variety of third-party tools. In the past, the sales team experienced various attacks on their devices.
The marketing team at Contoso has several Microsoft SharePoint Online sites for collaborating with external vendors. The marketing team has had several incidents in which vendors uploaded files that contain malware.
The executive team at Contoso suspects a security breach. The executive team requests that you identify which files had more than five activities during the past 48 hours, including data access, download, or deletion for Microsoft Cloud App Security-protected applications.
Requirements
Planned Changes
Contoso plans to integrate the security operations of both companies and manage all security operations centrally.
Technical Requirements
Contoso identifies the following technical requirements:
Receive alerts if an Azure virtual machine is under brute force attack.
Use Azure Sentinel to reduce organizational risk by rapidly remediating active attacks on the environment.
Implement Azure Sentinel queries that correlate data across the Azure AD tenants of Contoso and Fabrikam.
Develop a procedure to remediate Azure Defender for Key Vault alerts for Fabrikam in case of external attackers and a potential compromise of its own Azure AD applications.
Identify all cases of users who failed to sign in to an Azure resource for the first time from a given country. A junior security administrator provides you with the following incomplete query.
BehaviorAnalytics
| where ActivityType == "FailedLogOn"
| where ________ == True
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks
Topic 1, Contoso Ltd
Existing Environment
End-User Environment
All users at Contoso use Windows 10 devices. Each user is licensed for Microsoft 365. In addition, iOS devices are distributed to the members of the sales team at Contoso.
Cloud and Hybrid Infrastructure
All Contoso applications are deployed to Azure.
You enable Microsoft Cloud App Security.
Contoso and Fabrikam have different Azure Active Directory (Azure AD) tenants. Fabrikam recently purchased an Azure subscription and enabled Azure Defender for all supported resource types.
Current Problems
The security team at Contoso receives a large number of cybersecurity alerts. The security team spends too much time identifying which cybersecurity alerts are legitimate threats, and which are not.
The Contoso sales team uses only iOS devices. The sales team members exchange files with customers by using a variety of third-party tools. In the past, the sales team experienced various attacks on their devices.
The marketing team at Contoso has several Microsoft SharePoint Online sites for collaborating with external vendors. The marketing team has had several incidents in which vendors uploaded files that contain malware.
The executive team at Contoso suspects a security breach. The executive team requests that you identify which files had more than five activities during the past 48 hours, including data access, download, or deletion for Microsoft Cloud App Security-protected applications.
Requirements
Planned Changes
Contoso plans to integrate the security operations of both companies and manage all security operations centrally.
Technical Requirements
Contoso identifies the following technical requirements:
Receive alerts if an Azure virtual machine is under brute force attack.
Use Azure Sentinel to reduce organizational risk by rapidly remediating active attacks on the environment.
Implement Azure Sentinel queries that correlate data across the Azure AD tenants of Contoso and Fabrikam.
Develop a procedure to remediate Azure Defender for Key Vault alerts for Fabrikam in case of external attackers and a potential compromise of its own Azure AD applications.
Identify all cases of users who failed to sign in to an Azure resource for the first time from a given country. A junior security administrator provides you with the following incomplete query.
BehaviorAnalytics
| where ActivityType == "FailedLogOn"
| where ________ == True
- Question List (46q)
- Question 1: Your company stores the data for every project in a differen...
- Question 2: Note: This question is part of a series of questions that pr...
- Question 3: You have an Azure Functions app that generates thousands of ...
- Question 4: You have a Microsoft 365 subscription that uses Microsoft 36...
- Question 5: The issue for which team can be resolved by using Microsoft ...
- Question 6: You have an Azure subscription that contains a virtual machi...
- Question 7: You have a Microsoft Sentinel workspace named sws1. You need...
- Question 8: Note: This question is part of a series of questions that pr...
- Question 9: Note: This question is part of a series of questions that pr...
- Question 10: You have a Microsoft 365 E5 subscription. You plan to perfor...
- Question 11: You receive a security bulletin about a potential attack tha...
- Question 12: You have a Microsoft 365 subscription that has Microsoft 365...
- Question 13: You need to create a query for a workbook. The query must me...
- Question 14: You use Azure Sentinel. You need to receive an immediate ale...
- 1 commentQuestion 15: You have a Microsoft Sentinel workspace that contains the fo...
- Question 16: Your company deploys Azure Sentinel. You plan to delegate th...
- Question 17: You need to visualize Azure Sentinel data and enrich the dat...
- Question 18: You need to configure DC1 to meet the business requirements....
- Question 19: You use Azure Security Center. You receive a security alert ...
- Question 20: You have a Microsoft 365 subscription that uses Microsoft 36...
- Question 21: You have a Microsoft Sentinel workspace named workspace1 tha...
- Question 22: You need to remediate active attacks to meet the technical r...
- Question 23: You need to assign a role-based access control (RBAC) role t...
- Question 24: You are investigating a potential attack that deploys a new ...
- Question 25: You need to create the test rule to meet the Azure Sentinel ...
- Question 26: You have a playbook in Azure Sentinel. When you trigger the ...
- Question 27: You have a third-party security information and event manage...
- Question 28: Your company uses Azure Sentinel to manage alerts from more ...
- Question 29: Your company has a single office in Istanbul and a Microsoft...
- Question 30: Note: This question is part of a series of questions that pr...
- Question 31: Your company deploys the following services: Microsoft Defen...
- Question 32: You need to use an Azure Resource Manager template to create...
- Question 33: Note: This question is part of a series of questions that pr...
- Question 34: You need to modify the anomaly detection policy settings to ...
- Question 35: You have a Microsoft 365 E5 subscription that uses Microsoft...
- Question 36: You are configuring Microsoft Cloud App Security. You have a...
- Question 37: You have an existing Azure logic app that is used to block A...
- Question 38: Note: This question is part of a series of questions that pr...
- Question 39: Note: This question is part of a series of questions that pr...
- Question 40: You create an Azure subscription named sub1. In sub1, you cr...
- Question 41: You need to complete the query for failed sign-ins to meet t...
- Question 42: You have the resources shown in the following table. (Exhibi...
- Question 43: You need to restrict cloud apps running on CLIENT1 to meet t...
- Question 44: You have resources in Azure and Google cloud. You need to in...
- Question 45: You are informed of an increase in malicious email being rec...
- Question 46: You need to implement the Azure Information Protection requi...
