Valid SC-200 Dumps shared by ExamDiscuss.com for Helping Passing SC-200 Exam! ExamDiscuss.com now offer the newest SC-200 exam dumps, the ExamDiscuss.com SC-200 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com SC-200 dumps with Test Engine here:
Access SC-200 Dumps Premium Version
(370 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 46/86
Your company deploys the following services:
* Microsoft Defender for Identity
* Microsoft Defender for Endpoint
* Microsoft Defender for Office 365
You need to provide a security analyst with the ability to use the Microsoft 365 security center. The analyst must be able to approve and reject pending actions generated by Microsoft Defender for Endpoint. The solution must use the principle of least privilege.
Which two roles should assign to the analyst? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
* Microsoft Defender for Identity
* Microsoft Defender for Endpoint
* Microsoft Defender for Office 365
You need to provide a security analyst with the ability to use the Microsoft 365 security center. The analyst must be able to approve and reject pending actions generated by Microsoft Defender for Endpoint. The solution must use the principle of least privilege.
Which two roles should assign to the analyst? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Correct Answer: B,D
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide
- Question List (86q)
- Question 1: The issue for which team can be resolved by using Microsoft ...
- Question 2: You need to modify the anomaly detection policy settings to ...
- Question 3: You need to use an Azure Sentinel analytics rule to search f...
- Question 4: Note: This question is part of a series of questions that pr...
- 1 commentQuestion 5: You have a Microsoft 365 subscription that has Microsoft 365...
- 1 commentQuestion 6: You have an Azure subscription that has Microsoft Defender f...
- Question 7: You have a third-party security information and event manage...
- Question 8: Note: This question is part of a series of questions that pr...
- 1 commentQuestion 9: A company wants to analyze by using Microsoft 365 Apps. You ...
- 1 commentQuestion 10: You have a Microsoft Sentinel workspace named Workspace1. Yo...
- Question 11: You use Azure Security Center. You receive a security alert ...
- Question 12: You implement Safe Attachments policies in Microsoft Defende...
- Question 13: You need to implement the Azure Information Protection requi...
- 1 commentQuestion 14: You have an Azure subscription that uses Microsoft Sentinel....
- Question 15: You have an Azure subscription that uses Microsoft Defender ...
- 1 commentQuestion 16: You have two Azure subscriptions that use Microsoft Defender...
- 1 commentQuestion 17: You have a Microsoft Sentinel workspace named workspace1 and...
- 1 commentQuestion 18: You need to configure Microsoft Cloud App Security to genera...
- Question 19: You have a Microsoft Sentinel workspace named Workspaces You...
- Question 20: Your company deploys Azure Sentinel. You plan to delegate th...
- 1 commentQuestion 21: You have a Microsoft 365 E5 subscription that uses Microsoft...
- Question 22: You need to implement Azure Sentinel queries for Contoso and...
- Question 23: You are informed of a new common vulnerabilities and exposur...
- Question 24: Note: This question is part of a series of questions that pr...
- Question 25: You have the following KQL query. (Exhibit)...
- 1 commentQuestion 26: You need to complete the query for failed sign-ins to meet t...
- Question 27: You open the Cloud App Security portal as shown in the follo...
- 1 commentQuestion 28: You are investigating an incident by using Microsoft 365 Def...
- Question 29: You provision a Linux virtual machine in a new Azure subscri...
- 1 commentQuestion 30: You have an Azure subscription that contains 100 Linux virtu...
- 1 commentQuestion 31: You have a playbook in Azure Sentinel. When you trigger the ...
- Question 32: You have a Microsoft Sentinel workspace You develop a custom...
- 1 commentQuestion 33: You need to create the test rule to meet the Azure Sentinel ...
- 1 commentQuestion 34: You have an Azure subscription that contains a virtual machi...
- 1 commentQuestion 35: Note: This question is part of a series of questions that pr...
- 1 commentQuestion 36: You have a Microsoft 365 subscription that uses Microsoft 36...
- 1 commentQuestion 37: You have 100 Azure subscriptions that have enhanced security...
- Question 38: You have a Microsoft Sentinel workspace named sws1. You need...
- Question 39: You have five on-premises Linux servers. You have an Azure s...
- 1 commentQuestion 40: You have an Azure subscription that contains a user named Us...
- Question 41: You need to implement Microsoft Defender for Cloud to meet t...
- 1 commentQuestion 42: You have an Azure Functions app that generates thousands of ...
- 2 commentQuestion 43: You need to assign role-based access control (RBAQ roles to ...
- 1 commentQuestion 44: From Azure Sentinel, you open the Investigation pane for a h...
- Question 45: You need to configure the Microsoft Sentinel integration to ...
- 1 commentQuestion 46: Your company deploys the following services: Microsoft Defen...
- Question 47: You have the following environment: Azure Sentinel A Microso...
- 1 commentQuestion 48: You create a hunting query in Azure Sentinel. You need to re...
- Question 49: You need to implement Microsoft Sentinel queries for Contoso...
- Question 50: Note: This question is part of a series of questions that pr...
- 1 commentQuestion 51: You have an Azure subscription that uses Microsoft Sentinel....
- Question 52: You have a Microsoft 365 E5 subscription that uses Microsoft...
- Question 53: You have the following advanced hunting query in Microsoft 3...
- 1 commentQuestion 54: Your company uses line-of-business apps that contain Microso...
- Question 55: You have an Azure subscription that uses resource type for C...
- Question 56: A security administrator receives email alerts from Azure De...
- 1 commentQuestion 57: Your company uses Azure Sentinel to manage alerts from more ...
- 1 commentQuestion 58: You have an Azure Sentinel deployment in the East US Azure r...
- 2 commentQuestion 59: You need to deploy the native cloud connector to Account! to...
- Question 60: You need to implement Azure Defender to meet the Azure Defen...
- Question 61: You have an Azure subscription that uses Azure Defender. You...
- 1 commentQuestion 62: You have an Azure subscription that contains an Microsoft Se...
- 1 commentQuestion 63: You need to assign a role-based access control (RBAC) role t...
- 1 commentQuestion 64: You have an existing Azure logic app that is used to block A...
- Question 65: You have an Azure subscription that has Azure Defender enabl...
- Question 66: You have an Azure subscription that has Azure Defender enabl...
- 1 commentQuestion 67: You have an Azure subscription that uses Microsoft Defender ...
- 1 commentQuestion 68: You have an Azure subscription that uses Microsoft Defender ...
- Question 69: You have the following SQL query. (Exhibit)...
- 1 commentQuestion 70: You have an Azure subscription that contains an Microsoft Se...
- Question 71: You use Azure Sentinel. You need to receive an immediate ale...
- 1 commentQuestion 72: You have a Microsoft Sentinel workspace named Workspace1 and...
- Question 73: You need to add notes to the events to meet the Azure Sentin...
- 1 commentQuestion 74: You need to minimize the effort required to investigate the ...
- Question 75: You deploy Azure Sentinel. You need to implement connectors ...
- 1 commentQuestion 76: You have an Azure subscription that use Microsoft Defender f...
- Question 77: Your company has a single office in Istanbul and a Microsoft...
- 1 commentQuestion 78: You have a custom analytics rule to detect threats in Azure ...
- 1 commentQuestion 79: You need to meet the Microsoft Defender for Cloud Apps requi...
- Question 80: You use Azure Sentinel. You need to receive an immediate ale...
- 1 commentQuestion 81: You have 50 on-premises servers. You have an Azure subscript...
- Question 82: You are investigating a potential attack that deploys a new ...
- 1 commentQuestion 83: You are investigating an incident in Azure Sentinel that con...
- Question 84: You have an Azure subscription. The subscription contains 10...
- Question 85: Note: This question is part of a series of questions that pr...
- Question 86: You have an Azure subscription that contains an Azure logic ...
Recent Comments (The most recent comments are at the top.)
This question is tricky.
If you follow the question directly, they are not asking either/or. They want you to assign 2 roles to the Analyst each being half of the entire solution. Using least privileges the answer should be BD.
Not A = Too many other permissions not needed.
B = the Active remediation actions role in Microsoft Defender for Endpoint is enough for the task to be done of approving/rejecting pending actions.
Not C = Would be able to fulfill both B and D and (more), not least privilege.
D = Quite redundant, but gives reader roles read access to the portal up until RBAC is turned on the defender permissions. Least Privilege