Valid SC-200 Dumps shared by ExamDiscuss.com for Helping Passing SC-200 Exam! ExamDiscuss.com now offer the newest SC-200 exam dumps, the ExamDiscuss.com SC-200 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com SC-200 dumps with Test Engine here:
Access SC-200 Dumps Premium Version
(370 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 70/102
You have an Azure subscription named Sub1 and a Microsoft 365 subscription. Sub1 is linked to an Azure Active Directory (Azure AD) tenant named contoso.com.
You create an Azure Sentinel workspace named workspace1. In workspace1, you activate an Azure AD connector for contoso.com and an Office 365 connector for the Microsoft 365 subscription.
You need to use the Fusion rule to detect multi-staged attacks that include suspicious sign-ins to contoso.com followed by anomalous Microsoft Office 365 activity.
Which two actions should you perform? Each correct answer present part of the solution NOTE: Each correct selection is worth one point.
You create an Azure Sentinel workspace named workspace1. In workspace1, you activate an Azure AD connector for contoso.com and an Office 365 connector for the Microsoft 365 subscription.
You need to use the Fusion rule to detect multi-staged attacks that include suspicious sign-ins to contoso.com followed by anomalous Microsoft Office 365 activity.
Which two actions should you perform? Each correct answer present part of the solution NOTE: Each correct selection is worth one point.
Correct Answer: A,B
To use the Fusion rule to detect multi-staged attacks that include suspicious sign-ins to contoso.com followed by anomalous Microsoft Office 365 activity, you should perform the following two actions:
Create an Azure AD Identity Protection connector. This will allow you to monitor suspicious activities in your Azure AD tenant and detect malicious sign-ins.
Create a custom rule based on the Office 365 connector templates. This will allow you to monitor and detect anomalous activities in the Microsoft 365 subscription. Reference: https://docs.microsoft.com/en-us/azure/sentinel/fusion-rules
Create an Azure AD Identity Protection connector. This will allow you to monitor suspicious activities in your Azure AD tenant and detect malicious sign-ins.
Create a custom rule based on the Office 365 connector templates. This will allow you to monitor and detect anomalous activities in the Microsoft 365 subscription. Reference: https://docs.microsoft.com/en-us/azure/sentinel/fusion-rules
- Question List (102q)
- 1 commentQuestion 1: You have an Azure subscription that contains a user named Us...
- Question 2: You deploy Azure Sentinel. You need to implement connectors ...
- Question 3: You use Azure Sentinel to monitor irregular Azure activity. ...
- Question 4: Your company uses Azure Sentinel. A new security analyst rep...
- 1 commentQuestion 5: You have a Microsoft subscription that has Microsoft Defende...
- Question 6: Note: This question is part of a series of questions that pr...
- Question 7: You need to modify the anomaly detection policy settings to ...
- Question 8: You need to restrict cloud apps running on CLIENT1 to meet t...
- Question 9: You implement Safe Attachments policies in Microsoft Defende...
- Question 10: You need to add notes to the events to meet the Azure Sentin...
- Question 11: You plan to create a custom Azure Sentinel query that will t...
- Question 12: You have an Azure Sentinel deployment in the East US Azure r...
- Question 13: Note: This question is part of a series of questions that pr...
- Question 14: You have an Azure subscription that has Azure Defender enabl...
- 1 commentQuestion 15: You plan to create a custom Azure Sentinel query that will p...
- Question 16: You need to remediate active attacks to meet the technical r...
- 1 commentQuestion 17: You have a Microsoft 365 subscription that uses Microsoft 36...
- Question 18: You have an Azure subscription that contains an Azure logic ...
- 1 commentQuestion 19: You have an Azure subscription that uses Microsoft Defender ...
- Question 20: You have an Azure subscription linked to an Azure Active Dir...
- 1 commentQuestion 21: You have 50 on-premises servers. You have an Azure subscript...
- Question 22: Which rule setting should you configure to meet the Microsof...
- 1 commentQuestion 23: You have an Azure DevOps organization that uses Microsoft De...
- Question 24: You have an Azure subscription that use Microsoft Defender f...
- Question 25: You have a Microsoft 365 E5 subscription that uses Microsoft...
- Question 26: You have the following KQL query. (Exhibit)...
- Question 27: A security administrator receives email alerts from Azure De...
- Question 28: You need to implement Azure Sentinel queries for Contoso and...
- 1 commentQuestion 29: You have a Microsoft 365 E5 subscription that uses Microsoft...
- 1 commentQuestion 30: You have an Azure subscription that uses Microsoft Defender ...
- Question 31: Note: This question is part of a series of questions that pr...
- Question 32: You need to implement the ASIM query for DNS requests. The s...
- Question 33: You need to configure the Microsoft Sentinel integration to ...
- Question 34: You have an Azure Functions app that generates thousands of ...
- Question 35: You need to implement the Defender for Cloud requirements. W...
- Question 36: You have an existing Azure logic app that is used to block A...
- 1 commentQuestion 37: You have a Microsoft Sentinel workspace named sws1. You plan...
- 1 commentQuestion 38: You have a suppression rule in Azure Security Center for 10 ...
- 1 commentQuestion 39: You need to implement the scheduled rule for incident genera...
- 1 commentQuestion 40: You need to implement the Defender for Cloud requirements. W...
- 1 commentQuestion 41: You have an Azure subscription that has Microsoft Defender f...
- 1 commentQuestion 42: You have a Microsoft 365 E5 subscription that contains 200 W...
- Question 43: You have a custom detection rule that includes the following...
- 1 commentQuestion 44: You have an Azure subscription that uses Microsoft Defender ...
- 1 commentQuestion 45: You have an Azure subscription that contains a Microsoft Sen...
- Question 46: You have an Azure subscription that contains a virtual machi...
- 1 commentQuestion 47: You need to meet the Microsoft Sentinel requirements for App...
- Question 48: Your company has an on-premises network that uses Microsoft ...
- Question 49: You have a Microsoft 365 subscription that uses Microsoft De...
- Question 50: You use Azure Defender. You have an Azure Storage account th...
- Question 51: You create a custom analytics rule to detect threats in Azur...
- Question 52: You have an Azure subscription that uses Microsoft Defender ...
- 1 commentQuestion 53: You create a new Azure subscription and start collecting log...
- 1 commentQuestion 54: You purchase a Microsoft 365 subscription. You plan to confi...
- Question 55: You have an Azure subscription. You need to delegate permiss...
- 1 commentQuestion 56: You need to ensure that the configuration of HuntingQuery1 m...
- 1 commentQuestion 57: You have a Microsoft 365 E5 subscription that uses Microsoft...
- Question 58: You have an Azure subscription. The subscription contains 10...
- Question 59: You have an Azure subscription that contains a user named Us...
- Question 60: You are configuring Microsoft Cloud App Security. You have a...
- Question 61: You need to configure DC1 to meet the business requirements....
- 2 commentQuestion 62: You have a Microsoft 365 E5 subscription that uses Microsoft...
- Question 63: You have a Microsoft 365 E5 subscription that uses Microsoft...
- 1 commentQuestion 64: You need to configure event monitoring for Server1. The solu...
- Question 65: You need to use an Azure Resource Manager template to create...
- Question 66: Your company stores the data for every project in a differen...
- 1 commentQuestion 67: You have an Azure subscription that uses Microsoft Sentinel ...
- Question 68: Note: This question is part of a series of questions that pr...
- 1 commentQuestion 69: You need to identify which mean time metrics to use to meet ...
- 1 commentQuestion 70: You have an Azure subscription named Sub1 and a Microsoft 36...
- Question 71: You need to configure Microsoft Cloud App Security to genera...
- Question 72: You need to restrict cloud apps running on CUENT1 to meet th...
- 1 commentQuestion 73: You have a Microsoft 365 subscription. The subscription uses...
- 1 commentQuestion 74: You need to meet the Microsoft Sentinel requirements for col...
- 1 commentQuestion 75: You need to assign a role-based access control (RBAC) role t...
- Question 76: You have an Azure subscription. You plan to implement an Mic...
- Question 77: You have an Azure subscription that uses Azure Defender. You...
- 1 commentQuestion 78: You have a custom Microsoft Sentinel workbook named Workbook...
- Question 79: You need to receive a security alert when a user attempts to...
- Question 80: You need to configure the Azure Sentinel integration to meet...
- Question 81: You need to minimize the effort required to investigate the ...
- 1 commentQuestion 82: You have a Microsoft 365 E5 subscription that uses Microsoft...
- 1 commentQuestion 83: You have a Microsoft 365 subscription that uses Microsoft De...
- Question 84: Your company deploys Azure Sentinel. You plan to delegate th...
- Question 85: You have a Microsoft 365 subscription that uses Azure Defend...
- 1 commentQuestion 86: You have a Microsoft Sentinel playbook that is triggered by ...
- Question 87: Note: This question is part of a series of questions that pr...
- 1 commentQuestion 88: You need to correlate data from the SecurityEvent Log Anaryt...
- Question 89: You need to create a query for a workbook. The query must me...
- 1 commentQuestion 90: You are configuring Azure Sentinel. You need to send a Micro...
- Question 91: You need to create the analytics rule to meet the Azure Sent...
- Question 92: Note: This question is part of a series of questions that pr...
- Question 93: You use Microsoft Sentinel. You need to receive an alert in ...
- Question 94: You have a Microsoft 365 subscription that has Microsoft 365...
- 1 commentQuestion 95: You use Azure Sentinel. You need to use a built-in role to p...
- Question 96: You are informed of a new common vulnerabilities and exposur...
- 1 commentQuestion 97: You have a Microsoft 365 E5 subscription that uses Microsoft...
- Question 98: You are informed of an increase in malicious email being rec...
- 1 commentQuestion 99: You have an Azure subscription that contains an Microsoft Se...
- Question 100: You have a Microsoft 365 E5 subscription that uses Microsoft...
- Question 101: You have an Azure subscription named Sub1 that uses Microsof...
- Question 102: You are investigating an incident by using Microsoft 365 Def...
Recent Comments (The most recent comments are at the top.)
C. Create a Microsoft Cloud App Security connector
Explanation: The Microsoft Cloud App Security (MCAS) connector provides data about anomalous activities, including suspicious behavior within Microsoft 365 applications. This is essential for detecting the second stage of the attack (anomalous Office 365 activity) as part of the Fusion rule.
Reference: Connect Microsoft Cloud App Security to Microsoft Sentinel.
D. Create an Azure AD Identity Protection connector
Explanation: The Azure AD Identity Protection connector is crucial for detecting the first stage of the attack (suspicious sign-ins to contoso.com). Identity Protection provides data about risky sign-ins and user activities, which are needed for Fusion rules to correlate and identify multi-staged attacks.
Reference: Connect Azure AD Identity Protection to Microsoft Sentinel.