Valid SC-200 Dumps shared by ExamDiscuss.com for Helping Passing SC-200 Exam! ExamDiscuss.com now offer the newest SC-200 exam dumps, the ExamDiscuss.com SC-200 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com SC-200 dumps with Test Engine here:
You have an Azure subscription named Sub1 and a Microsoft 365 subscription. Sub1 is linked to an Azure Active Directory (Azure AD) tenant named contoso.com. You create an Azure Sentinel workspace named workspace1. In workspace1, you activate an Azure AD connector for contoso.com and an Office 365 connector for the Microsoft 365 subscription. You need to use the Fusion rule to detect multi-staged attacks that include suspicious sign-ins to contoso.com followed by anomalous Microsoft Office 365 activity. Which two actions should you perform? Each correct answer present part of the solution NOTE: Each correct selection is worth one point.
Correct Answer: A,B
To use the Fusion rule to detect multi-staged attacks that include suspicious sign-ins to contoso.com followed by anomalous Microsoft Office 365 activity, you should perform the following two actions: Create an Azure AD Identity Protection connector. This will allow you to monitor suspicious activities in your Azure AD tenant and detect malicious sign-ins. Create a custom rule based on the Office 365 connector templates. This will allow you to monitor and detect anomalous activities in the Microsoft 365 subscription. Reference: https://docs.microsoft.com/en-us/azure/sentinel/fusion-rules
Recent Comments (The most recent comments are at the top.)
sam - Nov 25, 2024
C. Create a Microsoft Cloud App Security connector
Explanation: The Microsoft Cloud App Security (MCAS) connector provides data about anomalous activities, including suspicious behavior within Microsoft 365 applications. This is essential for detecting the second stage of the attack (anomalous Office 365 activity) as part of the Fusion rule. Reference: Connect Microsoft Cloud App Security to Microsoft Sentinel. D. Create an Azure AD Identity Protection connector
Explanation: The Azure AD Identity Protection connector is crucial for detecting the first stage of the attack (suspicious sign-ins to contoso.com). Identity Protection provides data about risky sign-ins and user activities, which are needed for Fusion rules to correlate and identify multi-staged attacks. Reference: Connect Azure AD Identity Protection to Microsoft Sentinel.
Recent Comments (The most recent comments are at the top.)
C. Create a Microsoft Cloud App Security connector
Explanation: The Microsoft Cloud App Security (MCAS) connector provides data about anomalous activities, including suspicious behavior within Microsoft 365 applications. This is essential for detecting the second stage of the attack (anomalous Office 365 activity) as part of the Fusion rule.
Reference: Connect Microsoft Cloud App Security to Microsoft Sentinel.
D. Create an Azure AD Identity Protection connector
Explanation: The Azure AD Identity Protection connector is crucial for detecting the first stage of the attack (suspicious sign-ins to contoso.com). Identity Protection provides data about risky sign-ins and user activities, which are needed for Fusion rules to correlate and identify multi-staged attacks.
Reference: Connect Azure AD Identity Protection to Microsoft Sentinel.