Valid SC-200 Dumps shared by ExamDiscuss.com for Helping Passing SC-200 Exam! ExamDiscuss.com now offer the newest SC-200 exam dumps, the ExamDiscuss.com SC-200 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com SC-200 dumps with Test Engine here:
Access SC-200 Dumps Premium Version
(370 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 27/104
You have a Microsoft Sentinel workspace named workspace1 and an Azure virtual machine named VM1.
You receive an alert for suspicious use of PowerShell on VM1.
You need to investigate the incident, identify which event triggered the alert, and identify whether the following actions occurred on VM1 after the alert:
The modification of local group memberships
The purging of event logs
Which three actions should you perform in sequence in the Azure portal? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You receive an alert for suspicious use of PowerShell on VM1.
You need to investigate the incident, identify which event triggered the alert, and identify whether the following actions occurred on VM1 after the alert:
The modification of local group memberships
The purging of event logs
Which three actions should you perform in sequence in the Azure portal? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Correct Answer:
1 - From the Investigation blade, select Insights
2 - From the Investigation blade, select the entity that represents VM1.
3 - From the details pane of the incident, select Investigate.
Reference:
https://github.com/Azure/Azure-Sentinel/wiki/Investigation-Insights---Overview
https://docs.microsoft.com/en-us/azure/sentinel/investigate-cases
- Question List (104q)
- Question 1: You have an Azure subscription that uses Microsoft Sentinel....
- Question 2: You have a Microsoft Sentinel workspace that contains an Azu...
- Question 3: You are investigating an incident by using Microsoft 365 Def...
- 1 commentQuestion 4: You have a Microsoft 365 subscription that uses Microsoft Pu...
- 1 commentQuestion 5: You have a Microsoft Sentinel workspace that has user and En...
- Question 6: You have resources in Azure and Google cloud. You need to in...
- 1 commentQuestion 7: You have a Microsoft Sentinel workspace. You need to prevent...
- 1 commentQuestion 8: You have an Azure subscription that use Microsoft Defender f...
- 1 commentQuestion 9: You need to monitor the password resets. The solution must m...
- Question 10: Which rule setting should you configure to meet the Microsof...
- Question 11: You need to implement the Azure Information Protection requi...
- 1 commentQuestion 12: Your on-premises network contains 100 servers that run Windo...
- 1 commentQuestion 13: You need to ensure that the Group1 members can meet the Micr...
- 1 commentQuestion 14: Your company uses Azure Sentinel to manage alerts from more ...
- 1 commentQuestion 15: You have an Azure DevOps organization that uses Microsoft De...
- 1 commentQuestion 16: You have a Microsoft 365 E5 subscription that is linked to a...
- 1 commentQuestion 17: You need to implement the query for Workbook1 and Webapp1. T...
- Question 18: A security administrator receives email alerts from Azure De...
- 1 commentQuestion 19: You have an Azure subscription that has Microsoft Defender f...
- Question 20: You have an Azure subscription that contains a virtual machi...
- 1 commentQuestion 21: You have a Microsoft 365 tenant that uses Microsoft Exchange...
- 1 commentQuestion 22: You have an Azure subscription that contains 100 Linux virtu...
- Question 23: You have a third-party security information and event manage...
- 1 commentQuestion 24: You have a Microsoft 365 E5 subscription that uses Microsoft...
- Question 25: You need to complete the query for failed sign-ins to meet t...
- Question 26: HOTSPOT for the Azure virtual You need to recommend remediat...
- 1 commentQuestion 27: You have a Microsoft Sentinel workspace named workspace1 and...
- 1 commentQuestion 28: You need to create a query to investigate DNS-related activi...
- Question 29: You have a Microsoft 365 subscription that uses Microsoft 36...
- Question 30: You need to modify the anomaly detection policy settings to ...
- Question 31: You deploy Azure Sentinel. You need to implement connectors ...
- 1 commentQuestion 32: You have a Microsoft Sentinel workspace that has a default d...
- Question 33: You create a new Azure subscription and start collecting log...
- Question 34: Note: This question is part of a series of questions that pr...
- Question 35: You need to create the analytics rule to meet the Azure Sent...
- Question 36: Your company uses Microsoft Defender for Endpoint. The compa...
- 1 commentQuestion 37: You have a Microsoft 365 subscription that uses Microsoft 36...
- Question 38: You are responsible for responding to Azure Defender for Key...
- Question 39: You have a Microsoft 365 subscription that uses Azure Defend...
- 1 commentQuestion 40: You have an Azure subscription that contains two users named...
- Question 41: Your company has a single office in Istanbul and a Microsoft...
- Question 42: You have an Azure subscription that has Azure Defender enabl...
- 1 commentQuestion 43: You need to correlate data from the SecurityEvent Log Anaryt...
- Question 44: You have a Microsoft Sentinel workspace that uses the Micros...
- Question 45: You need to use an Azure Sentinel analytics rule to search f...
- Question 46: You have the following SQL query. (Exhibit)...
- Question 47: You need to remediate active attacks to meet the technical r...
- Question 48: You have a Microsoft Sentinel workspace that contains a cust...
- 1 commentQuestion 49: You have 50 on-premises servers. You have an Azure subscript...
- Question 50: You receive a security bulletin about a potential attack tha...
- Question 51: You are investigating a potential attack that deploys a new ...
- Question 52: You have an Azure subscription that uses Microsoft Defender ...
- Question 53: You are investigating an incident in Azure Sentinel that con...
- Question 54: You have a custom analytics rule to detect threats in Azure ...
- Question 55: Note: This question is part of a series of questions that pr...
- Question 56: You plan to create a custom Azure Sentinel query that will t...
- Question 57: You have four Azure subscriptions. One of the subscriptions ...
- Question 58: You use Azure Security Center. You receive a security alert ...
- Question 59: You have an Microsoft Sentinel workspace named SW1. You plan...
- 1 commentQuestion 60: You have an Azure subscription that uses Microsoft Defender ...
- Question 61: Note: This question is part of a series of questions that pr...
- Question 62: You have a Microsoft Sentinel workspace. You need to create ...
- Question 63: You have an Azure subscription that uses resource type for C...
- Question 64: You have an Azure Sentinel deployment in the East US Azure r...
- Question 65: You have a Microsoft Sentinel workspace You develop a custom...
- Question 66: Note: This question is part of a series of questions that pr...
- Question 67: Your company deploys Azure Sentinel. You plan to delegate th...
- Question 68: You have a custom detection rule that includes the following...
- Question 69: You need to use an Azure Resource Manager template to create...
- Question 70: Note: This question is part of a series of questions that pr...
- 1 commentQuestion 71: You need to implement the scheduled rule for incident genera...
- 1 commentQuestion 72: You have a Microsoft 365 E5 subscription that uses Microsoft...
- 1 commentQuestion 73: You need to ensure that you can run hunting queries to meet ...
- 1 commentQuestion 74: You have two Azure subscriptions that use Microsoft Defender...
- Question 75: You have an Azure subscription that has Azure Defender enabl...
- Question 76: You need to ensure that the processing of incidents generate...
- 1 commentQuestion 77: You have a Microsoft 365 subscription that contains the foll...
- Question 78: You have an Azure subscription named Sub1 that uses Microsof...
- Question 79: You create an Azure subscription. You enable Azure Defender ...
- 1 commentQuestion 80: You have an Azure subscription that uses Microsoft Defender ...
- Question 81: You have a Microsoft 365 E5 subscription. You plan to perfor...
- Question 82: Your company stores the data for every project in a differen...
- 1 commentQuestion 83: You have a Microsoft 365 subscription that contains 1,000 Wi...
- Question 84: You have a Microsoft Sentinel workspace. You have a query na...
- Question 85: Your company has an on-premises network that uses Microsoft ...
- Question 86: You are informed of an increase in malicious email being rec...
- 1 commentQuestion 87: You have a Microsoft 365 E5 subscription that uses Microsoft...
- Question 88: You need to receive a security alert when a user attempts to...
- Question 89: You have an Azure subscription that uses Azure Defender. You...
- Question 90: You need to ensure that the configuration of HuntingQuery1 m...
- 1 commentQuestion 91: You have an Azure subscription that uses Microsoft Defender ...
- Question 92: You need to visualize Azure Sentinel data and enrich the dat...
- Question 93: You create an Azure subscription. You enable Microsoft Defen...
- Question 94: You have an Azure subscription that has Microsoft Defender f...
- Question 95: You have an Azure subscription that contains an Microsoft Se...
- 1 commentQuestion 96: You plan to create a custom Azure Sentinel query that will p...
- 1 commentQuestion 97: You have a Microsoft Sentinel workspace. You need to configu...
- 1 commentQuestion 98: You need to implement the ASIM query for DNS requests. The s...
- 1 commentQuestion 99: You have an Azure subscription that is linked to a hybrid Az...
- Question 100: A company uses Azure Sentinel. You need to create an automat...
- Question 101: You need to implement Azure Defender to meet the Azure Defen...
- Question 102: You have five on-premises Linux servers. You have an Azure s...
- 1 commentQuestion 103: Your network contains an on-premises Active Directory Domain...
- Question 104: You have an Azure Functions app that generates thousands of ...
Recent Comments (The most recent comments are at the top.)
1. | distinct DeviceID
2. | project Timestamp, DeviceID, ReportID