Online Access Free SC-200 Exam Questions

I'm very happy get SC-200 certification with your material,will come back.

No.# A. Create an analytics rule that includes the built-in parse
D. Build a custom unify parse and include the build- parse version

No.# D. the certainty of the source computer - verified

No.# A) Yes -- AccountCustomEntity = Username
B) No -- Watchlists can be updated
C) No -- IPCustomEntity != IPList

No.# A. the resolution method of the source computer**

No.# Correct - logic app contributor and sentinel contributor.

No.# i think its BC:
In Azure Sentinel, both analytics rules and hunting queries are used to detect and investigate security threats, but they serve different purposes and are used in different ways:
Automated Detection: 1: Analytics rules are automated and run on a schedule or triggered by specific events. These rules are typically set to run at regular intervals, continuously monitoring for threats.
2: Hunting queries are run manually by security analysts to proactively search for threats. In Azure Sentinel, hunting queries can be used with livestream.
In summary, analytics rules are automated and scheduled to detect known threats, while hunting queries are manual and exploratory, used to uncover new and emerging threats.

Important point in the question is that you need to receive an alert

If you pick "Create a hunting query" and "Create a livestream", you will only receive a notification in the Azure portal if events match that query, not an alert.
You could elevate a livestream to an alert but that goes in the territory of "Create an analytics rule"
Livestream: https://learn.microsoft.com/en-us/azure/sentinel/livestream

The correct answer is "Add a data connector" and "Create an analytics rule"
- You need the "Azure Storage account" data connector which enables you to continuously monitor activity in all your Azure storage instances, and detect malicious activity in your organization
- You need to create a NRT analytics rule...

No.# B due to Parsing happens at query time, hense Query time parsing meaning we cannot parse a specific time.

No.# A. To enable auditing for sensitive groups, you need to configure the Advanced Audit Policy Configuration settings for the domain controllers. This can be done by modifying the Default Domain Controllers Policy in the Group Policy Management Console (GPMC) and enabling the "Audit Detailed Directory Service Replication" policy under "Advanced Audit Policy Configuration\DS Access". This will generate audit events when sensitive groups are modified.

D. Windows Event Forwarding can be used to forward the audit events generated by the domain controllers to Azure Sentinel for analysis. This involves configuring a subscription on the domain controllers and a collection rule in Azure Sentinel to collect the forwarded events.

No.# To suppress alerts at the management group level, use Azure Policy

No.# Filter by Alert Title
Take Action
Trigger Automated Response

No.# Entity Type = Azure Resource (Azure Storage is a Resource)
Field = Resource ID (All Azure resources have an ID)

No.# Correct answer.

To connect Defender for Cloud Apps (MCAS) to Microsoft Sentinel:
1- from Defender for Cloud Apps --> Security extensions --> Add SIEM agents tab --> then click "Add SIEM agent" and select Mircosoft Sentinel
2- From Sentinel --> Data connectors --> Select "Microsoft Defender for Cloud Apps" --> and make sure it is connectted.

Ref:
https://docs.microsoft.com/en-us/defender-cloud-apps/siem-sentinel
https://docs.microsoft.com/en-us/azure/sentinel/data-connectors-reference#microsoft-defender-for-cloud-apps
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/microsoft-cloud-app-security-mcas-activity-log-in-azure-sentinel/ba-p/1849806


Also:
Out of date. The MDCA portal for new tenants has now been integrated with defender. So you add a SIEM now by going to defender>settings>cloud apps>System>SiemAgents>add siem agent

No.# No longer a valid answer, in order to do this you need to go to Microsoft Defender for cloud > Environment settings > add environment > GCP

No.# You need to install Azure Arc (azure connected Machine).
In short this will create an azure resource representation of onpremise machine that can be partialy managed like azure resources. For instance you can run DfC Regulatory compliance.

No.# Yes Correct
Append is used to add additional fields to the requested resource during creation or update

The following effects are deprecated:

EnforceOPAConstraint
EnforceRegoPolicy

No.# Answer is incorrect - the link provided in the answer - https://docs.microsoft.com/en-us/azure/security-center/security-center-permissions shows the least priv roles would be

-Sec Admin
-Resource Group Owner (this has lower priv than subscription contributor and can still apply security recommendations)

No.# Agree - C. Users connecting to two geographically separate locations at the same time would trigger the impossible travel alert, however as these are legitimate then this setting needs to be altered to include both network addresses.

No.# Solution: From Security alerts, you select the alert, select Take Action, and then expand the Prevent future attacks section. NO
From Security alerts, you select the alert, select Take Action, and then expand the Mitigate the threat section.YES

No.# the exam it only asked for 3 actions.
I picked -
1). Create an instance of MSiD
2). Provide domain admin creds
3). install the sensor on DC1