Free Microsoft SC-200 Exam Questions

Question 1

You have an Azure Sentinel deployment in the East US Azure region.
You create a Log Analytics workspace named LogsWest in the West US Azure region.
You need to ensure that you can use scheduled analytics rules in the existing Azure Sentinel deployment to generate alerts based on queries to LogsWest.
What should you do first?

A : ploy Azure Data Catalog to the West US Azure region.

B : dify the workspace settings of the existing Azure Sentinel deployment

C : Azure Sentinel to a workspace.

D : eate a data connector in Azure Sentinel.

Answer: C

Question 2

You have a Microsoft Sentinel workspace.

You need to prevent a built-in Advance Security information Model (ASIM) parse from being updated automatically.

What are two ways to achieve this goal? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A : deploy the built-in parse and specify a CallerContext parameter of any and a SourceSpecificParse parameter of any.

B : eate a hunting query that references the built-in parse.

C : deploy the built-in parse and specify a CallerContext parameter of built-in.

D : ild a custom unify parse and include the build- parse version

E : eate an analytics rule that includes the built-in parse

Answer: A,D

Question 3

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint and contains the devices shown in the following table.You initiate a live response session on each device. You need to collect a Defender for Endpoint investigation package from each device.On which devices can you collect the package by running advanced live response commands from the command-line interface (CLI)?

A : Device1 and Device2 only

B : Device1, Device2, and Device3 only

C : Device3 and Device4 only

D : Device1, Devke2, Device3, and Device4

Answer: B

Question 4

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint and contains the devices shown in the following table.You initiate a live response session on each device. You need to collect a Defender for Endpoint investigation package from each device.On which devices can you collect the package by running advanced live response commands from the command-line interface (CLI)?

A : Device1 and Device2 only

B : Device1, Device2, and Device3 only

C : Device3 and Device4 only

D : Device1, Devke2, Device3, and Device4

Answer: B

Question 5

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint and contains the devices shown in the following table.You initiate a live response session on each device. You need to collect a Defender for Endpoint investigation package from each device.On which devices can you collect the package by running advanced live response commands from the command-line interface (CLI)?

A : Device1 and Device2 only

B : Device1, Device2, and Device3 only

C : Device3 and Device4 only

D : Device1, Devke2, Device3, and Device4

Answer: B