Free Microsoft SC-200 Exam Questions

You have a Microsoft 365 subscription.You have 1,000 Windows devices that have a third-party antivirus product installed and MicrosoftDefender Antivirus in passive mode. You need to ensure that the devices are protected frommalicious artifacts that were undetected by the third-party antivirus product. Solution: You configureControlled folder access. Does this meet the goal? 

A security administrator receives email alerts from Azure Defender for activities such as potential malware uploaded to a storage account and potential successful brute force attacks.
The security administrator does NOT receive email alerts for activities such as antimalware action failed and suspicious network activity. The alerts appear in Azure Security Center.
You need to ensure that the security administrator receives email alerts for all the activities.
What should you configure in the Security Center settings?

You have a Microsoft 365 E5 subscription that contains a device named Device1. Device1 is enrolled in Microsoft Defender for Endpoint.

Device1 reports an incident that includes a file named File1.exe as evidence.

You initiate the Collect Investigation Package action and download the ZIP file.

You need to identify the first and last time File1.exe was executed.

What should you review in the investigation package?

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint and contains the devices shown in the following table.You initiate a live response session on each device. You need to collect a Defender for Endpoint investigation package from each device.On which devices can you collect the package by running advanced live response commands from the command-line interface (CLI)?  

You need to complete the query for failed sign-ins to meet the technical requirements.
Where can you find the column name to complete the where clause?