Free Microsoft SC-200 Exam Questions

You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You discover that when Microsoft Defender for Endpoint generates alerts for a commonly used executable file, it causes alert fatigue. You need to tune the alerts. Which two actions can an alert tuning rule perform for the alerts? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

You have an Azure Sentinel deployment in the East US Azure region.
You create a Log Analytics workspace named LogsWest in the West US Azure region.
You need to ensure that you can use scheduled analytics rules in the existing Azure Sentinel deployment to generate alerts based on queries to LogsWest.
What should you do first?

You have an Azure subscription that uses Microsoft Defender for Cloud and contains a resource group named RG1. RG1. You need to configure just in time (JIT) VM access for the virtual machines in RG1. The solution must meet the following Limit the maximum request time to two hours. Limit protocol access to Remote Desktop Protocol (RDP) only. Minimize administrative effort. What should you use?

You have a Microsoft 365 subscription that uses Microsoft 365 Defender. You need to identify all the entities affected by an incident. Which tab should you use in the Microsoft 365 Defender portal?

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint and contains the devices shown in the following table.You initiate a live response session on each device. You need to collect a Defender for Endpoint investigation package from each device.On which devices can you collect the package by running advanced live response commands from the command-line interface (CLI)?