Free Microsoft SC-200 Exam Questions

Question 1

You have a Microsoft Sentinel workspace named SW1. In SW1, you investigate an incident that is associated with the following entities: Host IP address User account Malware name Which entity can be labeled as an indicator of compromise (loC) directly from the incident s page?

A : malware name

B : host

C : user account

D : IP address

Answer: D

Question 2

You have an Azure subscription that uses Microsoft Defender for Cloud and contains a resource group named RG1. RG1. You need to configure just in time (JIT) VM access for the virtual machines in RG1. The solution must meet the following Limit the maximum request time to two hours. Limit protocol access to Remote Desktop Protocol (RDP) only. Minimize administrative effort. What should you use?

A : Azure AD Privileged Identity Management (PIM)

B : Azure Policy

C : Azure Front Door

D : Azure Bastion

Answer: A

Question 3

You have a Microsoft 365 E5 subscription that contains a device named Device 1. Device 1 is enrolled in Microsoft Defender for End point. Device1 reports an incident that includes a file named File1 exe as evidence. You initiate the Collect Investigation Package action and download the ZIP file. You need to identify the first and last time File1.exe was executed. What should you review in the investigation package?

A : Processes

B : Scheduled tasks

C : Autoruns

D : Security event log

E : Prefetch files

Answer: E

Question 4

You have an Azure subscription that uses Microsoft Sentinel.

You need to minimize the administrative effort required to respond to the incidents and remediate the security threats detected by Microsoft Sentinel.

Which two features should you use? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A : crosoft Sentinel bookmarks

B : ure Automation runbooks

C : crosoft Sentinel automation rules

D : crosoft Sentinel playbooks

E : ure Functions apps

Answer: C,D

Question 5