SC-200 Free Practice Test

- (Topic 4)
You have a custom Microsoft Sentinel workbook named Workbooks.
You need to add a grid to Workbook1. The solution must ensure that the grid contains a maximum of 100 rows.
What should you do?

1. A. In the query editor interface, configure Settings.
2. B. In the query editor interface, select Advanced Editor
3. C. In the grid query, include the project operator.
4. D. In the grid query, include the take operator.

Correct Answer: B

HOTSPOT - (Topic 2)
You need to configure the Microsoft Sentinel integration to meet the Microsoft Sentinel requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Topic 3)
You need to implement the Defender for Cloud requirements. What should you configure for Server2?

1. A. the Microsoft Antimalware extension
2. B. an Azure resource lock
3. C. an Azure resource tag
4. D. the Azure Automanage machine configuration extension for Windows

Correct Answer: D

- (Topic 4)
You create an Azure subscription.
You enable Azure Defender for the subscription.
You need to use Azure Defender to protect on-premises computers. What should you do on the on-premises computers?

1. A. Install the Log Analytics agent.
2. B. Install the Dependency agent.
3. C. Configure the Hybrid Runbook Worker role.
4. D. Install the Connected Machine agent.

Correct Answer: A
Security Center collects data from your Azure virtual machines (VMs), virtual machine scale sets, IaaS containers, and non-Azure (including on-premises) machines to monitor for security vulnerabilities and threats.
Data is collected using:
The Log Analytics agent, which reads various security-related configurations and event logs from the machine and copies the data to your workspace for analysis. Examples of such data are: operating system type and version, operating system logs (Windows event logs), running processes, machine name, IP addresses, and logged in user.
Security extensions, such as the Azure Policy Add-on for Kubernetes, which can also provide data to Security Center regarding specialized resource types.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data- collection

- (Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring Azure Sentinel.
You need to create an incident in Azure Sentinel when a sign-in to an Azure virtual machine from a malicious IP address is detected.
Solution: You create a Microsoft incident creation rule for a data connector. Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-security-center