Download Microsoft.SC-200.NewDumps.2021-07-27.62q.tqb

Vendor:	Microsoft
Exam Code:	SC-200
Exam Name:	Microsoft Security Operations Analyst
Date:	Jul 27, 2021
File Size:	5 MB

Download Exam

Demo Questions

You are investigating an incident by using Microsoft 365 Defender.

You need to create an advanced hunting query to detect failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop.

How should you complete the query?

To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Correct answer: To work with this question, an Exam Simulator is required.

Explanation:

Reference:https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries/blob/master/General%20queries/Failed%20Logon%20Attempt.txt

Reference:

https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries/blob/master/General%20queries/Failed%20Logon%20Attempt.txt

You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in.

Which anomaly detection policy should you use?

Impossible travel
Activity from anonymous IP addresses
Activity from infrequent country
Malware detection

Correct answer: C

Explanation:

Reference:https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy

Reference:

https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy

You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.

You have Microsoft SharePoint Online sites that contain sensitive documents. The documents contain customer account numbers that each consists of 32 alphanumeric characters.

You need to create a data loss prevention (DLP) policy to protect the sensitive documents.

What should you use to detect which documents are sensitive?