Complete SC-200 Microsoft Materials

Page: 8 / 11

Question 32

Your company uses Microsoft Defender for Endpoint.

The company has Microsoft Word documents that contain macros. The documents are used frequently on the devices of the company’s accounting team.

You need to hide false positive in the Alerts queue, while maintaining the existing security posture. Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

Resolve the alert automatically.

Hide the alert.

Create a suppression rule scoped to any device.

Create a suppression rule scoped to a device group.

Generate the alert.

Question 33

A company uses Azure Sentinel.

You need to create an automated threat response.

What should you use?

Options:

a data connector

a playbook

a workbook

a Microsoft incident creation rule

Question 34

You have a Microsoft 365 E5 subscription that uses Microsoft Purview and contains a user named User1.

User1 shares a Microsoft Power Bi report file from the Microsoft OneDrive folder of your company to an external user by using Microsoft Teams.

You need to identity which Power BI report file was shared.

How should you configure the search? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 35

You need to correlate data from the SecurityEvent Log Anarytks table to meet the Microsoft Sentinel requirements for using UEBA. Which Log Analytics table should you use?