00:00

QUESTION 26

- (Exam Topic 2)
You need to modify the anomaly detection policy settings to meet the Cloud App Security requirements. Which policy should you modify?

Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy

QUESTION 27

- (Exam Topic 3)
You have a Microsoft 365 E5 subscription that uses Microsoft SharePoint Online. You delete users from the subscription.
You need to be notified if the deleted users downloaded numerous documents from SharePoint Online sites during the month before their accounts were deleted.
What should you use?

Correct Answer: C
Alert policies let you categorize the alerts that are triggered by a policy, apply the policy to all users in your
organization, set a threshold level for when an alert is triggered, and decide whether to receive email notifications when alerts are triggered.
Default alert policies include:
Unusual external user file activity - Generates an alert when an unusually large number of activities are performed on files in SharePoint or OneDrive by users outside of your organization. This includes activities such as accessing files, downloading files, and deleting files. This policy has a High severity setting.
Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies

QUESTION 28

- (Exam Topic 3)
You create a new Azure subscription and start collecting logs for Azure Monitor.
You need to configure Azure Security Center to detect possible threats related to sign-ins from suspicious IP addresses to Azure virtual machines. The solution must validate the configuration.
Which three actions should you perform in a sequence? To answer, move the appropriate actions from the list of action to the answer area and arrange them in the correct order.
SC-200 dumps exhibit
Solution:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-alert-validation

Does this meet the goal?

Correct Answer: A

QUESTION 29

- (Exam Topic 3)
You manage the security posture of an Azure subscription that contains two virtual machines name vm1 and vm2.
The secure score in Azure Security Center is shown in the Security Center exhibit. (Click the Security Center tab.)
SC-200 dumps exhibit
Azure Policy assignments are configured as shown in the Policies exhibit. (Click the Policies tab.)
SC-200 dumps exhibit
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
SC-200 dumps exhibit
Solution:
Reference:
https://techcommunity.microsoft.com/t5/azure-security-center/security-control-restrict-unauthorized-network-ac https://techcommunity.microsoft.com/t5/azure-security-center/security-control-secure-management-ports/ba-p/1

Does this meet the goal?

Correct Answer: A

QUESTION 30

- (Exam Topic 3)
You need to visualize Azure Sentinel data and enrich the data by using third-party data sources to identify indicators of compromise (IoC).
What should you use?

Correct Answer: A
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/notebooks