Confidently Practice Online with Free SC-200 Exam Cram

You use Azure Sentinel. You need to use a built-in role to provide a security analyst with the ability to edit the queries of custom Azure Sentinel workbooks. The solution must use the principle of least privilege. Which role should you assign to the analyst?

You have a Microsoft 365 subscription that contains the following resources: 100 users that are assigned a Microsoft 365 E5 license 100 Windows 11 devices that are joined to the Microsoft Entra tenant The users access their Microsoft Exchange Online mailbox by using Outlook on the web. You need to ensure that if a user account is compromised, the Outlook on the web session token can be revoked. What should you configure?

You need to implement the Azure Information Protection requirements. What should you configure first? 

You have a Microsoft 365 subscription that uses Microsoft 365 Defender. You need to identify all the entities affected by an incident. Which tab should you use in the Microsoft 365 Defender portal?

You have an on-premises network. You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Identity. From the Microsoft Defender portal, you investigate an incident on a device named Device1 of a user named User1. The incident contains the following Defender for Identity alert. Suspected identity theft (pass-the-ticket) (external ID 2018) You need to contain the incident without affecting users and devices. The solution must minimize administrative effort. What should you do?