Absolute Free SC-200 Exam Practice for Comprehensive Preparation 

You have a Microsoft 365 subscription that uses Microsoft 365 Defender A remediation action for an automated investigation quarantines a file across multiple devices. You need to mark the file as safe and remove the file from quarantine on the devices. What should you use m the Microsoft 365 Defender portal?

You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for Endpoint requirements.Which two configurations should you modify? Each correct answer present part of the solution. NOTE: Each correct selection is worth one point.

You are investigating a potential attack that deploys a new ransomware strain. You plan to perform automated actions on a group of highly valuable machines that contain sensitive information. You have three custom device groups. You need to be able to temporarily group the machines to perform actions on the devices. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. 

You have a Microsoft 365 subscription that uses Microsoft 365 Defender. You need to identify all the entities affected by an incident. Which tab should you use in the Microsoft 365 Defender portal?

You have a Microsoft Sentinel workspace named SW1. In SW1, you investigate an incident that is associated with the following entities: Host IP address User account Malware name Which entity can be labeled as an indicator of compromise (loC) directly from the incident s page?