Absolute Free SC-200 Exam Practice for Comprehensive Preparation 

You create a custom analytics rule to detect threats in Azure Sentinel. You discover that the rule fails intermittently. What are two possible causes of the failures? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

You use Azure Sentinel. You need to use a built-in role to provide a security analyst with the ability to edit the queries of custom Azure Sentinel workbooks. The solution must use the principle of least privilege. Which role should you assign to the analyst?

You are investigating a potential attack that deploys a new ransomware strain. You plan to perform automated actions on a group of highly valuable machines that contain sensitive information. You have three custom device groups. You need to be able to temporarily group the machines to perform actions on the devices. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. 

You have a Microsoft 365 E5 subscription that contains a device named Device 1. Device 1 is enrolled in Microsoft Defender for End point. Device1 reports an incident that includes a file named File1 exe as evidence. You initiate the Collect Investigation Package action and download the ZIP file. You need to identify the first and last time File1.exe was executed. What should you review in the investigation package? 

You have a Microsoft Sentinel workspace named SW1. In SW1, you investigate an incident that is associated with the following entities: Host IP address User account Malware name Which entity can be labeled as an indicator of compromise (loC) directly from the incident s page?