Microsoft Exam SC-200 Topic 6 Question 18 Discussion

Actual exam question for Microsoft's SC-200 exam

Question #: 18
Topic #: 6

You have an Azure subscription named Sub1 and a Microsoft 365 subscription. Sub1 is linked to an Azure Active Directory (Azure AD) tenant named contoso.com.

You create an Azure Sentinel workspace named workspace1. In workspace1, you activate an Azure AD connector for contoso.com and an Office 365 connector for the Microsoft 365 subscription.

You need to use the Fusion rule to detect multi-staged attacks that include suspicious sign-ins to contoso.com followed by anomalous Microsoft Office 365 activity.

Which two actions should you perform? Each correct answer present part of the solution.

NOTE: Each correct selection is worth one point.

ACreate custom rule based on the Office 365 connector templates.

BCreate a Microsoft incident creation rule based on Azure Security Center.

CCreate a Microsoft Cloud App Security connector.

DCreate an Azure AD Identity Protection connector.

Show Suggested Answer

Suggested Answer: A, B

by Maurine at May 04, 2022, 09:15 AM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!