Exam:SC-200
Title:
1.Topic1,ContosoLtd
Casestudy
ThisisacasestudyCasestudiesarenottimedseparatelyYoucanuseasmuchexamtimeasyou wouldliketocompleteeachcaseHowever,theremaybeadditionalcasestudiesandsectionsonthis examYoumustmanageyourtimetoensurethatyouareabletocompleteallquestionsincludedonthis examinthetimeprovided
Toanswerthequestionsincludedinacasestudy,youwillneedtoreferenceinformationthatisprovided inthecasestudyCasestudiesmightcontainexhibitsandotherresourcesthatprovidemoreinformation aboutthescenariothatisdescribedinthecasestudyEachquestionisindependentoftheother questionsinthiscasestudy.
Attheendofthiscasestudy,areviewscreenwillappear.Thisscreenallowsyoutoreviewyouranswers andtomakechangesbeforeyoumovetothenextsectionoftheexamAfteryoubeginanewsection, youcannotreturntothissection.
Tostartthecasestudy
Todisplaythefirstquestioninthiscasestudy,clicktheNextbuttonUsethebuttonsintheleftpaneto explorethecontentofthecasestudybeforeyouanswerthequestionsClickingthesebuttonsdisplays informationsuchasbusinessrequirements,existingenvironment,andproblemstatementsIfthecase studyhasanAllInformationtab,notethattheinformationdisplayedisidenticaltotheinformation displayedonthesubsequenttabsWhenyouarereadytoansweraquestion,clicktheQuestionbuttonto returntothequestion
Overview
AcompanynamedContosoLtdhasamainofficeandfivebranchofficeslocatedthroughoutNorth AmericaThemainofficeisinSeattleThebranchofficesareinToronto,Miami,Houston,LosAngeles, andVancouver.
ContosohasasubsidiarynamedFabrikam,LtdthathasofficesinNewYorkandSanFrancisco
ExistingEnvironment
End-UserEnvironment
AllusersatContosouseWindows10devicesEachuserislicensedforMicrosoft365Inaddition,iOS devicesaredistributedtothemembersofthesalesteamatContoso.
CloudandHybridInfrastructure
AllContosoapplicationsaredeployedtoAzure
YouenableMicrosoftCloudAppSecurity
ContosoandFabrikamhavedifferentAzureActiveDirectory(AzureAD)tenantsFabrikamrecently purchasedanAzuresubscriptionandenabledAzureDefenderforallsupportedresourcetypes
CurrentProblems
ThesecurityteamatContosoreceivesalargenumberofcybersecurityalertsThesecurityteamspends
toomuchtimeidentifyingwhichcybersecurityalertsarelegitimatethreats,andwhicharenot.
TheContososalesteamusesonlyiOSdevices.Thesalesteammembersexchangefileswithcustomers byusingavarietyofthird-partytoolsInthepast,thesalesteamexperiencedvariousattacksontheir devices
ThemarketingteamatContosohasseveralMicrosoftSharePointOnlinesitesforcollaboratingwith externalvendorsThemarketingteamhashadseveralincidentsinwhichvendorsuploadedfilesthat containmalware
TheexecutiveteamatContososuspectsasecuritybreachTheexecutiveteamrequeststhatyouidentify whichfileshadmorethanfiveactivitiesduringthepast48hours,includingdataaccess,download,or deletionforMicrosoftCloudAppSecurity-protectedapplications
Requirements
PlannedChanges
Contosoplanstointegratethesecurityoperationsofbothcompaniesandmanageallsecurityoperations centrally.
TechnicalRequirements
Contosoidentifiesthefollowingtechnicalrequirements:
✑ReceivealertsifanAzurevirtualmachineisunderbruteforceattack
✑UseAzureSentineltoreduceorganizationalriskbyrapidlyremediatingactiveattacksonthe environment
✑ImplementAzureSentinelqueriesthatcorrelatedataacrosstheAzureADtenantsofContosoand Fabrikam
✑DevelopaproceduretoremediateAzureDefenderforKeyVaultalertsforFabrikamincaseofexternal attackersandapotentialcompromiseofitsownAzureADapplications
✑IdentifyallcasesofuserswhofailedtosignintoanAzureresourceforthefirsttimefromagiven countryAjuniorsecurityadministratorprovidesyouwiththefollowingincompletequery
BehaviorAnalytics
|whereActivityType=="FailedLogOn"
Youneedtoremediateactiveattackstomeetthetechnicalrequirements. Whatshouldyouincludeinthesolution?
AAzureAutomationrunbooks
BAzureLogicApps
CAzureFunctions
DAzureSentinellivestreams
Answer:B
Explanation:
Reference:https://docsmicrosoftcom/en-us/azure/sentinel/automate-responses-with-playbooks
2.HOTSPOT
Youneedtocreateanadvancedhuntingquerytoinvestigatetheexecutiveteamissue Howshouldyoucompletethequery?Toanswer,selecttheappropriateoptionsintheanswerarea.NOTE: Eachcorrectselectionisworthonepoint
Answer:
3.HOTSPOT
YouneedtorecommendremediationactionsfortheAzureDefenderalertsforFabrikam Whatshouldyourecommendforeachthreat?Toanswer,selecttheappropriateoptionsintheanswer areaNOTE:Eachcorrectselectionisworthonepoint
Answer:
4.YouneedtorecommendasolutiontomeetthetechnicalrequirementsfortheAzurevirtualmachines. Whatshouldyouincludeintherecommendation?
A.just-in-time(JIT)access
BAzureDefender
C.AzureFirewall
DAzureApplicationGateway
Answer:B
Explanation:
Reference:https://docsmicrosoftcom/en-us/azure/security-center/azure-defender
5Youneedtocompletethequeryforfailedsign-instomeetthetechnicalrequirements Wherecanyoufindthecolumnnametocompletethewhereclause?
ASecurityalertsinAzureSecurityCenter
BActivityloginAzure
CAzureAdvisor
DthequerywindowsoftheLogAnalyticsworkspace
Answer:D
6.TheissueforwhichteamcanberesolvedbyusingMicrosoftDefenderforOffice365?
Aexecutive
Bmarketing
Csecurity
Dsales
Answer:B
Explanation:
Reference:
https://docsmicrosoftcom/en-us/microsoft-365/security/office-365-security/atp-for-spo-odb-and-teams? view=o365-worldwide
7.HOTSPOT
YouneedtoimplementAzureSentinelqueriesforContosoandFabrikamtomeetthetechnical requirements.
Whatshouldyouincludeinthesolution?Toanswer,selecttheappropriateoptionsintheanswerarea NOTE:Eachcorrectselectionisworthonepoint.
Answer:
8TheissueforwhichteamcanberesolvedbyusingMicrosoftDefenderforEndpoint?
Aexecutive
B.sales
Cmarketing
Answer:B
Explanation:
Reference:
https://docsmicrosoftcom/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoftdefender-atp-ios
9Topic2,Litwareinc
Casestudy
Thisisacasestudy.Casestudiesarenottimedseparately.Youcanuseasmuchexamtimeasyou wouldliketocompleteeachcaseHowever,theremaybeadditionalcasestudiesandsectionsonthis exam.Youmustmanageyourtimetoensurethatyouareabletocompleteallquestionsincludedonthis examinthetimeprovided
Toanswerthequestionsincludedinacasestudy,youwillneedtoreferenceinformationthatisprovided inthecasestudy.Casestudiesmightcontainexhibitsandotherresourcesthatprovidemoreinformation aboutthescenariothatisdescribedinthecasestudyEachquestionisindependentoftheother questionsinthiscasestudy
Attheendofthiscasestudy,areviewscreenwillappearThisscreenallowsyoutoreviewyouranswers andtomakechangesbeforeyoumovetothenextsectionoftheexamAfteryoubeginanewsection, youcannotreturntothissection
Tostartthecasestudy
Todisplaythefirstquestioninthiscasestudy,clicktheNextbuttonUsethebuttonsintheleftpaneto explorethecontentofthecasestudybeforeyouanswerthequestionsClickingthesebuttonsdisplays informationsuchasbusinessrequirements,existingenvironment,andproblemstatements.Ifthecase studyhasanAllInformationtab,notethattheinformationdisplayedisidenticaltotheinformation displayedonthesubsequenttabs.Whenyouarereadytoansweraquestion,clicktheQuestionbuttonto returntothequestion
Overview
LitwareInc.isarenewablecompany.
LitwarehasofficesinBostonandSeattleLitwarealsohasremoteuserslocatedacrosstheUnitedStates ToaccessLitwareresources,includingcloudresources,theremoteusersestablishaVPNconnectionto eitheroffice
ExistingEnvironment
IdentityEnvironment
ThenetworkcontainsanActiveDirectoryforestnamedlitwarecomthatsyncstoanAzureActive Directory(AzureAD)tenantnamedlitwarecom
Microsoft365Environment
LitwarehasaMicrosoft365E5subscriptionlinkedtothelitwarecomAzureADtenantMicrosoft DefenderforEndpointisdeployedtoallcomputersthatrunWindows10.AllMicrosoftCloudAppSecurity built-inanomalydetectionpoliciesareenabled
AzureEnvironment
LitwarehasanAzuresubscriptionlinkedtothelitwarecomAzureADtenant
ThesubscriptioncontainsresourcesintheEastUSAzureregionasshowninthefollowingtable
NetworkEnvironment
EachLitwareofficeconnectsdirectlytotheinternetandhasasite-to-siteVPNconnectiontothevirtual networksintheAzuresubscription
On-premisesEnvironment
Theon-premisesnetworkcontainsthecomputersshowninthefollowingtable
Currentproblems
CloudAppSecurityfrequentlygeneratesfalsepositivealertswhenusersconnecttobothoffices simultaneously
PlannedChanges
Litwareplanstoimplementthefollowingchanges:
✑CreateandconfigureAzureSentinelintheAzuresubscription.
✑ValidateAzureSentinelfunctionalitybyusingAzureADtestuseraccounts
BusinessRequirements
Litwareidentifiesthefollowingbusinessrequirements:
-Theprincipleofleastprivilegemustbeusedwheneverpossible
-Costsmustbeminimized,aslongasallotherrequirementsaremet
-LogscollectedbyLogAnalyticsmustprovideafullaudittrailofuseractivities
-AlldomaincontrollersmustbeprotectedbyusingMicrosoftDefenderforIdentity
AzureInformationProtectionRequirements
AllfilesthathavesecuritylabelsandarestoredontheWindows10computersmustbeavailablefromthe AzureInformationProtection–Datadiscoverydashboard
MicrosoftDefenderforEndpointrequirements
AllCloudAppSecurityunsanctionedappsmustbeblockedontheWindows10computersbyusing MicrosoftDefenderforEndpoint
MicrosoftCloudAppSecurityrequirements
CloudAppSecuritymustidentifywhetherauserconnectionisanomalousbasedontenant-leveldata
AzureDefenderRequirements
AllserversmustsendlogstothesameLogAnalyticsworkspace
AzureSentinelRequirements
LitwaremustmeetthefollowingAzureSentinelrequirements:
✑IntegrateAzureSentinelandCloudAppSecurity
✑Ensurethatausernamedadmin1canconfigureAzureSentinelplaybooks.
✑CreateanAzureSentinelanalyticsrulebasedonacustomqueryTherulemustautomaticallyinitiate theexecutionofaplaybook
✑AddnotestoeventsthatrepresentdataaccessfromaspecificIPaddresstoprovidetheabilityto referencetheIPaddresswhennavigatingthroughaninvestigationgraphwhilehunting
✑CreateatestrulethatgeneratesalertswheninboundaccesstoMicrosoftOffice365bytheAzureAD testuseraccountsisdetectedAlertsgeneratedbytherulemustbegroupedintoindividualincidents,with oneincidentpertestuseraccount
DRAGDROP
YouneedtoconfigureDC1tomeetthebusinessrequirements
Whichfouractionsshouldyouperforminsequence?Toanswer,movetheappropriateactionsfromthe listofactionstotheanswerareaandarrangetheminthecorrectorder
Answer:
Explanation:
Text
Descriptionautomaticallygeneratedwithmediumconfidence
Step1:logintohttps://portalatpazurecomasaglobaladmin
Step2:Createtheinstance
Step3ConnecttheinstancetoActiveDirectory
Step4Downloadandinstallthesensor
