Free Practice Microsoft SC-200 Exam Questions 2025

You have a Microsoft Sentinel workspace.

You need to identify which rules are used to detect advanced multistage attacks that comprise two or more alerts or activities. The solution must minimize administrative effort.

Which rule type should you query?

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint and contains the devices shown in the following table.You initiate a live response session on each device. You need to collect a Defender for Endpoint investigation package from each device.On which devices can you collect the package by running advanced live response commands from the command-line interface (CLI)?  

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint and contains the devices shown in the following table.You initiate a live response session on each device. You need to collect a Defender for Endpoint investigation package from each device.On which devices can you collect the package by running advanced live response commands from the command-line interface (CLI)?  

You have a Microsoft 365 subscription.You have 1,000 Windows devices that have a third-party antivirus product installed and MicrosoftDefender Antivirus in passive mode. You need to ensure that the devices are protected frommalicious artifacts that were undetected by the third-party antivirus product. Solution: You configureControlled folder access. Does this meet the goal? 

You have a Microsoft 365 subscription that uses Microsoft Defender for Cloud Apps and has Cloud Discovery enabled.

You need to enrich the Cloud Discovery data. The solution must ensure that usernames in the Cloud Discovery traffic logs are associated with the user principal name (UPN) of the corresponding Microsoft Entra ID user accounts.

What should you do first?