SC-200

You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in.Which anomaly detection policy should you use?

This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You are configuring Microsoft Defender for Identity integration with Active Directory.From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.Solution: From Entity tags, you add the accounts as Honeytoken accounts.Does this meet the goal?

What does the search operator do?

What are project operators?

You can classify an Incident as which of the following?

What describes Safe Attachments from Microsoft Defender for Office 365?

How can you ensure that a file is sent into quarantine for review by an administrator?

Your company has a single office in Istanbul and a Microsoft 365 subscription.The company plans to use conditional access policies to enforce multi-factor authentication (MFA).You need to enforce MFA for all users who work remotely.What should you include in the solution?

You create an Azure subscription named sub1.In sub1, you create a Log Analytics workspace named workspace1.You enable Azure Security Center and configure Security Center to use workspace1.You need to collect security event logs from the Azure virtual machines that report to workspace1.What should you do?

You create an Azure subscription. You enable Azure Defender for the subscription. You need to use Azure Defender to protect on-premises computers. What should you do on the on-premises computers?