Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›SC-200›Objectives›Mitigate threats using Microsoft Defender for Cloud
Objective 2.0

Mitigate threats using Microsoft Defender for Cloud

SC-200 Practice Questions

Use this page to practise threats, attacks and vulnerabilities questions. CompTIA Security+ is scenario-heavy here — you must identify not just the attack type but the most appropriate response.

Full Practice Test →All Objectives

What this objective tests

SC-200 Mitigate threats using Microsoft Defender for Cloud — Key Topics

Threats, attacks and vulnerabilities questions test whether you can identify attack types, threat actor motivations and the correct mitigation for a given scenario.

  • Threat actor types and motivations (APT, script kiddie, insider, nation-state).
  • Attack techniques: phishing, social engineering, ransomware, SQL injection, XSS.
  • Vulnerability scanning vs penetration testing vs risk assessment.
  • Mitigation strategies mapped to specific attack types.

Common exam traps

Where candidates lose marks on Mitigate threats using Microsoft Defender for Cloud

  • ⚠Social engineering targets people, not systems — the attack vector matters.
  • ⚠A vulnerability scanner finds weaknesses; it does not exploit them.
  • ⚠Phishing is email-based; vishing is voice-based; smishing is SMS-based.
  • ⚠Zero-day vulnerabilities have no patch available at the time of discovery.

SC-200 Mitigate threats using Microsoft Defender for Cloud — Practice Questions

30 questions from this objective

Question 2easymultiple choice
Full question →

A security operations analyst is reviewing recommendations in Microsoft Defender for Cloud. For a virtual machine that is missing critical security updates, which recommendation category will highlight this issue?

Question 3mediummulti select
Full question →

A security analyst is triaging security alerts in Microsoft Defender for Cloud. Which of the following are valid ways to suppress a specific alert type to reduce noise? (Choose all that apply.)

Question 4easymultiple choice
Full question →

A security analyst reviews Microsoft Defender for Cloud recommendations for an Azure virtual machine. The VM has a recommendation titled 'Install endpoint protection solution on virtual machines'. The analyst clicks on the recommendation and sees affected resources. Which of the following best describes the purpose of this recommendation in the context of Defender for Cloud?

Question 5mediummultiple choice
Full question →

A company uses Microsoft Defender for Cloud's Just-In-Time (JIT) VM access to secure its Azure virtual machines. A security analyst needs to grant a developer temporary RDP access to a specific VM for debugging purposes. Instead of using the default request approval flow, the analyst wants to configure an exemption so that the developer's access request never triggers a recommendation for that VM. Which action must the analyst perform?

Question 6mediummultiple choice
Full question →

A company runs its critical workloads on Azure Kubernetes Service (AKS). The security team wants to use Microsoft Defender for Cloud to protect the AKS clusters. After enabling Defender for Cloud on the subscription, they also need to enable the Defender for Containers plan. Which of the following capabilities becomes available specifically after enabling the Defender for Containers plan (with the plan turned on)?

Question 7easymultiple choice
Full question →

A security analyst is using Microsoft Defender for Cloud's adaptive application controls (AAC) to allowlist trusted applications on Azure VMs. After enabling AAC and running in 'Audit' mode for a week, the analyst wants to switch to 'Enforce' mode. Which pre-requisite must be met before enforcement can be applied?

Question 8mediummultiple choice
Full question →

A company uses Microsoft Defender for Cloud to protect Azure resources. They have an Azure SQL Database containing sensitive customer data. The security team wants to be alerted if a user attempts to perform SQL injection attacks against the database. Which Defender for Cloud plan must be enabled to receive SQL injection alerts?

Question 9mediummultiple choice
Full question →

A security team uses Microsoft Defender for Cloud to protect Azure virtual machines. They notice that a VM is generating alerts for unusual outbound connections. The team wants to use a Defender for Cloud feature that learns the VM's typical network behavior and provides recommendations to tighten network security group rules, while also alerting on suspicious deviations. Which feature should they enable?

Question 10easymultiple choice
Full question →

A company has enabled Microsoft Defender for Cloud on its Azure subscription. The security team wants to ensure that all existing virtual machines have a vulnerability assessment solution installed. Which Defender for Cloud feature can automatically deploy a vulnerability assessment agent to supported VMs?

Question 11mediummultiple choice
Full question →

A company uses Microsoft Defender for Cloud to protect Azure virtual machines. The security team receives an alert indicating that a VM is communicating with a known malicious IP address. Which Defender for Cloud feature can be used to automatically block outbound traffic to that IP address by adjusting the network security group (NSG)?

Question 12mediummultiple choice
Full question →

A company has Azure virtual machines running Windows Server. The security team wants to use Microsoft Defender for Cloud's vulnerability assessment solution to identify missing security updates. Which of the following is required to enable built-in vulnerability assessment for VMs?

Question 13easymultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Defender for Cloud to protect Azure virtual machines. The security team wants to identify which VMs have missing system updates such as critical security patches. Which Defender for Cloud feature should they use?

Question 14mediummultiple choice
Full question →

An organization has enabled Microsoft Defender for Cloud's enhanced security features. They want to ensure that newly provisioned Azure virtual machines automatically have the built-in vulnerability assessment solution installed. Which configuration should they enable in Defender for Cloud?

Question 15easymultiple choice
Full question →

A company wants to protect Azure virtual machines from brute force attacks by allowing remote desktop protocol (RDP) access only when explicitly requested and approved. Which Microsoft Defender for Cloud feature should they enable?

Question 16easymultiple choice
Full question →

A company enables Microsoft Defender for Cloud on its Azure subscription. The security team wants to ensure that all existing and future Azure VMs have Just-In-Time (JIT) VM access configured. Which of the following actions must the team take first to enable JIT for VMs?

Question 17mediummultiple choice
Full question →

Match each Microsoft Defender for Cloud feature on the left with its primary purpose on the right.

Question 18mediummultiple choice
Full question →

An analyst wants to enable the Defender for Containers plan in Microsoft Defender for Cloud to protect an Azure Kubernetes Service (AKS) cluster. Arrange the steps in the correct order.

Question 19mediummultiple choice
Full question →

A company uses Microsoft Defender for Cloud and wants to automatically ensure that all Azure virtual machines have a specific security configuration baseline applied (e.g., default password policies). Which Defender for Cloud feature should they leverage to audit and enforce these configurations inside the VMs?

Question 20mediummultiple choice
Full question →

A company uses Microsoft Defender for Cloud and wants to automatically remediate non-compliant Azure resources by deploying missing configurations (e.g., enabling diagnostics when not enabled). Which feature should they enable?

Question 21mediummultiple choice
Full question →

A company uses Microsoft Defender for Cloud with enhanced security features enabled. The security team wants to automatically disable the local administrative account on all existing and future Azure virtual machines by applying a guest configuration policy. Which Defender for Cloud feature should they use?

Question 22easymultiple choice
Full question →

A security analyst receives an alert in Microsoft Defender for Cloud that an Azure virtual machine is running a process with a known indicator of compromise (IOC). The analyst wants to investigate the process details, including the command line and parent process. Which feature should the analyst use to gather this information from the VM?

Question 23mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Defender for Cloud to protect an Azure Kubernetes Service (AKS) cluster. The security team wants to receive security alerts about suspicious activities within the cluster, such as a container running with root privileges or attempts to read sensitive host paths. Which Defender for Cloud plan must be enabled to generate these alerts?

Question 24easymultiple choice
Full question →

A company uses Microsoft Defender for Cloud. They need to continuously assess the compliance of their Azure resources against the CIS benchmark. Which feature should they enable?

Question 25mediummultiple choice
Full question →

A security analyst in Microsoft Defender for Cloud receives an alert that an Azure VM has a vulnerability with a high severity. The analyst wants to see the detailed finding, including the steps to remediate. Which blade or page should the analyst open?

Question 26mediummultiple choice
Full question →

A security analyst receives an alert in Microsoft Defender for Cloud about a suspicious process on an Azure VM. The alert indicates a potential credential dumping tool. The analyst needs to see the full command line and parent process of the suspicious process. Which Defender for Cloud feature should the analyst use?

Question 27mediummultiple choice
Full question →

A company uses Microsoft Defender for Cloud to manage security across multiple Azure subscriptions. They want to automatically remediate non-compliant resources when a policy violation is detected—for example, enabling encryption on a storage account that has it disabled. Which feature should they configure?

Question 28hardmultiple choice
Full question →

A security administrator wants to ensure that all Azure virtual machines have Microsoft Defender for Cloud's vulnerability assessment (VA) solution enabled automatically. They need to deploy the VA solution to new and existing VMs without manual intervention. Which method should they use?

Question 29easymultiple choice
Full question →

Your organization has multiple Azure subscriptions and wants to ensure that all of them have Microsoft Defender for Cloud's enhanced security features enabled. What is the minimal step required to achieve this for all subscriptions?

Question 30easymultiple choice
Full question →

A company wants to continuously assess the compliance of their Azure resources against the CIS (Center for Internet Security) benchmark. Which Microsoft Defender for Cloud feature should they use?

Question 31mediummultiple choice
Full question →

A security administrator wants to ensure that all existing and future Azure virtual machines have Microsoft Defender for Cloud's built-in vulnerability assessment solution (Qualys or Microsoft) installed without manual intervention. Which feature should the administrator configure?

More Mitigate threats using Microsoft Defender for Cloud questions available in the full practice test.

Continue Practising →
←

Previous objective

Mitigate threats using Microsoft Defender XDR

Next objective

Mitigate threats using Microsoft Sentinel

→

All SC-200 Objectives

  • 1.Mitigate threats using Microsoft Defender XDR
  • 2.Mitigate threats using Microsoft Defender for Cloud
  • 3.Mitigate threats using Microsoft Sentinel