SC-200 • Mock Exam 90
Free SC-200 mock exam — 25 questions with explanations. Set 90. No signup required.
You are a SOC analyst at Contoso. The environment includes Microsoft Sentinel in a single workspace, Microsoft Defender XDR (including Defender for Endpoint, Defender for Office 365, Defender for Identity, and Defender for Cloud Apps), Microsoft Entra ID, and Microsoft Intune. You need to design a solution to automatically triage and respond to phishing incidents detected by Defender for Office 365. The requirements are: 1) When a phishing alert is generated with high confidence, an incident should be automatically created in Sentinel. 2) The incident should be assigned to the 'Phishing' team and have a severity of High. 3) A playbook should run that will send a Teams message to the Phishing team and also block the sender in Exchange Online. 4) The incident should be automatically closed if the playbook successfully executes. What should you do?