SC-200 · topic practice

Mitigate threats using Microsoft Defender for Cloud practice questions

Use this page to practise threats, attacks and vulnerabilities questions. CompTIA Security+ is scenario-heavy here — you must identify not just the attack type but the most appropriate response.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Mitigate threats using Microsoft Defender for Cloud

What the exam tests

What to know about Mitigate threats using Microsoft Defender for Cloud

Threats, attacks and vulnerabilities questions test whether you can identify attack types, threat actor motivations and the correct mitigation for a given scenario.

Threat actor types and motivations (APT, script kiddie, insider, nation-state).

Attack techniques: phishing, social engineering, ransomware, SQL injection, XSS.

Vulnerability scanning vs penetration testing vs risk assessment.

Mitigation strategies mapped to specific attack types.

Watch out for

Common Mitigate threats using Microsoft Defender for Cloud exam traps

  • Social engineering targets people, not systems — the attack vector matters.
  • A vulnerability scanner finds weaknesses; it does not exploit them.
  • Phishing is email-based; vishing is voice-based; smishing is SMS-based.
  • Zero-day vulnerabilities have no patch available at the time of discovery.

Practice set

Mitigate threats using Microsoft Defender for Cloud questions

20 questions · select your answer, then reveal the explanation

A security operations analyst is reviewing recommendations in Microsoft Defender for Cloud. For a virtual machine that is missing critical security updates, which recommendation category will highlight this issue?

A security analyst is triaging security alerts in Microsoft Defender for Cloud. Which of the following are valid ways to suppress a specific alert type to reduce noise? (Choose all that apply.)

A security analyst reviews Microsoft Defender for Cloud recommendations for an Azure virtual machine. The VM has a recommendation titled 'Install endpoint protection solution on virtual machines'. The analyst clicks on the recommendation and sees affected resources. Which of the following best describes the purpose of this recommendation in the context of Defender for Cloud?

A company uses Microsoft Defender for Cloud's Just-In-Time (JIT) VM access to secure its Azure virtual machines. A security analyst needs to grant a developer temporary RDP access to a specific VM for debugging purposes. Instead of using the default request approval flow, the analyst wants to configure an exemption so that the developer's access request never triggers a recommendation for that VM. Which action must the analyst perform?

A company runs its critical workloads on Azure Kubernetes Service (AKS). The security team wants to use Microsoft Defender for Cloud to protect the AKS clusters. After enabling Defender for Cloud on the subscription, they also need to enable the Defender for Containers plan. Which of the following capabilities becomes available specifically after enabling the Defender for Containers plan (with the plan turned on)?

A security analyst is using Microsoft Defender for Cloud's adaptive application controls (AAC) to allowlist trusted applications on Azure VMs. After enabling AAC and running in 'Audit' mode for a week, the analyst wants to switch to 'Enforce' mode. Which pre-requisite must be met before enforcement can be applied?

A company uses Microsoft Defender for Cloud to protect Azure resources. They have an Azure SQL Database containing sensitive customer data. The security team wants to be alerted if a user attempts to perform SQL injection attacks against the database. Which Defender for Cloud plan must be enabled to receive SQL injection alerts?

A security team uses Microsoft Defender for Cloud to protect Azure virtual machines. They notice that a VM is generating alerts for unusual outbound connections. The team wants to use a Defender for Cloud feature that learns the VM's typical network behavior and provides recommendations to tighten network security group rules, while also alerting on suspicious deviations. Which feature should they enable?

A company has enabled Microsoft Defender for Cloud on its Azure subscription. The security team wants to ensure that all existing virtual machines have a vulnerability assessment solution installed. Which Defender for Cloud feature can automatically deploy a vulnerability assessment agent to supported VMs?

A company uses Microsoft Defender for Cloud to protect Azure virtual machines. The security team receives an alert indicating that a VM is communicating with a known malicious IP address. Which Defender for Cloud feature can be used to automatically block outbound traffic to that IP address by adjusting the network security group (NSG)?

A company has Azure virtual machines running Windows Server. The security team wants to use Microsoft Defender for Cloud's vulnerability assessment solution to identify missing security updates. Which of the following is required to enable built-in vulnerability assessment for VMs?

Question 12easymultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Defender for Cloud to protect Azure virtual machines. The security team wants to identify which VMs have missing system updates such as critical security patches. Which Defender for Cloud feature should they use?

An organization has enabled Microsoft Defender for Cloud's enhanced security features. They want to ensure that newly provisioned Azure virtual machines automatically have the built-in vulnerability assessment solution installed. Which configuration should they enable in Defender for Cloud?

A company wants to protect Azure virtual machines from brute force attacks by allowing remote desktop protocol (RDP) access only when explicitly requested and approved. Which Microsoft Defender for Cloud feature should they enable?

A company enables Microsoft Defender for Cloud on its Azure subscription. The security team wants to ensure that all existing and future Azure VMs have Just-In-Time (JIT) VM access configured. Which of the following actions must the team take first to enable JIT for VMs?

Match each Microsoft Defender for Cloud feature on the left with its primary purpose on the right.

An analyst wants to enable the Defender for Containers plan in Microsoft Defender for Cloud to protect an Azure Kubernetes Service (AKS) cluster. Arrange the steps in the correct order.

A company uses Microsoft Defender for Cloud and wants to automatically ensure that all Azure virtual machines have a specific security configuration baseline applied (e.g., default password policies). Which Defender for Cloud feature should they leverage to audit and enforce these configurations inside the VMs?

A company uses Microsoft Defender for Cloud and wants to automatically remediate non-compliant Azure resources by deploying missing configurations (e.g., enabling diagnostics when not enabled). Which feature should they enable?

A company uses Microsoft Defender for Cloud with enhanced security features enabled. The security team wants to automatically disable the local administrative account on all existing and future Azure virtual machines by applying a guest configuration policy. Which Defender for Cloud feature should they use?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Mitigate threats using Microsoft Defender for Cloud sessions

Start a Mitigate threats using Microsoft Defender for Cloud only practice session

Every question in these sessions is drawn from the Mitigate threats using Microsoft Defender for Cloud domain — nothing else.

Related practice questions

Related SC-200 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the SC-200 exam test about Mitigate threats using Microsoft Defender for Cloud?
Threats, attacks and vulnerabilities questions test whether you can identify attack types, threat actor motivations and the correct mitigation for a given scenario.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Mitigate threats using Microsoft Defender for Cloud questions in a focused session?
Yes — the session launcher on this page draws every question from the Mitigate threats using Microsoft Defender for Cloud domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other SC-200 topics?
Use the topic links above to move to related areas, or go back to the SC-200 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the SC-200 exam covers. They are not copied from any real exam or dump site.