Microsoft Security Operations Analyst Associate SC-200 Practice Question
You open a high-severity alert generated by Microsoft Defender for Cloud for an Azure virtual machine that is covered by Defender for Servers Plan 2. You must determine which process on the VM initiated the suspicious outbound connection and then block it from executing. Which built-in action on the alert page should you select first?
Download the alert details as a CSV file
Investigate in Microsoft Defender for Endpoint
Open the affected resources in Azure Resource Graph Explorer
Trigger the linked Azure Logic Apps remediation playbook
For Azure VMs protected by Defender for Servers Plan 2, Microsoft Defender for Cloud automatically integrates with Microsoft Defender for Endpoint (MDE). When you choose the Investigate in Microsoft Defender for Endpoint action from the alert page, Defender for Cloud opens the corresponding incident in MDE, where the device timeline and process tree reveal the executable that triggered the network call. From the same portal you can then block or quarantine the offending process. The other options either export data without providing process-level insight (CSV download), initiate an automated response without first identifying the executable (Logic App), or display resource inventory data that does not expose per-process activity (Resource Graph Explorer).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Microsoft Defender for Endpoint?
Open an interactive chat with Bash
How does Defender for Servers Plan 2 integrate with Microsoft Defender for Endpoint?
Open an interactive chat with Bash
What is the device timeline in Microsoft Defender for Endpoint?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Manage incident response
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .