Crucial Exams

Microsoft Security Operations Analyst Associate SC-200 Practice Question

You plan to use the native deception capability in Microsoft Defender XDR to detect lateral-movement attempts that rely on harvesting local administrator credentials from Windows 10 endpoints.

You create a new deception rule that deploys a credential lure (honeytoken) and assign the rule to a device group that contains 50 Windows 10 21H2 computers.

While configuring the rule, which setting must you enable so that the lure is actually written into LSASS on the targeted devices and an alert is generated if the credentials are used on another device?

  • Select Local Administrator credential type instead of Domain Administrator.

  • Increase the maximum number of targeted devices to more than 100.

  • Change the rule mode from Audit to Enforce.

  • Enable automatic device assignment for the rule.

Microsoft Security Operations Analyst Associate SC-200
Configure protections and detections
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot