Free Microsoft SC-200 Practice Exam Questions and Answers 2026

You have a Microsoft 365 E5 subscription that contains a device named Device 1. Device 1 is enrolled in Microsoft Defender for End point. Device1 reports an incident that includes a file named File1 exe as evidence. You initiate the Collect Investigation Package action and download the ZIP file. You need to identify the first and last time File1.exe was executed. What should you review in the investigation package? 

You need to modify the anomaly detection policy settings to meet the Microsoft Defender for Cloud Apps requirements and resolve the reported problem. Which policy should you modify?

You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for Endpoint requirements.Which two configurations should you modify? Each correct answer present part of the solution. NOTE: Each correct selection is worth one point.

You need to identify which mean time metrics to use to meet the Microsoft Sentinel requirements. Which workbook should you use?

You need to ensure that you can run hunting queries to meet the Microsoft Sentinel requirements. Which type of workspace should you create?