ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 2 question 5 discussion

Actual exam question from Microsoft's SC-200
Question #: 5
Topic #: 2
[All SC-200 Questions]

You provision a Linux virtual machine in a new Azure subscription.
You enable Azure Defender and onboard the virtual machine to Azure Defender.
You need to verify that an attack on the virtual machine triggers an alert in Azure Defender.
Which two Bash commands should you run on the virtual machine? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. cp /bin/echo ./asc_alerttest_662jfi039n
  • B. ./alerttest testing eicar pipe
  • C. cp /bin/echo ./alerttest
  • D. ./asc_alerttest_662jfi039n testing eicar pipe
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by somsom at April 4, 2021, 8:11 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
somsom
Highly Voted 4 years ago
correct
upvoted 18 times
...
AlaReAla
Highly Voted 3 years, 6 months ago
Why is it so important to copy the file ONLY as "asc_alerttest_662jfi039n". Please consider that I am a newbie in securities, and help guide me, thanks.
upvoted 11 times
kakakayayaya
3 years, 4 months ago
any legal file name can be used
upvoted 2 times
03allen
2 years, 3 months ago
seems not right as BC's only difference is the file name
upvoted 5 times
...
...
...
Nikki0222
Most Recent 6 months ago
AD correct
upvoted 1 times
...
asquante
1 year, 1 month ago
The answer is correct, but the question itself is outdated. The doc link now shows a much simpler command curl -O https://secure.eicar.org/eicar.com.txt https://learn.microsoft.com/en-us/azure/defender-for-cloud/alert-validation#simulate-alerts-on-your-azure-vms-linux-
upvoted 4 times
...
Ramye
1 year, 2 months ago
Note: There's no Azure Defender now. It is now Defender for Cloud. So this might be (should be) reflected in the exam if this is asked..
upvoted 3 times
...
chepeerick
1 year, 6 months ago
Option AD
upvoted 1 times
...
cris_exam
1 year, 7 months ago
Seems right as it is. Check this doc link below from step 3. https://learn.microsoft.com/en-us/azure/defender-for-cloud/alert-validation#simulate-workload-alerts-k8snode_-prefix "Copy the executable to a separate location and rename it to ./asc_alerttest_662jfi039n with the following command cp /bin/echo ./asc_alerttest_662jfi039n. Execute the file ./asc_alerttest_662jfi039n testing eicar pipe."
upvoted 3 times
...
Oryx360
1 year, 8 months ago
Selected Answer: CD
To verify that an attack on the virtual machine triggers an alert in Azure Defender, you can use a test utility provided by Microsoft called "asc-alert-test." This utility is designed to safely simulate attacks and generate alerts for testing purposes. The correct commands are: C. cp /bin/echo ./alerttest D. ./asc_alerttest_662jfi039n testing eicar pipe Explanation: Command C: Copies the /bin/echo binary to create a test utility named alerttest which will be used to simulate the attack. Command D: Executes the asc_alerttest_662jfi039n utility with the appropriate parameters (testing eicar pipe) to simulate the attack and generate the alert. Commands A and B are incorrect because they refer to incorrect utility names or parameters. Remember, while using this utility, ensure you have necessary permissions and follow your organization's policies for testing and verifying security controls.
upvoted 1 times
...
imhere4you
1 year, 10 months ago
On exam - 19 June 2023
upvoted 5 times
...
tatendazw
1 year, 10 months ago
1. rename executable to ./asc_alerttest_662jfi039n 2. cp /bin/echo ./asc_alerttest_662jfi039n 3. Run in command prompt ./asc_alerttest_662jfi039n testing eicar pipe 4. Check Defender for Cloud alerts after about 10 mins to see an alert https://learn.microsoft.com/en-us/azure/defender-for-cloud/alert-validation#simulate-alerts-on-your-azure-vms-linux-
upvoted 3 times
...
teouba
2 years ago
These answers are ridiculous, what is the difference if we choose B and C? They are the exact same commands with different naming for the file
upvoted 2 times
Holii
2 years ago
I believe the filename has to follow this strict naming convention to trigger the validation alert. This is used for validation testing without requiring an actual malicious file. If they had it on every file it'd be throwing alerts on every .exe, cause it's not like you're running anything inherently 'bad'. https://learn.microsoft.com/en-us/azure/defender-for-cloud/alert-validation#simulate-alerts-on-your-azure-vms-linux-
upvoted 5 times
aruninsiva
1 year, 9 months ago
yes. '662jfi039n' is the alert triggering filename.
upvoted 1 times
...
...
...
CatoFong
2 years, 9 months ago
Selected Answer: AD
correct
upvoted 3 times
...
feln
3 years, 1 month ago
Selected Answer: AD
correct
upvoted 3 times
...
TomG
3 years, 1 month ago
Selected Answer: AD
Given answers are correct
upvoted 4 times
...
Ken88
3 years, 1 month ago
Selected Answer: AD
correct
upvoted 3 times
...
iov
3 years, 1 month ago
correct
upvoted 2 times
...
stromnessian
3 years, 2 months ago
Selected Answer: AD
AD is correct I'd say.
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago