Valentine Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netbudy65

SC-200 Microsoft Security Operations Analyst Questions and Answers

Questions 4

You have a Microsoft 365 E5 subscription.

You plan to perform cross-domain investigations by using Microsoft 365 Defender.

You need to create an advanced hunting query to identify devices affected by a malicious email attachment.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 5

You have 50 Microsoft Sentinel workspaces.

You need to view all the incidents from all the workspaces on a single page in the Azure portal. The solution must minimize administrative effort.

Which page should you use in the Azure portal?

Options:

A.

Microsoft Sentinel - Incidents

B.

Microsoft Sentinel - Workbooks

C.

Microsoft Sentinel

D.

Log Analytics workspaces

Buy Now
Questions 6

You have an Azure subscription that use Microsoft Defender for Cloud and contains a user named User1.

You need to ensure that User1 can modify Microsoft Defender for Cloud security policies. The solution must use the principle of least privilege.

Which role should you assign to User1?

Options:

A.

Security operator

B.

Security Admin

C.

Owner

D.

Contributor

Buy Now
Questions 7

You create an Azure subscription.

You enable Microsoft Defender for Cloud for the subscription.

You need to use Defender for Cloud to protect on-premises computers.

What should you do on the on-premises computers?

Options:

A.

Configure the Hybrid Runbook Worker role.

B.

Install the Connected Machine agent.

C.

Install the Log Analytics agent

D.

Install the Dependency agent.

Questions 8

You need to visualize Azure Sentinel data and enrich the data by using third-party data sources to identify indicators of compromise (IoC).

What should you use?

Options:

A.

notebooks in Azure Sentinel

B.

Microsoft Cloud App Security

C.

Azure Monitor

D.

hunting queries in Azure Sentinel

Buy Now
Questions 9

NO: 6

You have a Microsoft 365 subscription that uses Azure Defender. You have 100 virtual machines in a resource group named RG1.

You assign the Security Admin roles to a new user named SecAdmin1.

You need to ensure that SecAdmin1 can apply quick fixes to the virtual machines by using Azure Defender. The solution must use the principle of least privilege.

Which role should you assign to SecAdmin1?

Options:

A.

the Security Reader role for the subscription

B.

the Contributor for the subscription

C.

the Contributor role for RG1

D.

the Owner role for RG1

Buy Now
Questions 10

You are configuring Azure Sentinel.

You need to send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected.

Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Add a playbook.

B.

Associate a playbook to an incident.

C.

Enable Entity behavior analytics.

D.

Create a workbook.

E.

Enable the Fusion rule.

Buy Now
Questions 11

Your company has an on-premises network that uses Microsoft Defender for Identity.

The Microsoft Secure Score for the company includes a security assessment associated with unsecure Kerberos delegation.

You need remediate the security risk.

What should you do?

Options:

A.

Install the Local Administrator Password Solution (LAPS) extension on the computers listed as exposed entities.

B.

Modify the properties of the computer objects listed as exposed entities.

C.

Disable legacy protocols on the computers listed as exposed entities.

D.

Enforce LDAP signing on the computers listed as exposed entities.

Buy Now
Questions 12

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

Solution: You add each account as a Sensitive account.

Does this meet the goal?

Options:

A.

Yes

B.

No

Buy Now
Questions 13

You have a Microsoft 365 E5 subscription that contains 200 Windows 10 devices enrolled in Microsoft Defender for Endpoint.

You need to ensure that users can access the devices by using a remote shell connection directly from the Microsoft 365 Defender portal. The solution must use the principle of least privilege.

What should you do in the Microsoft 365 Defender portal? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 14

You need to remediate active attacks to meet the technical requirements.

What should you include in the solution?

Options:

A.

Azure Automation runbooks

B.

Azure Logic Apps

C.

Azure Functions

D Azure Sentinel livestreams

Buy Now
Questions 15

You need to create an advanced hunting query to investigate the executive team issue.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 16

You need to recommend a solution to meet the technical requirements for the Azure virtual machines. What should you include in the recommendation?

Options:

A.

just-in-time (JIT) access

B.

Azure Defender

C.

Azure Firewall

D.

Azure Application Gateway

Buy Now
Questions 17

The issue for which team can be resolved by using Microsoft Defender for Office 365?

Options:

A.

executive

B.

marketing

C.

security

D.

sales

Buy Now
Questions 18

You need to implement Microsoft Defender for Cloud to meet the Microsoft Defender for Cloud requirements and the business requirements. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 19

You need to implement Azure Defender to meet the Azure Defender requirements and the business requirements.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 20

You need to create the analytics rule to meet the Azure Sentinel requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 21

You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure Sentinel requirements and the business requirements.

Which role should you assign?

Options:

A.

Automation Operator

B.

Automation Runbook Operator

C.

Azure Sentinel Contributor

D.

Logic App Contributor

Buy Now
Questions 22

You need to implement the Azure Information Protection requirements. What should you configure first?

Options:

A.

Device health and compliance reports settings in Microsoft Defender Security Center

B.

scanner clusters in Azure Information Protection from the Azure portal

C.

content scan jobs in Azure Information Protection from the Azure portal

D.

Advanced features from Settings in Microsoft Defender Security Center

Buy Now
Questions 23

You need to create the test rule to meet the Azure Sentinel requirements. What should you do when you create the rule?

Options:

A.

From Set rule logic, turn off suppression.

B.

From Analytics rule details, configure the tactics.

C.

From Set rule logic, map the entities.

D.

From Analytics rule details, configure the severity.

Buy Now
Questions 24

You need to configure DC1 to meet the business requirements.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Options:

Buy Now
Questions 25

You need to modify the anomaly detection policy settings to meet the Cloud App Security requirements. Which policy should you modify?

Options:

A.

Activity from suspicious IP addresses

B.

Activity from anonymous IP addresses

C.

Impossible travel

D.

Risky sign-in

Buy Now
Questions 26

You need to configure the Azure Sentinel integration to meet the Azure Sentinel requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 27

You need to configure the Microsoft Sentinel integration to meet the Microsoft Sentinel requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 28

You need to restrict cloud apps running on CUENT1 to meet the Microsoft Defender for Endpoint requirements. Which two configurations should you modify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Options:

A.

the Cloud Discovery settings in Microsoft Defender for Cloud Apps

B.

the Onboarding settings from Device management in Settings in Microsoft 365 Defender portal

C.

Microsoft Defender for Cloud Apps anomaly detection policies

D.

Advanced features from the Endpoints Settings in the Microsoft 365 Defender portal

Buy Now
Questions 29

You need to modify the anomaly detection policy settings to meet the Microsoft Defender for Cloud Apps requirements and resolve the reported problem.

Which policy should you modify?

Options:

A.

Activity from suspicious IP addresses

B.

Risky sign-in

C.

Activity from anonymous IP addresses

D.

Impossible travel

Buy Now
Questions 30

You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for Endpoint requirements.

Which two configurations should you modify? Each correct answer present part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

the Onboarding settings from Device management in Microsoft Defender Security Center

B.

Cloud App Security anomaly detection policies

C.

Advanced features from Settings in Microsoft Defender Security Center

D.

the Cloud Discovery settings in Cloud App Security

Buy Now
Questions 31

You need to add notes to the events to meet the Azure Sentinel requirements.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of action to the answer area and arrange them in the correct order.

Options:

Buy Now
Questions 32

Which rule setting should you configure to meet the Microsoft Sentinel requirements?

Options:

A.

From Set rule logic, turn off suppression.

B.

From Analytic rule details, configure the tactics.

C.

From Set rule logic, map the entities.

D.

From Analytic rule details, configure the severity.

Buy Now
Questions 33

You have an Azure subscription that uses Microsoft Sentinel.

You detect a new threat by using a hunting query.

You need to ensure that Microsoft Sentinel automatically detects the threat. The solution must minimize administrative effort.

What should you do?

Options:

A.

Create a playbook.

B.

Create a watchlist.

C.

Create an analytics rule.

D.

Add the query to a workbook.

Buy Now
Questions 34

You have a Microsoft Sentinel workspace that contains a custom workbook.

You need to query the number of daily security alerts. The solution must meet the following requirements:

• Identify alerts that occurred during the last 30 days.

• Display the results in a timechart.

How should you complete the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 35

You have an Azure subscription that contains a Log Analytics workspace.

You need to enable just-in-time (JIT) VM access and network detections for Azure resources.

Where should you enable Azure Defender?

Options:

A.

at the subscription level

B.

at the workspace level

C.

at the resource level

Buy Now
Questions 36

You have an Azure Sentinel deployment in the East US Azure region.

You create a Log Analytics workspace named LogsWest in the West US Azure region.

You need to ensure that you can use scheduled analytics rules in the existing Azure Sentinel deployment to generate alerts based on queries to LogsWest.

What should you do first?

Options:

A.

Deploy Azure Data Catalog to the West US Azure region.

B.

Modify the workspace settings of the existing Azure Sentinel deployment

C.

Add Microsoft Sentinel to a workspace.

D.

Create a data connector in Azure Sentinel.

Buy Now
Questions 37

You have a Microsoft 365 E5 subscription that uses Microsoft 365 Defender for Endpoint.

You need to ensure that you can initiate remote shell connections to Windows servers by using the Microsoft 365 Defender portal.

What should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 38

From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 39

You need to implement the ASIM query for DNS requests. The solution must meet the Microsoft Sentinel requirements. How should you configure the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 40

You need to ensure that the configuration of HuntingQuery1 meets the Microsoft Sentinel requirements.

What should you do?

Options:

A.

Add HuntingQuery1 to a livestream.

B.

Create a watch list.

C.

Create an Azure Automation rule.

D.

Add HuntingQuery1 to favorites.

Buy Now
Questions 41

You need to implement the scheduled rule for incident generation based on rulequery1.

What should you configure first?

Options:

A.

entity mapping

B.

custom details

C.

event grouping

D.

alert details

Buy Now
Questions 42

You need to implement the Microsoft Sentinel NRT rule for monitoring the designated break glass account. The solution must meet the Microsoft Sentinel requirements.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 43

You need to monitor the password resets. The solution must meet the Microsoft Sentinel requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 44

You need to implement the query for Workbook1 and Webapp1. The solution must meet the Microsoft Sentinel requirements. How should you configure the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 45

You need to ensure that the processing of incidents generated by rulequery1 meets the Microsoft Sentinel requirements.

What should you create first?

Options:

A.

a playbook with an incident trigger

B.

a playbook with an entity trigger

C.

an Azure Automation rule

D.

a playbook with an alert trigger

Buy Now
Questions 46

You need to configure event monitoring for Server1. The solution must meet the Microsoft Sentinel requirements. What should you create first?

Options:

A.

a Microsoft Sentinel automation rule

B.

a Microsoft Sentinel scheduled query rule

C.

a Data Collection Rule (DCR)

D.

an Azure Event Grid topic

Buy Now
Questions 47

You need to implement the Defender for Cloud requirements.

What should you configure for Server2?

Options:

A.

the Microsoft Antimalware extension

B.

an Azure resource lock

C.

an Azure resource tag

D.

the Azure Automanage machine configuration extension for Windows

Buy Now
Questions 48

You need to ensure that the Group1 members can meet the Microsoft Sentinel requirements.

Which role should you assign to Group1?

Options:

A.

Microsoft Sentinel Automation Contributor

B.

Logic App Contributor

C.

Automation Operator

D.

Microsoft Sentinel Playbook Operator

Buy Now
Questions 49

You need to implement the Defender for Cloud requirements.

Which subscription-level role should you assign to Group1?

Options:

A.

Security Admin

B.

Owner

C.

Security Assessment Contributor

D.

Contributor

Buy Now
Exam Code: SC-200
Exam Name: Microsoft Security Operations Analyst
Last Update: Feb 24, 2024
Questions: 245

PDF + Testing Engine

$140

Testing Engine

$105

PDF (Q&A)

$90