Exam Details

  • Exam Code
    :SC-200
  • Exam Name
    :Microsoft Security Operations Analyst
  • Certification
    :Role-based
  • Vendor
    :Microsoft
  • Total Questions
    :320 Q&As
  • Last Updated
    :Nov 22, 2024

Microsoft Role-based SC-200 Questions & Answers

  • Question 1:

    A security administrator receives email alerts from Azure Defender for activities such as potential malware uploaded to a storage account and potential successful brute force attacks.

    The security administrator does NOT receive email alerts for activities such as antimalware action failed and suspicious network activity. The alerts appear in Azure Security Center.

    You need to ensure that the security administrator receives email alerts for all the activities.

    What should you configure in the Security Center settings?

    A. the severity level of email notifications

    B. a cloud connector

    C. the Azure Defender plans

    D. the integration settings for Threat detection

  • Question 2:

    You have a Microsoft 365 subscription that uses Microsoft 365 Defender.

    You plan to create a hunting query from Microsoft Defender.

    You need to create a custom tracked query that will be used to assess the threat status of the subscription.

    From the Microsoft 365 Defender portal, which page should you use to create the query?

    A. Threat analytics

    B. Advanced Hunting

    C. Explorer

    D. Policies and rules

  • Question 3:

    HOTSPOT

    You have a Microsoft Sentinel workspace named sws1.

    You plan to create an Azure logic app that will raise an incident in an on-premises IT service management system when an incident is generated in sws1.

    You need to configure the Microsoft Sentinel connector credentials for the logic app. The solution must meet the following requirements:

    1.

    Minimize administrative effort.

    2.

    Use the principle of least privilege.

    How should you configure the credentials? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 4:

    HOTSPOT

    You have a Microsoft Sentinel workspace named SW1.

    You plan to create a custom workbook that will include a time chart.

    You need to create a query that will identify the number of security alerts per day for each provider.

    How should you complete the query? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 5:

    You have a Microsoft 365 subscription. The subscription uses Microsoft 365 Defender and has data loss prevention (DLP) policies that have aggregated alerts configured.

    You need to identify the impacted entities in an aggregated alert.

    What should you review in the DLP alert management dashboard of the Microsoft 365 compliance center?

    A. the Events tab of the alert

    B. the Sensitive Info Types tab of the alert

    C. Management log

    D. the Details tab of the alert

  • Question 6:

    You have a Microsoft 365 subscription that uses Microsoft 365 Defender.

    You need to identify all the entities affected by an incident.

    Which tab should you use in the Microsoft 365 Defender portal?

    A. Investigations

    B. Devices

    C. Evidence and Response

    D. Alerts

  • Question 7:

    You have a Microsoft Sentinel workspace.

    You need to identify which rules are used to detect advanced multistage attacks that comprise two or more alerts or activities. The solution must minimize administrative effort.

    Which rule type should you query?

    A. Fusion

    B. Microsoft Security

    C. ML Behavior Analytics

    D. Scheduled

  • Question 8:

    You have an Azure subscription that has the enhanced security features in Microsoft Defender for Cloud enabled and contains a user named User1.

    You need to ensure that User1 can export alert data from Defender for Cloud. The solution must use the principle of least privilege.

    Which role should you assign to User1?

    A. User Access Administrator

    B. Owner

    C. Contributor

    D. Reader

  • Question 9:

    You have an Azure subscription that uses Microsoft Sentinel.

    You detect a new threat by using a hunting query.

    You need to ensure that Microsoft Sentinel automatically detects the threat. The solution must minimize administrative effort.

    What should you do?

    A. Create a playbook.

    B. Create a watchlist.

    C. Create an analytics rule.

    D. Add the query to a workbook.

  • Question 10:

    You have a Microsoft Sentinel workspace.

    You have a query named Query1 as shown in the following exhibit.

    You plan to create a custom parser named Parser 1. You need to use Query1 in Parser1.

    What should you do first?

    A. Remove line 2.

    B. In line 4. remove the TimeGenerated predicate.

    C. Remove line 5.

    D. In line 3, replace the 'contains operator with the !has operator.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-200 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.