1. Home
  2. Microsoft
  3. SC-200

Microsoft Security Operations Analyst

Exam Details

  • Exam Code
    :SC-200
  • Exam Name
    :Microsoft Security Operations Analyst
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :394 Q&As
  • Last Updated
    :Mar 22, 2025

Microsoft Microsoft Certifications SC-200 Questions & Answers

  • Question 121:

    You have a Microsoft 365 subscription that uses Azure Defender.

    You have 100 virtual machines in a resource group named RG1.

    You assign the Security Admin roles to a new user named SecAdmin1.

    You need to ensure that SecAdmin1 can apply quick fixes to the virtual machines by using Azure Defender. The solution must use the principle of least privilege.

    Which role should you assign to SecAdmin1?

    A. the Security Reader role for the subscription

    B. the Contributor for the subscription

    C. the Contributor role for RG1

    D. the Owner role for RG1

  • Question 122:

    You provision a Linux virtual machine in a new Azure subscription.

    You enable Azure Defender and onboard the virtual machine to Azure Defender.

    You need to verify that an attack on the virtual machine triggers an alert in Azure Defender.

    Which two Bash commands should you run on the virtual machine? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    A. cp /bin/echo ./asc_alerttest_662jfi039n

    B. ./alerttest testing eicar pipe

    C. cp /bin/echo ./alerttest

    D. ./asc_alerttest_662jfi039n testing eicar pipe

  • Question 123:

    You create an Azure subscription named sub1.

    In sub1, you create a Log Analytics workspace named workspace1.

    You enable Azure Security Center and configure Security Center to use workspace1.

    You need to ensure that Security Center processes events from the Azure virtual machines that report to workspace1.

    What should you do?

    A. In workspace1, install a solution.

    B. In sub1, register a provider.

    C. From Security Center, create a Workflow automation.

    D. In workspace1, create a workbook.

  • Question 124:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

    others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You use Azure Security Center.

    You receive a security alert in Security Center.

    You need to view recommendations to resolve the alert in Security Center.

    Solution: From Security alerts, you select the alert, select Take Action, and then expand the Prevent future attacks section.

    Does this meet the goal?

    A. Yes

    B. No

  • Question 125:

    You receive an alert from Azure Defender for Key Vault.

    You discover that the alert is generated from multiple suspicious IP addresses.

    You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must minimize the impact on legitimate users.

    What should you do first?

    A. Modify the access control settings for the key vault.

    B. Enable the Key Vault firewall.

    C. Create an application security group.

    D. Modify the access policy for the key vault.

  • Question 126:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

    others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You are configuring Microsoft Defender for Identity integration with Active Directory.

    From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

    Solution: You add the accounts to an Active Directory group and add the group as a Sensitive group.

    Does this meet the goal?

    A. Yes

    B. No

  • Question 127:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

    others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You are configuring Microsoft Defender for Identity integration with Active Directory.

    From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

    Solution: From Azure Identity Protection, you configure the sign-in risk policy.

    Does this meet the goal?

    A. Yes

    B. No

  • Question 128:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

    others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You are configuring Microsoft Defender for Identity integration with Active Directory.

    From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

    Solution: From Entity tags, you add the accounts as Honeytoken accounts.

    Does this meet the goal?

    A. Yes

    B. No

  • Question 129:

    You have the following advanced hunting query in Microsoft 365 Defender.

    You need to receive an alert when any process disables System Restore on a device managed by Microsoft Defender during the last 24 hours.

    Which two actions should you perform? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    A. Create a detection rule.

    B. Create a suppression rule.

    C. Add | order by Timestamp to the query.

    D. Replace DeviceProcessEvents with DeviceNetworkEvents.

    E. Add DeviceId and ReportId to the output of the query.

  • Question 130:

    You are investigating a potential attack that deploys a new ransomware strain.

    You plan to perform automated actions on a group of highly valuable machines that contain sensitive information.

    You have three custom device groups.

    You need to be able to temporarily group the machines to perform actions on the devices.

    Which three actions should you perform? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    A. Add a tag to the device group.

    B. Add the device users to the admin role.

    C. Add a tag to the machines.

    D. Create a new device group that has a rank of 1.

    E. Create a new admin role.

    F. Create a new device group that has a rank of 4.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-200 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.