1. Home
  2. Microsoft
  3. SC-200

Microsoft Security Operations Analyst

Exam Details

  • Exam Code
    :SC-200
  • Exam Name
    :Microsoft Security Operations Analyst
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :394 Q&As
  • Last Updated
    :Mar 22, 2025

Microsoft Microsoft Certifications SC-200 Questions & Answers

  • Question 261:

    HOTSPOT

    You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains a Windows device named Device1.

    You initiate a live response session on Device1 and launch an executable file named File1.exe in the background.

    You need to perform the following actions:

    1.

    Identify the command ID of File1.exe.

    2.

    Interact with File1.exe.

    Which live response command should you run for each action? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 262:

    HOTSPOT

    You have a Microsoft 365 subscription that uses Microsoft Purview and contains a Microsoft SharePoint Online site named Site1.

    Site1 contains the files shown in the following table.

    From Microsoft Purview, you create the content search queries shown in the following table.

    For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 263:

    HOTSPOT

    You have an Azure subscription that contains a user named User1 and a Microsoft Sentinel workspace named WS1.

    You deploy Advanced Security Information Model (ASIM) authentication parsers to WS1.

    You need to use the parsers to query the authentication events generated by User1 during the last 24 hours. The solution must maximize the performance of the query.

    How should you complete the query? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 264:

    HOTSPOT

    You have a Microsoft 365 subscription.

    You need to identify all the security principals that submitted requests to change or delete groups.

    How should you complete the KQL query? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 265:

    HOTSPOT

    You have a Microsoft Sentinel workspace.

    You plan to visualize data from Microsoft SharePoint Online and OneDrive sites.

    You need to create a KQL query for the visual. The solution must meet the following requirements:

    1.

    Select all workloads as a single operation.

    2.

    Include two parameters named Operations and Users.

    3.

    In the results, exclude empty values for the site URLs.

    How should you complete the query? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 266:

    HOTSPOT

    You have a Microsoft Sentinel workspace that contains a custom workbook.

    You need to query for a summary of security events. The solution must meet the following requirements:

    1.

    Identify the number of security events ingested during the past week.

    2.

    Display the count of events by day in a chart.

    How should you complete the query? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 267:

    HOTSPOT

    You have a Microsoft Sentinel workspace that contains a custom workbook named Workbook1.

    You need to create a visual in Workbook1 that will display the logon count for accounts that have logon event IDs of 4624 and 4634.

    How should you complete the query? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 268:

    HOTSPOT

    You have a Microsoft 365 subscription that uses Microsoft Defender XDR.

    You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours.

    How should you complete the query? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 269:

    HOTSPOT

    You need to create an advanced hunting query to investigate the executive team issue.

    How should you complete the query? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 270:

    HOTSPOT

    You need to recommend remediation actions for the Microsoft Defender for Cloud alerts for Fabrikam.

    What should you recommend for each threat? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-200 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.