1. Home
  2. Microsoft
  3. SC-200

Microsoft Security Operations Analyst

Exam Details

  • Exam Code
    :SC-200
  • Exam Name
    :Microsoft Security Operations Analyst
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :394 Q&As
  • Last Updated
    :Mar 22, 2025

Microsoft Microsoft Certifications SC-200 Questions & Answers

  • Question 21:

    You have an Azure subscription that has Microsoft Defender for Cloud enabled.

    You have a virtual machine that runs Windows 10 and has the Log Analytics agent installed.

    You need to simulate an attack on the virtual machine that will generate an alert.

    What should you do first?

    A. Run the Log Analytics Troubleshooting Tool.

    B. Copy and executable and rename the file as ASC_AlertTest_662jfi039N.exe.

    C. Modify the settings of the Microsoft Monitoring Agent.

    D. Run the MMASetup executable and specify the -foo argument.

  • Question 22:

    You have an Azure subscription that uses Microsoft Defender for Cloud and contains a resource group named RG1. RG1. You need to configure just in time (JIT) VM access for the virtual machines in RG1. The solution must meet the following

    1.

    Limit the maximum request time to two hours.

    2.

    Limit protocol access to Remote Desktop Protocol (RDP) only.

    3.

    Minimize administrative effort. What should you use?

    A. Azure AD Privileged Identity Management (PIM)

    B. Azure Policy

    C. Azure Front Door

    D. Azure Bastion

  • Question 23:

    You have a Microsoft Sentinel workspace that contains the following incident.

    Brute force attack against Azure Portal analytics rule has been triggered.

    You need to identify the geolocation information that corresponds to the incident. What should you do?

    A. From Overview, review the Potential malicious events map.

    B. From Incidents, review the details of the iPCustomEntity entity associated with the incident.

    C. From Incidents, review the details of the AccouncCuscomEntity entity associated with the incident.

    D. From Investigation, review insights on the incident entity.

  • Question 24:

    You have an Azure Sentinel workspace.

    You need to test a playbook manually in the Azure portal. From where can you run the test in Azure Sentinel?

    A. Playbooks

    B. Analytics

    C. Threat intelligence

    D. Incidents

  • Question 25:

    You have a Microsoft 365 E5 subscription that uses Microsoft SharePoint Online.

    You delete users from the subscription.

    You need to be notified if the deleted users downloaded numerous documents from SharePoint Online sites during the month before their accounts were deleted.

    What should you use?

    A. a file policy in Microsoft Defender for Cloud Apps

    B. an access review policy

    C. an alert policy in Microsoft Defender for Office 365

    D. an insider risk policy

  • Question 26:

    You have a custom Microsoft Sentinel workbook named Workbooks.

    You need to add a grid to Workbook1. The solution must ensure that the grid contains a maximum of 100 rows.

    What should you do?

    A. In the query editor interface, configure Settings.

    B. In the query editor interface, select Advanced Editor

    C. In the grid query, include the project operator.

    D. In the grid query, include the take operator.

  • Question 27:

    You have an Azure subscription that uses Microsoft Sentinel.

    You need to minimize the administrative effort required to respond to the incidents and remediate the security threats detected by Microsoft Sentinel.

    Which two features should you use? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    A. Microsoft Sentinel bookmarks

    B. Azure Automation runbooks

    C. Microsoft Sentinel automation rules

    D. Microsoft Sentinel playbooks

    E. Azure Functions apps

  • Question 28:

    You have a Microsoft 365 subscription that uses Microsoft 365 Defender.

    You need to identify all the entities affected by an incident.

    Which tab should you use in the Microsoft 365 Defender portal?

    A. Investigations

    B. Devices

    C. Evidence and Response

    D. Alerts

  • Question 29:

    You have a Microsoft Sentinel workspace.

    You receive multiple alerts for failed sign in attempts to an account.

    You identify that the alerts are false positives.

    You need to prevent additional failed sign-in alerts from being generated for the account. The solution must meet the following requirements:

    1.

    Ensure that failed sign-in alerts are generated for other accounts.

    2.

    Minimize administrative effort What should do?

    A. Create an automation rule.

    B. Create a watchlist.

    C. Modify the analytics rule.

    D. Add an activity template to the entity behavior.

  • Question 30:

    A company uses Azure Security Center and Azure Defender. However, the security operator of the company doesn't receive any email notifications for security alerts. What should be configured in Security Center to enable the email notifications?

    A. Pricing and settings

    B. Security solutions

    C. Security policy

    D. Azure Defender

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-200 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.