1. Home
  2. Microsoft
  3. SC-200

Microsoft Security Operations Analyst

Exam Details

  • Exam Code
    :SC-200
  • Exam Name
    :Microsoft Security Operations Analyst
  • Certification
    :Role-based
  • Vendor
    :Microsoft
  • Total Questions
    :320 Q&As
  • Last Updated
    :Nov 22, 2024

Microsoft Role-based SC-200 Questions & Answers

  • Question 61:

    HOTSPOT

    You have an Azure Storage account that will be accessed by multiple Azure Function apps during the development of an application.

    You need to hide Azure Defender alerts for the storage account.

    Which entity type and field should you use in a suppression rule? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 62:

    HOTSPOT

    You have an Azure subscription that uses Azure Defender.

    You plan to use Azure Security Center workflow automation to respond to Azure Defender threat alerts.

    You need to create an Azure policy that will perform threat remediation automatically.

    What should you include in the solution? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 63:

    HOTSPOT

    You deploy Azure Sentinel.

    You need to implement connectors in Azure Sentinel to monitor Microsoft Teams and Linux virtual machines in Azure. The solution must minimize administrative effort.

    Which data connector type should you use for each workload? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 64:

    HOTSPOT

    You need to implement Azure Sentinel queries for Contoso and Fabrikam to meet the technical requirements.

    What should you include in the solution? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 65:

    HOTSPOT

    You purchase a Microsoft 365 subscription.

    You plan to configure Microsoft Cloud App Security.

    You need to create a custom template-based policy that detects connections to Microsoft 365 apps that originate from a botnet network.

    What should you use? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 66:

    HOTSPOT

    You need to use an Azure Resource Manager template to create a workflow automation that will trigger an automatic remediation when specific security alerts are received by Azure Security Center.

    How should you complete the portion of the template that will provision the required Azure resources? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 67:

    HOTSPOT

    You are informed of an increase in malicious email being received by users.

    You need to create an advanced hunting query in Microsoft 365 Defender to identify whether the accounts of the email recipients were compromised. The query must return the most recent 20 sign-ins performed by the recipients within an

    hour of receiving the known malicious email.

    How should you complete the query? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 68:

    HOTSPOT

    You have a Microsoft 365 E5 subscription that uses Microsoft Defender and an Azure subscription that uses Azure Sentinel.

    You need to identify all the devices that contain files in emails sent by a known malicious email sender. The query will be based on the match of the SHA256 hash.

    How should you complete the query? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 69:

    HOTSPOT

    You manage the security posture of an Azure subscription that contains two virtual machines name vm1 and vm2.

    The secure score in Azure Security Center is shown in the Security Center exhibit. (Click the Security Center tab.)

    Azure Policy assignments are configured as shown in the Policies exhibit. (Click the Policies tab.)

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 70:

    HOTSPOT

    You have a Microsoft 365 E5 subscription.

    You plan to perform cross-domain investigations by using Microsoft 365 Defender.

    You need to create an advanced hunting query to identify devices affected by a malicious email attachment.

    How should you complete the query? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-200 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.