End Month Biggest Discount Flat 55% Offer - Ends in 0d 00h 00m 00s - Coupon code: 63r59951

SC-200 Microsoft Security Operations Analyst Questions and Answers

Questions 4

Your company deploys the following services:

  • Microsoft Defender for Identity
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Office 365

You need to provide a security analyst with the ability to use the Microsoft 365 security center. The analyst must be able to approve and reject pending actions generated by Microsoft Defender for Endpoint. The solution must use the principle of least privilege.

Which two roles should assign to the analyst? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

the Compliance Data Administrator in Azure Active Directory (Azure AD)

B.

the Active remediation actions role in Microsoft Defender for Endpoint

C.

the Security Administrator role in Azure Active Directory (Azure AD)

D.

the Security Reader role in Azure Active Directory (Azure AD)

Buy Now
Questions 5

You are informed of a new common vulnerabilities and exposures (CVE) vulnerability that affects your environment.

You need to use Microsoft Defender Security Center to request remediation from the team responsible for the affected systems if there is a documented active exploit available.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Options:

Buy Now
Questions 6

You need to implement Azure Sentinel queries for Contoso and Fabrikam to meet the technical requirements.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 7

You need to remediate active attacks to meet the technical requirements.

What should you include in the solution?

Options:

A.

Azure Automation runbooks

B.

Azure Logic Apps

C.

Azure Functions

D Azure Sentinel livestreams

Buy Now
Questions 8

You need to complete the query for failed sign-ins to meet the technical requirements.

Where can you find the column name to complete the where clause?

Options:

A.

Security alerts in Azure Security Center

B.

Activity log in Azure

C.

Azure Advisor

D.

the query windows of the Log Analytics workspace

Buy Now
Questions 9

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

Solution: From Entity tags, you add the accounts as Honeytoken accounts.

Does this meet the goal?

Options:

A.

Yes

B.

No

Buy Now
Questions 10

You have a Microsoft 365 E5 subscription.

You plan to perform cross-domain investigations by using Microsoft 365 Defender.

You need to create an advanced hunting query to identify devices affected by a malicious email attachment.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 11

You need to create an advanced hunting query to investigate the executive team issue.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 12

You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure Sentinel requirements and the business requirements.

Which role should you assign?

Options:

A.

Automation Operator

B.

Automation Runbook Operator

C.

Azure Sentinel Contributor

D.

Logic App Contributor

Buy Now
Questions 13

You need to create the analytics rule to meet the Azure Sentinel requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 14

You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for Endpoint requirements.

Which two configurations should you modify? Each correct answer present part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

the Onboarding settings from Device management in Microsoft Defender Security Center

B.

Cloud App Security anomaly detection policies

C.

Advanced features from Settings in Microsoft Defender Security Center

D.

the Cloud Discovery settings in Cloud App Security

Buy Now
Exam Code: SC-200
Exam Name: Microsoft Security Operations Analyst
Last Update: Sep 25, 2021
Questions: 98

PDF + Testing Engine

$179.99

Testing Engine

$134.99

PDF (Q&A)

$124.99