Certbus > Microsoft > Role-based > SC-200 > SC-200 Online Practice Questions and Answers

SC-200 Online Practice Questions and Answers

Questions 4

DRAG DROP

You have resources in Azure and Google cloud.

You need to ingest Google Cloud Platform (GCP) data into Azure Defender.

In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

Browse 260 Q&As
Questions 5

DRAG DROP

You are investigating an incident by using Microsoft 365 Defender.

You need to create an advanced hunting query to count failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Select and Place:

Browse 260 Q&As
Questions 6

HOTSPOT

You have an Azure subscription that has Azure Defender enabled for all supported resource types.

You create an Azure logic app named LA1.

You plan to use LA1 to automatically remediate security risks detected in Azure Security Center.

You need to test LA1 in Security Center.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Browse 260 Q&As
Questions 7

HOTSPOT

You have the following SQL query.

Hot Area:

Browse 260 Q&As
Questions 8

HOTSPOT

You have a Microsoft 365 E5 subscription that contains 200 Windows 10 devices enrolled in Microsoft Defender for Endpoint.

You need to ensure that users can access the devices by using a remote shell connection directly from the Microsoft 365 Defender portal. The solution must use the principle of least privilege.

What should you do in the Microsoft 365 Defender portal? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Browse 260 Q&As
Questions 9

HOTSPOT

You have an Azure subscription.

You plan to implement an Microsoft Sentinel workspace. You anticipate that you will ingest 20 GB of security log data per day.

You need to configure storage for the workspace. The solution must meet the following requirements:

Minimize costs for daily ingested data.

Maximize the data retention period without incurring extra costs.

What should you do for each requirement? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

Hot Area:

Browse 260 Q&As
Questions 10

HOTSPOT

You need to recommend remediation actions for the Azure Defender alerts for Fabrikam.

What should you recommend for each threat? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Browse 260 Q&As
Questions 11

Your company uses Microsoft Defender for Endpoint.

The company has Microsoft Word documents that contain macros. The documents are used frequently on the devices of the company's accounting team.

You need to hide false positive in the Alerts queue, while maintaining the existing security posture.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A. Resolve the alert automatically.

B. Hide the alert.

C. Create a suppression rule scoped to any device.

D. Create a suppression rule scoped to a device group.

E. Generate the alert.

Browse 260 Q&As
Questions 12

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

Solution: From Azure Identity Protection, you configure the sign-in risk policy.

Does this meet the goal?

A. Yes

B. No

Browse 260 Q&As
Questions 13

Your company uses Azure Security Center and Azure Defender.

The security operations team at the company informs you that it does NOT receive email notifications for security alerts.

What should you configure in Security Center to enable the email notifications?

A. Security solutions

B. Security policy

C. Pricing and settings

D. Security alerts

E. Azure Defender

Browse 260 Q&As
Questions 14

You have a Microsoft 365 tenant that uses Microsoft Exchange Online and Microsoft Defender for Office 365.

You are required to identify whether zero-hour auto purge (ZAP) moved an email message from the mailbox of a user.

Which option should you use?

A. the Threat Protection Status report in Microsoft Defender for Office 365

B. the mail flow report in Exchange

C. the mailbox audit log in Exchange

D. the Safe Attachments file types report in Microsoft Defender for Office 365

Browse 260 Q&As
Questions 15

You have an Azure Sentinel workspace.

You need to test a playbook manually in the Azure portal. From where can you run the test in Azure Sentinel?

A. Playbooks

B. Analytics

C. Threat intelligence

D. Incidents

Browse 260 Q&As
Questions 16

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You have a virtual machine named Server1 that runs Windows Server 2022 and is hosted in Amazon Web Services (AWS).

You need to collect logs and resolve vulnerabilities for Server1 by using Defender for Cloud.

What should you install first on Server1?

A. the Microsoft Monitoring Agent

B. the Azure Monitor agent

C. the Azure Arc agent

D. the Azure Pipelines agent

Browse 260 Q&As
Questions 17

You have a Microsoft Sentinel workspace named Workspace1 and 200 custom Advanced Security Information Model (ASIM) parsers based on the DNS schema.

You need to make the 200 parses available in Workspace1. The solution must minimize administrative effort.

What should you do first?

A. Copy the parsers to the Azure Monitor Logs page.

B. Create a JSON file based on the DNS template.

C. Create an XML file based on the DNS template.

D. Create a YAML file based on the DNS template.

Browse 260 Q&As
Questions 18

You need to deploy the native cloud connector to Account 1 to meet the Microsoft Defender for Cloud requirements. What should you do in Account1 first?

A. Create an AWS user for Defender for Cloud.

B. Configure AWS Security Hub.

C. Deploy the AWS Systems Manager (SSM) agent.

D. Create an Access control (IAM) role for Defender for Cloud.

Browse 260 Q&As
Exam Code: SC-200
Exam Name: Microsoft Security Operations Analyst
Last Update: Mar 17, 2024
Questions: 260 Q&As

PDF

$45.99

VCE

$49.99

PDF + VCE

$59.99