SC-200: Microsoft Security Operations Analyst Preparation

Table of Contents

Microsoft SC-200 Exam

Practice Test I

Answers & Explanation:

Practice Test II

Answers & Explanation

GOOD LUCK

Microsoft SC-200 Exam

This Book is a study guide for the new Microsoft SC-200 Microsoft Security Operations Analyst certification exam.

In this Book we offer the Latest, Exclusive and the most Recurrent Questions & detailed Explanation, Study Cases and References.

This Book will give you’re the opportunity to Pass Your Exam on the First Try (Latest Exclusive Questions & Explanation)

This SC-200: Microsoft Security Operations Analyst Preparation book offers professional-level preparation that helps candidates maximize their exam performance and sharpen their skills on the job.

Practice Test I

1) You need to implement Azure Sentinel queries for Contoso and Fabrikam to meet the technical requirements.

What should you include in the solution?

To answer, select the appropriate options in the answer area.

NOTE Each correct selection is worth one point.

Answer Area:

I- Minimum number of Log Analytics workspaces required in the Azure subscription of Fabrikam:

a) 0

b) 1

c) 2

d) 3

II- Query element required to correlate data between tenants:

a) extend.

b) project.

c) workspace.

2) A security administrator receives email alerts from Azure Defender for activities such as potential malware uploaded to a storage account and potential successful brute force attacks.

The security administrator does NOT receive email alerts for activities such as antimalware action failed and suspicious network activity. The alerts appear in Azure Security Center.

You need to ensure that the security administrator receives email alerts for all the activities.

What should you configure in the Security Center settings?

A. the severity level of email notifications

B. a cloud connector

C. the Azure Defender plans

D. the integration settings for Threat detection

3) You create an Azure subscription.

You enable Azure Defender for the subscription.

You need to use Azure Defender to protect on-premises computers.

What should you do on the on-premises computers?

A. Install the Log Analytics agent.

B. Install the Dependency agent.

C. Configure the Hybrid Runbook Worker role.

D. Install the Connected Machine agent.

4) You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for Endpoint requirements.

Which two configurations should you modify? Each correct answer present part of the solution.

A. the Onboarding settings from Device management in Microsoft Defender Security Center

B. Cloud App Security anomaly detection policies

C. Advanced features from Settings in Microsoft Defender Security Center

D. the Cloud Discovery settings in Cloud App Security

5) You have Linux virtual machines on Amazon Web Services (AWS).

You deploy Azure Defender and enable auto - provisioning.

You need to monitor the virtual machines by using Azure Defender.

Solution: You enable Azure Arc and onboard the virtual machines to Azure Arc.

Does this meet the goal?

A. Yes

B. No

6) You use Azure Security Center; you receive a security alert in Security Center. You need to view recommendations to resolve the alert in Security Center.

What should you do?

A- From Security alert, select the alert, select Take Action, and then expand the Prevent future attacks section.

B- From Security alerts, select the alert, select Take Action, and then expand the Mitigate the threat section.

C- From Regulatory compliance, download the report.

D- From Recommendations, download the CSV report.

7) You plan to create a data loss prevention (DLP) policy that will be used with insider risk management. The severity level is set to Low. You need to ensure that insider risk management alerts are generated from rules in the DLP policies.

What should you do?

A- Set the severity level to Medium

B- Scope the policy to only specified users

C- Set the scope of the policy to the Data leaks template

D- Set the severity level to High

8) DRAG DROP -

You have an Azure Functions app that generates thousands of alerts in Azure Security Center each day for normal activity. You need to hide the alerts automatically in Security Center. Which three actions should you perform in sequence in Security Center?

Select and Place:

Answer Area:

1).................................................

2).................................................

3).................................................

9) You create an Azure subscription.

You enable Azure Defender for the subscription. You need to use Azure Defender to protect on - premises computers.

What should you do on the on-premises computers?

A- Install the Dependency agent.

B- Install the Connected Machine agent.

C- Configure the Hybrid Runbook Worker role.

D- Install the Log Analytics agent.

10) You need to remediate active attacks to meet the technical requirements.

What should you include in the solution?

A- Azure Functions

B- Azure Automation runbooks

C- Azure Logic Apps

D- Azure Sentinel livestreams

11) You need to complete the query for failed sign-ins to meet the technical requirements.

Where can you find the column name to complete the where clause?

A- Security alerts in Azure Security Center.

B- the query window of the Log Analytics workspace.

C- Activity log in Azure.

D- Azure Advisor.

12) You have an Azure subscription named Sub1 and a Microsoft 365 subscription. Sub1 is linked to an Azure Active Directory (Azure AD) tenant named contoso.com.

You create an Azure Sentinel workspace named workspace1. In workspace1, you activate an Azure AD connector for contoso.com and an Office 365 connector for the Microsoft 365 subscription.

You need to use the Fusion rule to detect multi-staged attacks that include suspicious sign-ins to contoso.com followed by anomalous Microsoft Office 365 activity.

Which two actions should you perform? Each correct answer present part of the solution. (Choose 2)

A. Create custom rule based on the Office 365 connector templates.

B. Create a Microsoft incident creation rule based on Azure Security Center.

C. Create a Microsoft Cloud App Security connector.

D. Create an Azure AD Identity Protection connector.

13) You have a playbook in Azure Sentinel.

When you trigger the playbook, it sends an email to a distribution group.

You need to modify the playbook to send the email to the owner of the resource instead of the distribution group.

What should you do?

A. Add a parameter and modify the trigger.

B. Add a custom data connector and modify the trigger.

C. Add a condition and modify the action.

D. Add an alert and modify the action.

14) You are configuring Microsoft Cloud App Security.

You have a custom threat detection policy based on the IP address ranges of your company's United States-based offices.

You receive many alerts related to impossible travel and sign-ins from risky IP addresses.

You determine that 99% of the alerts are legitimate sign-ins from your corporate offices.

You need to prevent alerts for legitimate sign-ins from known locations.

Which two actions should you perform?

Each correct answer presents part of the solution.

(Choose 2)

A. Configure automatic data enrichment.

B. Add the IP addresses to the corporate address range category.

C. Increase the sensitivity level of the impossible travel anomaly detection policy.

D. Add the IP addresses to the other address range category and add a tag.

E. Create an activity policy that has an exclusion for the IP addresses.

15) Your company has a single office in Istanbul and a Microsoft 365 subscription.

The company plans to use conditional access policies to enforce multi - factor authentication (MFA).

You need to enforce MFA for all users who work remotely.

What should you include in the solution?

A- a sign-in user policy

B- a user risk policy

C- a named location

D- a fraud alert.

16) You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for Identity portal, you need to configure several accounts for attacker Solution: You add each account as a Sensitive account.

Does this meet the goal?

A. Yes

B. No

17) You have a third-party security information and event management (SIEM) solution.

You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD) sign-events in near real