Skip to Content

Microsoft Security Operations Analyst SC-200 Exam Questions and Answers – 1

The latest Microsoft Security Operations Analyst SC-200 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft Security Operations Analyst SC-200 exam and earn Microsoft Security Operations Analyst SC-200 certification.

Microsoft Security Operations Analyst SC-200 Exam Questions and Answers

Question 91

Question

You create a custom analytics rule to detect threats in Azure Sentinel. You discover that the rule fails intermittently. What are two possible causes of the failures? (Each correct answer presents part of the solution. Choose two.)

A. The rule query takes too long to run and times out.
B. The target workspace was deleted.
C. Permissions to the data sources of the rule query were modified.
D. There are connectivity issues between the data sources and Log Analytics.

Answer

A. The rule query takes too long to run and times out.
D. There are connectivity issues between the data sources and Log Analytics.

Question 92

Question

You are configuring Microsoft Defender for Identity integration with Active Directory. From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.
Solution: You add each account as a Sensitive account.
Does this meet the goal?

A. Yes
B. No

Answer

B. No

Reference

Question 93

Question

You have Linux virtual machines on Amazon Web Services (AWS). You deploy Azure Defender and enable auto-provisioning. You need to monitor the virtual machines by using Azure Defender.
Solution: You enable Azure Arc and onboard the virtual machines to Azure Arc.
Does this meet the goal?

A. Yes
B. No

Answer

B. No

Reference

Question 94

Question

You are configuring Azure Sentinel. You need to create an incident in Azure Sentinel when a sign-in to an Azure virtual machine from a malicious IP address is detected.
Solution: You create a livestream from a query.
Does this meet the goal?

A. Yes
B. No

Answer

B. No

Reference

Question 95

Question

Your company has a single office in Istanbul and a Microsoft 365 subscription. The company plans to use conditional access policies to enforce multi-factor authentication (MFA). You need to enforce MFA for all users who work remotely. What should you include in the solution?

A. a fraud alert
B. a user risk policy
C. a named location
D. a sign-in user policy

Answer

C. a named location

Reference

Question 96

Question

You are configuring Microsoft Cloud App Security. You have a custom threat detection policy based on the IP address ranges of your company’s United States-based offices. You receive many alerts related to impossible travel and sign-ins from risky IP addresses. You determine that 99% of the alerts are legitimate sign-ins from your corporate offices. You need to prevent alerts for legitimate sign-ins from known locations. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Configure automatic data enrichment.
B. Add the IP addresses to the corporate address range category.
C. Increase the sensitivity level of the impossible travel anomaly detection policy.
D. Add the IP addresses to the other address range category and add a tag.
E. Create an activity policy that has an exclusion for the IP addresses.

Answer

A. Configure automatic data enrichment.
D. Add the IP addresses to the other address range category and add a tag.

Question 97

Question

You have a Microsoft 365 tenant that uses Microsoft Exchange Online and Microsoft Defender for Office 365. What should you use to identify whether zero-hour auto purge (ZAP) moved an email message from the mailbox of a user?

A. the Threat Protection Status report in Microsoft Defender for Office 365
B. the mailbox audit log in Exchange
C. the Safe Attachments file types report in Microsoft Defender for Office 365
D. the mail flow report in Exchange

Answer

A. the Threat Protection Status report in Microsoft Defender for Office 365

Explanation

To determine if ZAP moved your message, you can use either the Threat Protection Status report or Threat Explorer (and real-time detections).

Reference

Question 98

Question

You have a Microsoft 365 subscription that contains 1,000 Windows 10 devices. The devices have Microsoft Office 365 installed. You need to mitigate the following device threats:

  • Microsoft Excel macros that download scripts from untrusted websites.
  • Users that open executable attachments in Microsoft Outlook.
  • Outlook rules and forms exploits.

What should you use?

A. Microsoft Defender Antivirus
B. attack surface reduction rules in Microsoft Defender for Endpoint
C. Windows Defender Firewall
D. adaptive application control in Azure Defender

Answer

B. attack surface reduction rules in Microsoft Defender for Endpoint

Reference

Question 99

Question

You have a third-party security information and event management (SIEM) solution. You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD) sign-events in near real time. What should you do to route events to the SIEM solution?

A. Create an Azure Sentinel workspace that has a Security Events connector.
B. Configure the Diagnostics settings in Azure AD to stream to an event hub.
C. Create an Azure Sentinel workspace that has an Azure Active Directory connector.
D. Configure the Diagnostics settings in Azure AD to archive to a storage account.

Answer

B. Configure the Diagnostics settings in Azure AD to stream to an event hub.

Reference

Question 100

Question

You create an Azure subscription. You enable Azure Defender for the subscription. You need to use Azure Defender to protect on-premises computers. What should you do on the on-premises computers?

A. Install the Log Analytics agent.
B. Install the Dependency agent.
C. Configure the Hybrid Runbook Worker role.
D. Install the Connected Machine agent.

Answer

A. Install the Log Analytics agent.

Explanation

Security Center collects data from your Azure virtual machines (VMs), virtual machine scale sets, IaaS containers, and non-Azure (including on-premises) machines to monitor for security vulnerabilities and threats.
Data is collected using:

  • The Log Analytics agent, which reads various security-related configurations and event logs from the machine and copies the data to your workspace for analysis. Examples of such data are: operating system type and version, operating system logs (Windows event logs), running processes, machine name, IP addresses, and logged in user.
  • Security extensions, such as the Azure Policy Add-on for Kubernetes, which can also provide data to Security Center regarding specialized resource types.

Reference

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker