The latest Microsoft Security Operations Analyst SC-200 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft Security Operations Analyst SC-200 exam and earn Microsoft Security Operations Analyst SC-200 certification.
Table of Contents
- Question 21
- Question
- Answer
- Reference
- Question 22
- Question
- Answer
- Question 23
- Question
- Answer
- Reference
- Question 24
- Question
- Answer
- Reference
- Question 25
- Question
- Answer
- Reference
- Question 26
- Question
- Answer
- Reference
- Question 27
- Question
- Answer
- Reference
- Question 28
- Question
- Answer
- Reference
- Question 29
- Question
- Answer
- Reference
- Question 30
- Question
- Answer
- Reference
Question 21
Question
You need to configure Microsoft Cloud App Security to generate alerts and trigger remediation actions in response to external sharing of confidential files.
Which two actions should you perform in the Cloud App Security portal? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. From Settings, select Information Protection, select Azure Information Protection, and then select Only scan files for Azure Information Protection classification labels and content inspection warnings from this tenant.
B. Select Investigate files, and then filter App to Office 365.
C. Select Investigate files, and then select New policy from search.
D. From Settings, select Information Protection, select Azure Information Protection, and then select Automatically scan new files for Azure Information Protection classification labels and content inspection warnings.
E. From Settings, select Information Protection, select Files, and then enable file monitoring.
F. Select Investigate files, and then filter File Type to Document.
Answer
D. From Settings, select Information Protection, select Azure Information Protection, and then select Automatically scan new files for Azure Information Protection classification labels and content inspection warnings.
E. From Settings, select Information Protection, select Files, and then enable file monitoring.
Reference
- Microsoft Docs > Tutorial: Discover and protect sensitive information in your organization
- Microsoft Docs > Microsoft Information Protection integration
Question 22
Question
Drag and Drop Question
You are investigating an incident by using Microsoft 365 Defender.
You need to create an advanced hunting query to detect failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer
Question 23
Question
Drag and Drop Question
You open the Cloud App Security portal as shown in the following exhibit.
You need to remediate the risk for the Launchpad app.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Actions:
- Tag the app as Unsanctioned.
- Run the script on the source appliance.
- Run the script in Azure Cloud Shell.
- Select the app.
- Tag the app as Sanctioned.
- Generate a block script.
Answer
- Select the app.
- Tag the app as Unsanctioned.
- Generate a block script.
- Run the script on the source appliance.
Reference
- Microsoft Docs > Govern discovered apps
Question 24
Question
Hotspot Question
You have a Microsoft 365 E5 subscription.
You plan to perform cross-domain investigations by using Microsoft 365 Defender.
You need to create an advanced hunting query to identify devices affected by a malicious email attachment.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer
Reference
- Microsoft Docs > Microsoft 365 Defender > Investigate and respond to threats > Search for threats with advanced hunting > Learn, train, & get examples > Hunt for threats across devices, emails, apps, and identities
Question 25
Question
Hotspot Question
You manage the security posture of an Azure subscription that contains two virtual machines name vm1 and vm2.
The secure score in Azure Security Center is shown in the Security Center exhibit. (Click the Security Center tab.)
Azure Policy assignments are configured as shown in the Policies exhibit. (Click the Policies tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
- Both virtual machines have inbound rules that allow access from either Any or Internet ranges.
- Both virtual machines have management ports exposed directly to the Internet.
- If you enable just-in-time network access controls on all virtual machines, you will increase the secure score by four point.
Answer
- hines have inbound rules that allow access from either Any or Internet ranges.: Yes
- Both virtual machines have management ports exposed directly to the Internet.: No
- If you enable just-in-time network access controls on all virtual machines, you will increase the secure score by four points.: Yes
Reference
- Microsoft Blog > Security, Compliance, and Identity > Microsoft Defender for Cloud Blog > Security Control: Restrict Unauthorized Network Access
- Microsoft Blog > Security, Compliance, and Identity > Microsoft Defender for Cloud Blog > Security Control: Secure Management Ports
Question 26
Question
Drag and Drop Question
You are informed of a new common vulnerabilities and exposures (CVE) vulnerability that affects your environment.
You need to use Microsoft Defender Security Center to request remediation from the team responsible for the affected systems if there is a documented active exploit available.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Actions:
- From Device Inventory, search for the CVE.
- Open the Threat Prediction report.
- From Threat & Vulnerability Management, select Weaknesses, and search for the CVE.
- From Advanced hunting, search for CveId in the DeviceTvmSoftwareInventoryVulnerabilities table.
- Create the remediation request.
- Select Security recommendations.
Answer
- From Threat & Vulnerability Management, select Weaknesses, and search for the CVE.
- Select Security recommendations.
- Create the remediation request.
Reference
- Microsoft Blog > Core Infrastructure and Security Blog > Microsoft Defender ATP: Remediate Apps Using MEM
Question 27
Question
Hotspot Question
You have an Azure subscription that has Azure Defender enabled for all supported resource types.
You create an Azure logic app named LA1.
You plan to use LA1 to automatically remediate security risks detected in Azure Security Center.
You need to test LA1 in Security Center.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Set the LA1 trigger to:
- When an Azure Security Center Recommendation is created or triggered.
- When an Azure Security Center Alert is created or triggered.
- When a response to Azure Security Center alert is triggered.
Trigger the execution of LA1 from:
- Recommendations
- Workflow automation
Answer
Set the LA1 trigger to: When an Azure Security Center Recommendation is created or triggered.
Trigger the execution of LA1 from: Workflow automation
Reference
- Microsoft Docs > Azure > Security > Microsoft Defender for Cloud > Create a logic app and define when it should automatically run
Question 28
Question
Drag and Drop Question
You create a new Azure subscription and start collecting logs for Azure Monitor.
You need to configure Azure Security Center to detect possible threats related to sign-ins from suspicious IP addresses to Azure virtual machines. The solution must validate the configuration.
Which three actions should you perform in a sequence? To answer, move the appropriate actions from the list of action to the answer area and arrange them in the correct order.
Actions:
- Change the alert severity threshold for emails to Medium.
- Copy an executable file on a virtual machine and rename the file as ASC_AlertTest_662jfi039N.exe.
- Enable Azure Defender for the subscription.
- Change the alert severity threshold for emails to Low.
- Run the executable file and specify the appropriate arguments.
- Rename the executable file as AlertTest.exe
Answer
- Enable Azure Defender for the subscription.
- Copy an executable file on a virtual machine and rename the file as ASC_AlertTest_662jfi039N.exe.
- Run the executable file and specify the appropriate arguments.
Reference
- Microsoft Docs > Azure > Security > Microsoft Defender for Cloud > Alert validation in Microsoft Defender for Cloud
Question 29
Question
Drag and Drop Question
You have resources in Azure and Google cloud.
You need to ingest Google Cloud Platform (GCP) data into Azure Defender.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
Actions:
- Enable Security Health Analytics.
- From Azure Security Center, add cloud connectors.
- Configure the GCP Security Command Center.
- Create a dedicated service account and a private key.
- Enable the GCP Security Command Center API.
Answer
- Configure the GCP Security Command Center.
- Enable Security Health Analytics.
- Enable the GCP Security Command Center API.
- Create a dedicated service account and a private key.
- From Azure Security Center, add cloud connectors.
Reference
- Microsoft Docs > Azure > Security > Microsoft Defender for Cloud > Connect your GCP projects to Microsoft Defender for Cloud
Question 30
Question
Drag and Drop Question
You plan to connect an external solution that will send Common Event Format (CEF) messages to Azure Sentinel.
You need to deploy the log forwarder.
Which three actions should you perform in sequence? To answer, move the appropriate actions form the list of actions to the answer area and arrange them in the correct order.
Actions:
- Deploy an OMS Gateway on the network.
- Set the syslog daemon to forward the events directly to Azure Sentinel.
- Configure the syslog daemon. Restart the syslog daemon and the Log Analytics agent.
- Download and install the Log Analytics agent.
- Set the Log Analytics agent to listen on port 25226 and forward the CEF messages to Azure Sentinel.
Answer
- Download and install the Log Analytics agent.
- Set the Log Analytics agent to listen on port 25226 and forward the CEF messages to Azure Sentinel.
- Configure the syslog daemon. Restart the syslog daemon and the Log Analytics agent.
Reference
- Microsoft Docs > Azure > Security > Microsoft Sentinel > Deploy a log forwarder to ingest Syslog and CEF logs to Microsoft Sentinel