Skip to Content

Microsoft Security Operations Analyst SC-200 Exam Questions and Answers – 1

The latest Microsoft Security Operations Analyst SC-200 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft Security Operations Analyst SC-200 exam and earn Microsoft Security Operations Analyst SC-200 certification.

Microsoft Security Operations Analyst SC-200 Exam Questions and Answers

Question 21

Question

You need to configure Microsoft Cloud App Security to generate alerts and trigger remediation actions in response to external sharing of confidential files.
Which two actions should you perform in the Cloud App Security portal? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. From Settings, select Information Protection, select Azure Information Protection, and then select Only scan files for Azure Information Protection classification labels and content inspection warnings from this tenant.
B. Select Investigate files, and then filter App to Office 365.
C. Select Investigate files, and then select New policy from search.
D. From Settings, select Information Protection, select Azure Information Protection, and then select Automatically scan new files for Azure Information Protection classification labels and content inspection warnings.
E. From Settings, select Information Protection, select Files, and then enable file monitoring.
F. Select Investigate files, and then filter File Type to Document.

Answer

D. From Settings, select Information Protection, select Azure Information Protection, and then select Automatically scan new files for Azure Information Protection classification labels and content inspection warnings.
E. From Settings, select Information Protection, select Files, and then enable file monitoring.

Reference

Question 22

Question

Drag and Drop Question
You are investigating an incident by using Microsoft 365 Defender.
You need to create an advanced hunting query to detect failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You need to create an advanced hunting query to detect failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop.

Answer

Answer for You need to create an advanced hunting query to detect failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop.

Question 23

Question

Drag and Drop Question
You open the Cloud App Security portal as shown in the following exhibit.

You open the Cloud App Security portal as shown in the following exhibit.

You need to remediate the risk for the Launchpad app.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Actions:

  • Tag the app as Unsanctioned.
  • Run the script on the source appliance.
  • Run the script in Azure Cloud Shell.
  • Select the app.
  • Tag the app as Sanctioned.
  • Generate a block script.

Answer

  1. Select the app.
  2. Tag the app as Unsanctioned.
  3. Generate a block script.
  4. Run the script on the source appliance.

Reference

Question 24

Question

Hotspot Question
You have a Microsoft 365 E5 subscription.
You plan to perform cross-domain investigations by using Microsoft 365 Defender.
You need to create an advanced hunting query to identify devices affected by a malicious email attachment.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You need to create an advanced hunting query to identify devices affected by a malicious email attachment.

Answer

Answer for You need to create an advanced hunting query to identify devices affected by a malicious email attachment.

Reference

Question 25

Question

Hotspot Question
You manage the security posture of an Azure subscription that contains two virtual machines name vm1 and vm2.
The secure score in Azure Security Center is shown in the Security Center exhibit. (Click the Security Center tab.)

The secure score in Azure Security Center is shown in the Security Center exhibit. (Click the Security Center tab.)

Azure Policy assignments are configured as shown in the Policies exhibit. (Click the Policies tab.)

Azure Policy assignments are configured as shown in the Policies exhibit. (Click the Policies tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • Both virtual machines have inbound rules that allow access from either Any or Internet ranges.
  • Both virtual machines have management ports exposed directly to the Internet.
  • If you enable just-in-time network access controls on all virtual machines, you will increase the secure score by four point.

Answer

  • hines have inbound rules that allow access from either Any or Internet ranges.: Yes
  • Both virtual machines have management ports exposed directly to the Internet.: No
  • If you enable just-in-time network access controls on all virtual machines, you will increase the secure score by four points.: Yes

Reference

Question 26

Question

Drag and Drop Question
You are informed of a new common vulnerabilities and exposures (CVE) vulnerability that affects your environment.
You need to use Microsoft Defender Security Center to request remediation from the team responsible for the affected systems if there is a documented active exploit available.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Actions:

  • From Device Inventory, search for the CVE.
  • Open the Threat Prediction report.
  • From Threat & Vulnerability Management, select Weaknesses, and search for the CVE.
  • From Advanced hunting, search for CveId in the DeviceTvmSoftwareInventoryVulnerabilities table.
  • Create the remediation request.
  • Select Security recommendations.

Answer

  1. From Threat & Vulnerability Management, select Weaknesses, and search for the CVE.
  2. Select Security recommendations.
  3. Create the remediation request.

Reference

Question 27

Question

Hotspot Question
You have an Azure subscription that has Azure Defender enabled for all supported resource types.
You create an Azure logic app named LA1.
You plan to use LA1 to automatically remediate security risks detected in Azure Security Center.
You need to test LA1 in Security Center.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Set the LA1 trigger to:

  • When an Azure Security Center Recommendation is created or triggered.
  • When an Azure Security Center Alert is created or triggered.
  • When a response to Azure Security Center alert is triggered.

Trigger the execution of LA1 from:

  • Recommendations
  • Workflow automation

Answer

Set the LA1 trigger to: When an Azure Security Center Recommendation is created or triggered.

Trigger the execution of LA1 from: Workflow automation

Reference

Question 28

Question

Drag and Drop Question
You create a new Azure subscription and start collecting logs for Azure Monitor.
You need to configure Azure Security Center to detect possible threats related to sign-ins from suspicious IP addresses to Azure virtual machines. The solution must validate the configuration.
Which three actions should you perform in a sequence? To answer, move the appropriate actions from the list of action to the answer area and arrange them in the correct order.

Actions:

  • Change the alert severity threshold for emails to Medium.
  • Copy an executable file on a virtual machine and rename the file as ASC_AlertTest_662jfi039N.exe.
  • Enable Azure Defender for the subscription.
  • Change the alert severity threshold for emails to Low.
  • Run the executable file and specify the appropriate arguments.
  • Rename the executable file as AlertTest.exe

Answer

  1. Enable Azure Defender for the subscription.
  2. Copy an executable file on a virtual machine and rename the file as ASC_AlertTest_662jfi039N.exe.
  3. Run the executable file and specify the appropriate arguments.

Reference

Question 29

Question

Drag and Drop Question
You have resources in Azure and Google cloud.
You need to ingest Google Cloud Platform (GCP) data into Azure Defender.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.

Actions:

  • Enable Security Health Analytics.
  • From Azure Security Center, add cloud connectors.
  • Configure the GCP Security Command Center.
  • Create a dedicated service account and a private key.
  • Enable the GCP Security Command Center API.

Answer

  1. Configure the GCP Security Command Center.
  2. Enable Security Health Analytics.
  3. Enable the GCP Security Command Center API.
  4. Create a dedicated service account and a private key.
  5. From Azure Security Center, add cloud connectors.

Reference

Question 30

Question

Drag and Drop Question
You plan to connect an external solution that will send Common Event Format (CEF) messages to Azure Sentinel.
You need to deploy the log forwarder.
Which three actions should you perform in sequence? To answer, move the appropriate actions form the list of actions to the answer area and arrange them in the correct order.

Actions:

  • Deploy an OMS Gateway on the network.
  • Set the syslog daemon to forward the events directly to Azure Sentinel.
  • Configure the syslog daemon. Restart the syslog daemon and the Log Analytics agent.
  • Download and install the Log Analytics agent.
  • Set the Log Analytics agent to listen on port 25226 and forward the CEF messages to Azure Sentinel.

Answer

  1. Download and install the Log Analytics agent.
  2. Set the Log Analytics agent to listen on port 25226 and forward the CEF messages to Azure Sentinel.
  3. Configure the syslog daemon. Restart the syslog daemon and the Log Analytics agent.

Reference

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker