The latest Microsoft Security Operations Analyst SC-200 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft Security Operations Analyst SC-200 exam and earn Microsoft Security Operations Analyst SC-200 certification.
Table of Contents
- Question 81
- Question
- Answer
- Reference
- Question 82
- Question
- Answer
- Reference
- Question 83
- Question
- Answer
- Explanation
- Reference
- Question 84
- Question
- Answer
- Reference
- Question 85
- Question
- Answer
- Reference
- Question 86
- Question
- Answer
- Reference
- Question 87
- Question
- Answer
- Explanation
- Question 88
- Question
- Answer
- Reference
- Question 89
- Question
- Answer
- Reference
- Question 90
- Question
- Answer
- Reference
Question 81
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring Microsoft Defender for Identity integration with Active Directory.
From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.
Solution: From Azure Identity Protection, you configure the sign-in risk policy.
Does this meet the goal?
A. Yes
B. No
Answer
B. No
Reference
- Microsoft Docs > How-to guides > Manage sensitive or honeytoken accounts
Question 82
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring Microsoft Defender for Identity integration with Active Directory.
From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.
Solution: You add the accounts to an Active Directory group and add the group as a Sensitive group.
Does this meet the goal?
A. Yes
B. No
Answer
B. No
Reference
- Microsoft Docs > How-to guides > Manage sensitive or honeytoken accounts
Question 83
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center.
You receive a security alert in Security Center.
You need to view recommendations to resolve the alert in Security Center.
Solution: From Security alerts, you select the alert, select Take Action, and then expand the Prevent future attacks section.
Does this meet the goal?
A. Yes
B. No
Answer
B. No
Explanation
You need to resolve the existing alert, not prevent future alerts. Therefore, you need to select the ‘Mitigate the threat’ option.
Reference
- Microsoft Docs > Azure > Security > Microsoft Defender for Cloud > Manage and respond to security alerts in Microsoft Defender for Cloud
Question 84
Question
You have a suppression rule in Azure Security Center for 10 virtual machines that are used for testing. The virtual machines run Windows Server.
You are troubleshooting an issue on the virtual machines.
In Security Center, you need to view the alerts generated by the virtual machines during the last five days.
What should you do?
A. Change the rule expiration date of the suppression rule.
B. Change the state of the suppression rule to Disabled.
C. Modify the filter for the Security alerts page.
D. View the Windows event logs on the virtual machines.
Answer
B. Change the state of the suppression rule to Disabled.
Reference
- Microsoft Docs >Azure > Security > Microsoft Defender for Cloud > Suppress alerts from Microsoft Defender for Cloud
Question 85
Question
You are investigating an incident in Azure Sentinel that contains more than 127 alerts.
You discover eight alerts in the incident that require further investigation.
You need to escalate the alerts to another Azure Sentinel administrator.
What should you do to provide the alerts to the administrator?
A. Create a Microsoft incident creation rule
B. Share the incident URL
C. Create a scheduled query rule
D. Assign the incident
Answer
D. Assign the incident
Reference
- Microsoft Docs > Azure > Security > Microsoft Sentinel > Investigate incidents with Microsoft Sentinel
Question 86
Question
You are configuring Azure Sentinel.
You need to send a Microsoft Teams message to a channel whenever an incident representing a sign-in risk event is activated in Azure Sentinel.
Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Enable Entity behavior analytics.
B. Associate a playbook to the analytics rule that triggered the incident.
C. Enable the Fusion rule.
D. Add a playbook.
E. Create a workbook.
Answer
A. Enable Entity behavior analytics.
B. Associate a playbook to the analytics rule that triggered the incident.
Reference
- Microsoft Docs > Azure > Security > Microsoft Sentinel > Enable User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel
- Microsoft Docs > Azure > Security > Microsoft Sentinel > Automate threat response with playbooks in Microsoft Sentinel
Question 87
Question
You have the following environment:
- Azure Sentinel
- A Microsoft 365 subscription
- Microsoft Defender for Identity
- An Azure Active Directory (Azure AD) tenant
You configure Azure Sentinel to collect security logs from all the Active Directory member servers and domain controllers.
You deploy Microsoft Defender for Identity by using standalone sensors.
You need to ensure that you can detect when sensitive groups are modified in Active Directory.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Configure the Advanced Audit Policy Configuration settings for the domain controllers.
B. Modify the permissions of the Domain Controllers organizational unit (OU).
C. Configure auditing in the Microsoft 365 compliance center.
D. Configure Windows Event Forwarding on the domain controllers.
Answer
A. Configure the Advanced Audit Policy Configuration settings for the domain controllers.
D. Configure Windows Event Forwarding on the domain controllers.
Explanation
- Microsoft Docs > How-to guides > Configure the Defender for Identity sensor > Configure Windows Event collection
- Microsoft Docs > How-to guides > Defender for Identity standalone sensor setup > Configure event collection
Question 88
Question
You use Azure Security Center. You receive a security alert in Security Center. You need to view recommendations to resolve the alert in Security Center. What should you do?
A. From Security alerts, select the alert, select Take Action, and then expand the Prevent future attacks section.
B. From Security alerts, select Take Action, and then expand the Mitigate the threat section.
C. From Regulatory compliance, download the report.
D. From Recommendations, download the CSV report.
Answer
B. From Security alerts, select Take Action, and then expand the Mitigate the threat section.
Reference
- Microsoft Docs > Azure > Security > Microsoft Defender for Cloud > Manage and respond to security alerts in Microsoft Defender for Cloud
Question 89
Question
You are investigating an incident in Azure Sentinel that contains more than 127 alerts. You discover eight alerts in the incident that require further investigation. You need to escalate the alerts to another Azure Sentinel administrator. What should you do to provide the alerts to the administrator?
A. Create a Microsoft incident creation rule.
B. Share the incident URL.
C. Create a scheduled query rule.
D. Assign the incident.
Answer
D. Assign the incident.
Reference
- Microsoft Docs > Azure > Security > Microsoft Sentinel > Investigate incidents with Microsoft Sentinel
Question 90
Question
A company uses Azure Sentinel. You need to create an automated threat response. What should you use?
A. a data connector
B. a playbook
C. a workbook
D. a Microsoft incident creation rule
Answer
B. a playbook
Reference
- Microsoft Docs > Azure > Security > Microsoft Sentinel > Tutorial: Use playbooks with automation rules in Microsoft Sentinel