The latest Microsoft Security Operations Analyst SC-200 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft Security Operations Analyst SC-200 exam and earn Microsoft Security Operations Analyst SC-200 certification.
Table of Contents
- Question 101
- Question
- Answer
- Reference
- Question 102
- Question
- Answer
- Reference
- Question 103
- Question
- Answer
- Explanation
- Reference
- Question 104
- Question
- Answer
- Explanation
- Reference
- Question 105
- Question
- Answer
- Question 106
- Question
- Answer
- Reference
- Question 107
- Question
- Answer
- Question 108
- Question
- Answer
- Explanation
- Reference
- Question 109
- Question
- Answer
- Question 110
- Question
- Answer
Question 101
Question
A security administrator receives email alerts from Azure Defender for activities such as potential malware uploaded to a storage account and potential successful brute force attacks. The security administrator does NOT receive email alerts for activities such as antimalware action failed and suspicious network activity. The alerts appear in Azure Security Center. You need to ensure that the security administrator receives email alerts for all the activities. What should you configure in the Security Center settings?
A. the severity level of email notifications
B. a cloud connector
C. the Azure Defender plans
D. the integration settings for Threat detection
Answer
A. the severity level of email notifications
Reference
- Microsoft Blog > Get email notifications on new incidents from Microsoft 365 Defender
Question 102
Question
You have an Azure subscription that contains a virtual machine named VM1 and uses Azure Defender. Azure Defender has automatic provisioning enabled. You need to create a custom alert suppression rule that will supress false positive alerts for suspicious use of PowerShell on VM1. What should you do first?
A. From Azure Security Center, add a workflow automation.
B. On VM1, run the Get-MPThreatCatalog cmdlet.
C. On VM1 trigger a PowerShell alert.
D. From Azure Security Center, export the alerts to a Log Analytics workspace.
Answer
C. On VM1 trigger a PowerShell alert.
Reference
- Microsoft 365 > Microsoft Defender for Endpoint > Investigate and respond to threats > Endpoint detection and response > Alerts queue > Manage alerts > Manage Microsoft Defender for Endpoint alerts
Question 103
Question
You use Azure Sentinel. You need to use a built-in role to provide a security analyst with the ability to edit the queries of custom Azure Sentinel workbooks. The solution must use the principle of least privilege. Which role should you assign to the analyst?
A. Azure Sentinel Contributor
B. Security Administrator
C. Azure Sentinel Responder
D. Logic App Contributor
Answer
A. Azure Sentinel Contributor
Explanation
Azure Sentinel Contributor can create and edit workbooks, analytics rules, and other Azure Sentinel resources.
Reference
- Microsoft Docs > Azure > Security > Microsoft Sentinel > Permissions in Microsoft Sentinel
Question 104
Question
You create a hunting query in Azure Sentinel. You need to receive a notification in the Azure portal as soon as the hunting query detects a match on the query. The solution must minimize effort. What should you use?
A. a playbook
B. a notebook
C. a livestream
D. a bookmark
Answer
C. a livestream
Explanation
Use livestream to run a specific query constantly, presenting results as they come in.
Reference
- Microsoft Docs > Azure > Security > Microsoft Sentinel > Hunt for threats with Microsoft Sentinel
Question 105
Question
HotSpot
You need to create a query for a workbook. The query must meet the following requirements:
- List all incidents by incident number.
- Only include the most recent log for each incident.
How should you complete the query? (To answer, select the appropriate options in the answer area.)
Answer
Question 106
Question
You have an Azure subscription. You need to delegate permissions to meet the following requirements:
- Enable and disable Azure Defender.
- Apply security recommendations to resource.
The solution must use the principle of least privilege. Which Azure Security Center role should you use for each requirement? (To answer, drag the appropriate roles to the correct requirements. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Roles:
- Security Admin
- Resource Group Owner
- Subscription Contributor
- Subscription Owner
Enable and disable Azure Defender: [Role]
Apply security recommendations to a resource: [Role]
Answer
Enable and disable Azure Defender: Security Admin
Apply security recommendations to a resource: Subscription Contributor
Reference
- Microsoft Docs > Azure > Security > Microsoft Defender for Cloud > Permissions in Microsoft Defender for Cloud
Question 107
Question
You need to complete the query for failed sign-ins to meet the technical requirements.
Where can you find the column name to complete the where clause?
A. Security alerts in Azure Security Center
B. Activity log in Azure
C. Azure Advisor
D. the query windows of the Log Analytics workspace
Answer
D. the query windows of the Log Analytics workspace
Question 108
Question
You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for Endpoint requirements.
Which two configurations should you modify? Each correct answer present part of the solution. NOTE: Each correct selection is worth one point.
A. the Onboarding settings from Device management in Microsoft Defender Security Center
B. Cloud App Security anomaly detection policies
C. Advanced features from Settings in Microsoft Defender Security Center
D. the Cloud Discovery settings in Cloud App Security
Answer
C. Advanced features from Settings in Microsoft Defender Security Center
D. the Cloud Discovery settings in Cloud App Security
Explanation
All Cloud App Security unsanctioned apps must be blocked on the Windows 10 computers by using Microsoft Defender for Endpoint.
Reference
- Microsoft Docs > Govern discovered apps using Microsoft Defender for Endpoint
Question 109
Question
HOTSPOT
You deploy Azure Sentinel.
You need to implement connectors in Azure Sentinel to monitor Microsoft Teams and Linux virtual machines in Azure. The solution must minimize administrative effort.
Which data connector type should you use for each workload? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Microsoft Teams:
- Custom
- Office 365
- Security Events
- Syslog
Linux virtual machines in Azure:
- Custom
- Office 365
- Security Events
- Syslog
Answer
Microsoft Teams: Office 365
Linux virtual machines in Azure: Syslog
Question 110
Question
HOTSPOT
You have an Azure Storage account that will be accessed by multiple Azure Function apps during the development of an application.
You need to hide Azure Defender alerts for the storage account.
Which entity type and field should you use in a suppression rule? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Entity type:
- iP address
- Azure Resource
- Host
- User account
Field:
- Name
- Resource Id
- Address
- Command line
Answer
Entity type: Azure Resource
Field: Resource Id