Skip to Content

Microsoft Security Operations Analyst SC-200 Exam Questions and Answers – 2

The latest Microsoft Security Operations Analyst SC-200 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft Security Operations Analyst SC-200 exam and earn Microsoft Security Operations Analyst SC-200 certification.

Microsoft Security Operations Analyst SC-200 Exam Questions and Answers

Question 101

Question

A security administrator receives email alerts from Azure Defender for activities such as potential malware uploaded to a storage account and potential successful brute force attacks. The security administrator does NOT receive email alerts for activities such as antimalware action failed and suspicious network activity. The alerts appear in Azure Security Center. You need to ensure that the security administrator receives email alerts for all the activities. What should you configure in the Security Center settings?

A. the severity level of email notifications
B. a cloud connector
C. the Azure Defender plans
D. the integration settings for Threat detection

Answer

A. the severity level of email notifications

Reference

Question 102

Question

You have an Azure subscription that contains a virtual machine named VM1 and uses Azure Defender. Azure Defender has automatic provisioning enabled. You need to create a custom alert suppression rule that will supress false positive alerts for suspicious use of PowerShell on VM1. What should you do first?

A. From Azure Security Center, add a workflow automation.
B. On VM1, run the Get-MPThreatCatalog cmdlet.
C. On VM1 trigger a PowerShell alert.
D. From Azure Security Center, export the alerts to a Log Analytics workspace.

Answer

C. On VM1 trigger a PowerShell alert.

Reference

Question 103

Question

You use Azure Sentinel. You need to use a built-in role to provide a security analyst with the ability to edit the queries of custom Azure Sentinel workbooks. The solution must use the principle of least privilege. Which role should you assign to the analyst?

A. Azure Sentinel Contributor
B. Security Administrator
C. Azure Sentinel Responder
D. Logic App Contributor

Answer

A. Azure Sentinel Contributor

Explanation

Azure Sentinel Contributor can create and edit workbooks, analytics rules, and other Azure Sentinel resources.

Reference

Question 104

Question

You create a hunting query in Azure Sentinel. You need to receive a notification in the Azure portal as soon as the hunting query detects a match on the query. The solution must minimize effort. What should you use?

A. a playbook
B. a notebook
C. a livestream
D. a bookmark

Answer

C. a livestream

Explanation

Use livestream to run a specific query constantly, presenting results as they come in.

Reference

Question 105

Question

HotSpot
You need to create a query for a workbook. The query must meet the following requirements:

  • List all incidents by incident number.
  • Only include the most recent log for each incident.

How should you complete the query? (To answer, select the appropriate options in the answer area.)

You need to create a query for a workbook. The query must meet the following requirements

Answer

Answer for You need to create a query for a workbook. The query must meet the following requirements

Question 106

Question

You have an Azure subscription. You need to delegate permissions to meet the following requirements:

  • Enable and disable Azure Defender.
  • Apply security recommendations to resource.

The solution must use the principle of least privilege. Which Azure Security Center role should you use for each requirement? (To answer, drag the appropriate roles to the correct requirements. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)

Roles:

  • Security Admin
  • Resource Group Owner
  • Subscription Contributor
  • Subscription Owner

Enable and disable Azure Defender: [Role]

Apply security recommendations to a resource: [Role]

Answer

Enable and disable Azure Defender: Security Admin

Apply security recommendations to a resource: Subscription Contributor

Reference

Question 107

Question

You need to complete the query for failed sign-ins to meet the technical requirements.
Where can you find the column name to complete the where clause?

A. Security alerts in Azure Security Center
B. Activity log in Azure
C. Azure Advisor
D. the query windows of the Log Analytics workspace

Answer

D. the query windows of the Log Analytics workspace

Question 108

Question

You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for Endpoint requirements.
Which two configurations should you modify? Each correct answer present part of the solution. NOTE: Each correct selection is worth one point.

A. the Onboarding settings from Device management in Microsoft Defender Security Center
B. Cloud App Security anomaly detection policies
C. Advanced features from Settings in Microsoft Defender Security Center
D. the Cloud Discovery settings in Cloud App Security

Answer

C. Advanced features from Settings in Microsoft Defender Security Center
D. the Cloud Discovery settings in Cloud App Security

Explanation

All Cloud App Security unsanctioned apps must be blocked on the Windows 10 computers by using Microsoft Defender for Endpoint.

Reference

Question 109

Question

HOTSPOT

You deploy Azure Sentinel.

You need to implement connectors in Azure Sentinel to monitor Microsoft Teams and Linux virtual machines in Azure. The solution must minimize administrative effort.

Which data connector type should you use for each workload? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Microsoft Teams:

  • Custom
  • Office 365
  • Security Events
  • Syslog

Linux virtual machines in Azure:

  • Custom
  • Office 365
  • Security Events
  • Syslog

Answer

Microsoft Teams: Office 365

Linux virtual machines in Azure: Syslog

Question 110

Question

HOTSPOT

You have an Azure Storage account that will be accessed by multiple Azure Function apps during the development of an application.

You need to hide Azure Defender alerts for the storage account.

Which entity type and field should you use in a suppression rule? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Entity type:

  • iP address
  • Azure Resource
  • Host
  • User account

Field:

  • Name
  • Resource Id
  • Address
  • Command line

Answer

Entity type: Azure Resource

Field: Resource Id

Tags

Tags

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.