Summer Special Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia

SC-200 Sample Questions Answers

Questions 4

You are investigating an incident by using Microsoft 365 Defender.

You need to create an advanced hunting query to count failed sign-in authentications on three devices named CFOLaptop. CEOLaptop, and COOLaptop.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE Each correct selection is worth one point

Options:

Buy Now
Questions 5

You have an Azure subscription that uses Azure Defender.

You plan to use Azure Security Center workflow automation to respond to Azure Defender threat alerts.

You need to create an Azure policy that will perform threat remediation automatically.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 6

You have a Microsoft Sentinel playbook that is triggered by using the Azure Activity connector.

You need to create a new near-real-time (NRT) analytics rule that will use the playbook.

What should you configure for the rule?

Options:

A.

the Incident automation settings

B.

entity mapping

C.

the query rule

D.

the Alert automation settings

Buy Now
Questions 7

You have a Microsoft Sentinel workspace named Workspaces

You need to exclude a built-in. source-specific Advanced Security Information Model (ASIM) parser from a built-in unified ASIM parser.

What should you create in Workspace1?

Options:

A.

a workbook

B.

a hunting query

C.

a watchlist

D.

an analytic rule

Buy Now
Questions 8

You have a Microsoft Sentinel workspace that contains a custom workbook.

You need to query the number of daily security alerts. The solution must meet the following requirements:

• Identify alerts that occurred during the last 30 days.

• Display the results in a timechart.

How should you complete the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 9

You have an Azure subscription.

You need to delegate permissions to meet the following requirements:

• Enable and disable advanced features of Microsoft Defender for Cloud.

• Apply security recommendations to a resource.

The solution must use the principle of least privilege.

Which Microsoft Defender for Cloud role should you use for each requirement? To answer, drag the appropriate roles to the correct requirements. Each role may be used once, mote than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 10

You have an Azure Sentinel deployment in the East US Azure region.

You create a Log Analytics workspace named LogsWest in the West US Azure region.

You need to ensure that you can use scheduled analytics rules in the existing Azure Sentinel deployment to generate alerts based on queries to LogsWest.

What should you do first?

Options:

A.

Deploy Azure Data Catalog to the West US Azure region.

B.

Modify the workspace settings of the existing Azure Sentinel deployment

C.

Add Microsoft Sentinel to a workspace.

D.

Create a data connector in Azure Sentinel.

Buy Now
Questions 11

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.

You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours.

how should you complete the query? To answer, select the appropriate options in the answer area.

NOTE Each correct selection is worth one point.

Options:

Buy Now
Questions 12

You have an Azure subscription named Sub1 and an Azure DevOps organization named AzDO1. AzDO1 uses Defender for Cloud and contains a project that has a YAML pipeline named Pipeline1.

Pipeline1 outputs the details of discovered open source software vulnerabilities to Defender for Cloud.

You need to configure Pipeline1 to output the results of secret scanning to Defender for Cloud,

What should you add to Pipeline1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 13

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have Linux virtual machines on Amazon Web Services (AWS).

You deploy Azure Defender and enable auto-provisioning.

You need to monitor the virtual machines by using Azure Defender.

Solution: You enable Azure Arc and onboard the virtual machines to Azure Arc.

Does this meet the goal?

Options:

A.

Yes

B.

No

Buy Now
Questions 14

You need to implement the Azure Information Protection requirements. What should you configure first?

Options:

A.

Device health and compliance reports settings in Microsoft Defender Security Center

B.

scanner clusters in Azure Information Protection from the Azure portal

C.

content scan jobs in Azure Information Protection from the Azure portal

D.

Advanced features from Settings in Microsoft Defender Security Center

Questions 15

You need to configure DC1 to meet the business requirements.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Options:

Buy Now
Questions 16

The issue for which team can be resolved by using Microsoft Defender for Endpoint?

Options:

A.

executive

B.

sales

C.

marketing

Buy Now
Questions 17

You need to recommend a solution to meet the technical requirements for the Azure virtual machines. What should you include in the recommendation?

Options:

A.

just-in-time (JIT) access

B.

Azure Defender

C.

Azure Firewall

D.

Azure Application Gateway

Buy Now
Questions 18

You need to recommend remediation actions for the Azure Defender alerts for Fabrikam.

What should you recommend for each threat? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 19

You need to implement Azure Sentinel queries for Contoso and Fabrikam to meet the technical requirements.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 20

You need to remediate active attacks to meet the technical requirements.

What should you include in the solution?

Options:

A.

Azure Automation runbooks

B.

Azure Logic Apps

C.

Azure Functions

D Azure Sentinel livestreams

Buy Now
Questions 21

You need to complete the query for failed sign-ins to meet the technical requirements.

Where can you find the column name to complete the where clause?

Options:

A.

Security alerts in Azure Security Center

B.

Activity log in Azure

C.

Azure Advisor

D.

the query windows of the Log Analytics workspace

Buy Now
Questions 22

You need to create an advanced hunting query to investigate the executive team issue.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 23

You need to ensure that the Group1 members can meet the Microsoft Sentinel requirements.

Which role should you assign to Group1?

Options:

A.

Microsoft Sentinel Automation Contributor

B.

Logic App Contributor

C.

Automation Operator

D.

Microsoft Sentinel Playbook Operator

Buy Now
Questions 24

You need to implement the Defender for Cloud requirements.

What should you configure for Server2?

Options:

A.

the Microsoft Antimalware extension

B.

an Azure resource lock

C.

an Azure resource tag

D.

the Azure Automanage machine configuration extension for Windows

Buy Now
Questions 25

The issue for which team can be resolved by using Microsoft Defender for Office 365?

Options:

A.

executive

B.

marketing

C.

security

D.

sales

Buy Now
Questions 26

You need to ensure that the processing of incidents generated by rulequery1 meets the Microsoft Sentinel requirements.

What should you create first?

Options:

A.

a playbook with an incident trigger

B.

a playbook with an entity trigger

C.

an Azure Automation rule

D.

a playbook with an alert trigger

Buy Now
Questions 27

You need to implement the scheduled rule for incident generation based on rulequery1.

What should you configure first?

Options:

A.

entity mapping

B.

custom details

C.

event grouping

D.

alert details

Buy Now
Questions 28

You need to assign role-based access control (RBAQ roles to Group1 and Group2 to meet The Microsoft Defender for Cloud requirements and the business requirements Which role should you assign to each group? To answer, select the appropriate options in the answer area NOTE Each correct selection is worth one point.

Options:

Buy Now
Questions 29

You need to monitor the password resets. The solution must meet the Microsoft Sentinel requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 30

You need to ensure that the configuration of HuntingQuery1 meets the Microsoft Sentinel requirements.

What should you do?

Options:

A.

Add HuntingQuery1 to a livestream.

B.

Create a watch list.

C.

Create an Azure Automation rule.

D.

Add HuntingQuery1 to favorites.

Buy Now
Questions 31

You need to configure event monitoring for Server1. The solution must meet the Microsoft Sentinel requirements. What should you create first?

Options:

A.

a Microsoft Sentinel automation rule

B.

a Microsoft Sentinel scheduled query rule

C.

a Data Collection Rule (DCR)

D.

an Azure Event Grid topic

Buy Now
Questions 32

You need to implement the Microsoft Sentinel NRT rule for monitoring the designated break glass account. The solution must meet the Microsoft Sentinel requirements.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 33

You need to implement the ASIM query for DNS requests. The solution must meet the Microsoft Sentinel requirements. How should you configure the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 34

You need to implement the Defender for Cloud requirements.

Which subscription-level role should you assign to Group1?

Options:

A.

Security Admin

B.

Owner

C.

Security Assessment Contributor

D.

Contributor

Buy Now
Questions 35

You need to implement the query for Workbook1 and Webapp1. The solution must meet the Microsoft Sentinel requirements. How should you configure the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 36

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Azure Sentinel.

You need to create an incident in Azure Sentinel when a sign-in to an Azure virtual machine from a malicious IP address is detected.

Solution: You create a Microsoft incident creation rule for a data connector.

Does this meet the goal?

Options:

A.

Yes

B.

No

Buy Now
Questions 37

You need to implement Microsoft Sentinel queries for Contoso and Fabrikam to meet the technical requirements.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 38

You manage the security posture of an Azure subscription that contains two virtual machines name vm1 and vm2.

The secure score in Azure Security Center is shown in the Security Center exhibit. (Click the Security Center tab.)

Azure Policy assignments are configured as shown in the Policies exhibit. (Click the Policies tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 39

You are responsible for responding to Azure Defender for Key Vault alerts.

During an investigation of an alert, you discover unauthorized attempts to access a key vault from a Tor exit node.

What should you configure to mitigate the threat?

Options:

A.

Key Vault firewalls and virtual networks

B.

Azure Active Directory (Azure AD) permissions

C.

role-based access control (RBAC) for the key vault

D.

the access policy settings of the key vault

Buy Now
Questions 40

You have the following KQL query.

Options:

Buy Now
Questions 41

You have an Azure subscription that contains a quest user named Userl and a Microsoft Sentinel workspace named workspacel.

You need to ensure that User1 can triage Microsoft Sentinel incidents in workspace1. The solution must use the principle of least privilege.

Which roles should you assign to User1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now
Questions 42

You have an Azure subscription that contains a user named User1.

User1 is assigned an Azure Active Directory Premium Plan 2 license

You need to identify whether the identity of User1 was compromised during the last 90 days.

What should you use?

Options:

A.

the risk detections report

B.

the risky users report

C.

Identity Secure Score recommendations

D.

the risky sign-ins report

Buy Now
Exam Code: SC-200
Exam Name: Microsoft Security Operations Analyst
Last Update: Sep 7, 2024
Questions: 280
$68  $169.99
$52  $129.99
$44  $109.99
buy now SC-200