Happy Independence Day 2022! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: USA2022
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Menu

Microsoft SC-200 Exam

Certification Provider: Microsoft
Exam Name: Microsoft Security Operations Analyst
Number of questions in our database: 122
Exam Version: Aug. 09, 2022
SC-200 Exam Official Topics:
  • Topic 1: Mitigate threats using Azure Defender/ Identify and remediate security risks using Secure Score
  • Topic 2: Identify and remediate security risks related to Conditional Access events/ manage data retention, alert notification, and advanced features
  • Topic 3: Identify and remediate security risks related to Azure Active Directory/ Remediate incidents by using Azure Defender recommendations
  • Topic 4: Identify and remediate security risks related to sign-in risk policies/ Identify data sources to be ingested for Azure Sentinel
  • Topic 5: Detect, investigate, respond, and remediate identity threats/ Configure and manage custom detections and alerts
  • Topic 6: Manage user data discovered during an investigation/ Assess and recommend insider risk policies
  • Topic 7: Investigate Azure Defender alerts and incidents/ Configure device attack surface reduction rules
  • Topic 8: Design and Configure Windows Events collections/ Manage data loss prevention policy alerts
  • Topic 9: Design and configure an Azure Defender implementation/ Configure automated responses in Azure Security Center
  • Topic 10: Identify, investigate, and remediate security risks related to privileged identities/ Design and configure playbook in Azure Defender
  • Topic 11: Identify the prerequisites for a data connector/ Configure detection alerts in Azure AD Identity Protection

Free Microsoft SC-200 Exam Actual Questions

The questions for SC-200 were last updated On Aug. 09, 2022

Question #1

You have a Microsoft Sentinel workspace that contains the following incident.

Brute force attack against Azure Portal analytics rule has been triggered.

You need to identify the geolocation information that corresponds to the incident.

What should you do?

Reveal Solution Hide Solution
Correct Answer: A

Potential malicious events: When traffic is detected from sources that are known to be malicious, Microsoft Sentinel alerts you on the map. If you see orange, it is inbound traffic: someone is trying to access your organization from a known malicious IP address. If you see Outbound (red) activity, it means that data from your network is being streamed out of your organization to a known malicious IP address.


Question #2

You have two Azure subscriptions that use Microsoft Defender for Cloud.

You need to ensure that specific Defender for Cloud security alerts are suppressed at the root management group level. The solution must minimize administrative effort.

What should you do in the Azure portal?

Reveal Solution Hide Solution
Correct Answer: D

You can use alerts suppression rules to suppress false positives or other unwanted security alerts from Defender for Cloud.

Note: To create a rule directly in the Azure portal:

1. From Defender for Cloud's security alerts page:

Select the specific alert you don't want to see anymore, and from the details pane, select Take action.

Or, select the suppression rules link at the top of the page, and from the suppression rules page select Create new suppression rule:

2. In the new suppression rule pane, enter the details of your new rule.

Your rule can dismiss the alert on all resources so you don't get any alerts like this one in the future.

Your rule can dismiss the alert on specific criteria - when it relates to a specific IP address, process name, user account, Azure resource, or location.

3. Enter details of the rule.

4. Save the rule.


Question #3

Your company stores the data for every project in a different Azure subscription. All the subscriptions use the same Azure Active Directory (Azure AD) tenant.

Every project consists of multiple Azure virtual machines that run Windows Server. The Windows events of the virtual machines are stored in a Log Analytics workspace in each machine's respective subscription.

You deploy Azure Sentinel to a new Azure subscription.

You need to perform hunting queries in Azure Sentinel to search across all the Log Analytics workspaces of all the subscriptions.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution
Correct Answer: B, E

https://docs.microsoft.com/en-us/azure/sentinel/extend-sentinel-across-workspaces-tenants

Question #4

You have an Azure Sentinel workspace.

You need to test a playbook manually in the Azure portal. From where can you run the test in Azure Sentinel?

Reveal Solution Hide Solution
Correct Answer: D

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook#run-a-playbook-on-demand

Question #5

You have a custom analytics rule to detect threats in Azure Sentinel.

You discover that the analytics rule stopped running. The rule was disabled, and the rule name has a prefix of AUTO DISABLED.

What is a possible cause of the issue?

Reveal Solution Hide Solution
Correct Answer: D

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-custom

Explore Other Microsoft Exams

Unlock all SC-200 Exam Questions with Advanced Practice Test Features:
  • Select Question Types you want
  • Set your Desired Pass Percentage
  • Allocate Time (Hours : Minutes)
  • Create Multiple Practice tests with Limited Questions
  • Customer Support
Get Full Access Now
Disscuss Microsoft SC-200 Topics, Questions or Ask Anything Related

Submit Cancel

Save Cancel