Don't Miss Your Chance! Limited Time Offer | Extra 25% Off - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location Virginia, US

Microsoft SC-200 Exam

Certification Provider: Microsoft
Exam Name: Microsoft Security Operations Analyst
Number of questions in our database: 98
Exam Version: Oct. 13, 2021
SC-200 Exam Official Topics:
  • Topic 1: Mitigate threats using Azure Defender/ Identify and remediate security risks using Secure Score
  • Topic 2: Identify and remediate security risks related to Conditional Access events/ manage data retention, alert notification, and advanced features
  • Topic 3: Identify and remediate security risks related to Azure Active Directory/ Remediate incidents by using Azure Defender recommendations
  • Topic 4: Identify and remediate security risks related to sign-in risk policies/ Identify data sources to be ingested for Azure Sentinel
  • Topic 5: Detect, investigate, respond, and remediate identity threats/ Configure and manage custom detections and alerts
  • Topic 6: Manage user data discovered during an investigation/ Assess and recommend insider risk policies
  • Topic 7: Investigate Azure Defender alerts and incidents/ Configure device attack surface reduction rules
  • Topic 8: Design and Configure Windows Events collections/ Manage data loss prevention policy alerts
  • Topic 9: Design and configure an Azure Defender implementation/ Configure automated responses in Azure Security Center
  • Topic 10: Identify, investigate, and remediate security risks related to privileged identities/ Design and configure playbook in Azure Defender
  • Topic 11: Identify the prerequisites for a data connector/ Configure detection alerts in Azure AD Identity Protection

Free Microsoft SC-200 Exam Actual Questions

The questions for SC-200 were last updated On Oct. 13, 2021

Question #1

You have an Azure subscription named Sub1 and a Microsoft 365 subscription. Sub1 is linked to an Azure Active Directory (Azure AD) tenant named contoso.com.

You create an Azure Sentinel workspace named workspace1. In workspace1, you activate an Azure AD connector for contoso.com and an Office 365 connector for the Microsoft 365 subscription.

You need to use the Fusion rule to detect multi-staged attacks that include suspicious sign-ins to contoso.com followed by anomalous Microsoft Office 365 activity.

Which two actions should you perform? Each correct answer present part of the solution.

NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution
Correct Answer: A, B

Question #2

You have an Azure subscription named Sub1 and a Microsoft 365 subscription. Sub1 is linked to an Azure Active Directory (Azure AD) tenant named contoso.com.

You create an Azure Sentinel workspace named workspace1. In workspace1, you activate an Azure AD connector for contoso.com and an Office 365 connector for the Microsoft 365 subscription.

You need to use the Fusion rule to detect multi-staged attacks that include suspicious sign-ins to contoso.com followed by anomalous Microsoft Office 365 activity.

Which two actions should you perform? Each correct answer present part of the solution.

NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution
Correct Answer: A, B

Question #3

The issue for which team can be resolved by using Microsoft Defender for Endpoint?

Reveal Solution Hide Solution
Question #4

The issue for which team can be resolved by using Microsoft Defender for Office 365?

Reveal Solution Hide Solution
Question #5

You need to recommend a solution to meet the technical requirements for the Azure virtual machines. What should you include in the recommendation?

Reveal Solution Hide Solution

Unlock all SC-200 Exam Questions with Advanced Practice Test Features:
  • Select Question Types you want
  • Set your Desired Pass Percentage
  • Allocate Time (Hours : Minutes)
  • Create Multiple Practice tests with Limited Questions
  • Customer Support
Get Full Access Now
Disscuss Microsoft SC-200 Topics, Questions or Ask Anything Related

Save Cancel