Microsoft SC-200 Exam Real Questions

Prepare and pass your Microsoft Security Operations Analyst with free SC-200 exam questions.

Page: 1 / 66

Total 326 Questions | Updated On: Oct 16, 2024

Add To Cart

Question 1

You have the following environment:
Azure Sentinel
A Microsoft 365 subscription
Microsoft Defender for Identity
An Azure Active Directory (Azure AD) tenant
You configure Azure Sentinel to collect security logs from all the Active Directory member servers and domain controllers.
You deploy Microsoft Defender for Identity by using standalone sensors.
You need to ensure that you can detect when sensitive groups are modified in Active Directory.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A : nfigure the Advanced Audit Policy Configuration settings for the domain controllers.

B : dify the permissions of the Domain Controllers organizational unit (OU).

C : nfigure auditing in the Microsoft 365 compliance center.

D : nfigure Windows Event Forwarding on the domain controllers.

Answer: A,D

Question 2

You have an Azure subscription.

You need to stream the Microsoft Graph activity logs to a third-party security information and event management (SIEM) tool. The solution must minimize administrative effort.

To where should you stream the logs?

A : an Azure Event Hubs namespace

B : an Azure Storage account

C : an Azure Event Grid namespace

D : a Log Analytics workspace

Answer: A

Question 3

You have a Microsoft Sentinel workspace.

You need to identify which rules are used to detect advanced multistage attacks that comprise two or more alerts or activities. The solution must minimize administrative effort.

Which rule type should you query?

A : Fusion

B : Microsoft Security

C : ML Behavior Analytics

D : Scheduled

Answer: A

Question 4

You have an Azure subscription that contains a Microsoft Sentinel workspace. The workspace contains a Microsoft Defender for Cloud data connector.

You need to customize which details will be included when an alert is created for a specific event.

What should you do?

A : Modify the properties of the connector.

B : Create a Data Collection Rule (DCR).

C : Create a scheduled query rule.

D : Enable User and Entity Behavior Analytics (UEBA)

Answer: C

Question 5

You have an Azure subscription that uses Microsoft Sentinel.

You need to minimize the administrative effort required to respond to the incidents and remediate the security threats detected by Microsoft Sentinel.

Which two features should you use? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A : crosoft Sentinel bookmarks

B : ure Automation runbooks

C : crosoft Sentinel automation rules

D : crosoft Sentinel playbooks

E : ure Functions apps

Answer: C,D

Page: 1 / 66

Total 326 Questions | Updated On: Oct 16, 2024

Add To Cart