2021 Update Free Microsoft SC-200 Exam Questions and Answers

2021 Update Free Microsoft SC-200 Exam Questions and Answers

SC-200 Microsoft Security Operations Analyst exam is a required exam for Microsoft Certified: Security Operations Analyst Associate Certification. As a Microsoft Security Operations Analyst you will remediate active attacks in the environment, advise on improvements to threat protection practices, and refer violations of organizational policies to appropriate stakeholders.

This article will share with you how to prepare and pass your Microsoft Security Operations Analyst SC-200 exam. Proper Microsoft SC-200 Exam Questions and Answers are required in addition to this in order to achieve a satisfactory result. Try these sample questions! To pass the Microsoft SC-200 exam, FreeTestShare will be your best helper. 100% pass rate guarantee! What are you waiting for?Seize the opportunity to clear your Microsoft SC-200 exam!

Page 1 of 3

1. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center.

You receive a security alert in Security Center.

You need to view recommendations to resolve the alert in Security Center.

Solution: From Regulatory compliance, you download the report.

Does this meet the goal?

2. Your company deploys the following services:

✑ Microsoft Defender for Identity

✑ Microsoft Defender for Endpoint

✑ Microsoft Defender for Office 365

You need to provide a security analyst with the ability to use the Microsoft 365 security center. The analyst must be able to approve and reject pending actions generated by Microsoft Defender for Endpoint. The solution must use the principle of least privilege.

Which two roles should assign to the analyst? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

3. You are configuring Azure Sentinel.

You need to send a Microsoft Teams message to a channel whenever an incident representing a sign-in risk event is activated in Azure Sentinel.

Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

4. You create a hunting query in Azure Sentinel.

You need to receive a notification in the Azure portal as soon as the hunting query detects a match on the query. The solution must minimize effort.

What should you use?

5. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

Solution: You add the accounts to an Active Directory group and add the group as a Sensitive group.

Does this meet the goal?

6. Your company uses Azure Sentinel.

A new security analyst reports that she cannot assign and dismiss incidents in Azure Sentinel. You need to resolve the issue for the analyst. The solution must use the principle of least privilege.

Which role should you assign to the analyst?

7. You are investigating a potential attack that deploys a new ransomware strain.

You plan to perform automated actions on a group of highly valuable machines that contain sensitive information.

You have three custom device groups.

You need to be able to temporarily group the machines to perform actions on the devices.

Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

8. HOTSPOT

You have an Azure Storage account that will be accessed by multiple Azure Function apps during the development of an application.

You need to hide Azure Defender alerts for the storage account.

Which entity type and field should you use in a suppression rule? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.



9. You provision Azure Sentinel for a new Azure subscription. You are configuring the Security Events connector.

While creating a new rule from a template in the connector, you decide to generate a new alert for every event. You create the following rule query.





By which two components can you group alerts into incidents? Each correct answer presents a complete

solution. NOTE: Each correct selection is worth one point.

10. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

Solution: You add each account as a Sensitive account.

Does this meet the goal?


 

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *