Newly Update Microsoft Security Operations Analyst SC-200 Dumps

test2022-08-03T06:48:20+00:00

If you’re looking to advance your skills and gain Microsoft Certified: Security Operations Analyst Associate certification, the SC-200 exam is a great option. FreeTestShare Microsoft Security Operations Analyst SC-200 Dumps will take away your nervousness and help you finish the exam with a lot of important professional information. Microsoft Security Operations Analyst SC-200 Dumps must cover every topic and curriculum of the actual exam. Get the most updated Microsoft SC-200 dumps with 100% accurate answers. You will get a comprehensive FreeTestShare SC-200 dumps that will ensure your success on the first attempt!

Take a free SC-200 practice test to help you prepare for the exam.

Page 1 of 3

1. You have the following advanced hunting query in Microsoft 365 Defender.

You need to receive an alert when any process disables System Restore on a device managed by Microsoft Defender during the last 24 hours.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Create a detection rule.

Create a suppression rule.

Add | order by Timestamp to the query.

Replace DeviceProcessEvents with DeviceNetworkEvents.

Add DeviceId and ReportId to the output of the query.

2. You create an Azure subscription.

You enable Azure Defender for the subscription.

You need to use Azure Defender to protect on-premises computers.

What should you do on the on-premises computers?

Install the Log Analytics agent.

Install the Dependency agent.

Configure the Hybrid Runbook Worker role.

Install the Connected Machine agent.

3. HOTSPOT

You have an Azure Storage account that will be accessed by multiple Azure Function apps during the development of an application.

You need to hide Azure Defender alerts for the storage account.

Which entity type and field should you use in a suppression rule? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

4. Your company uses Azure Sentinel.

A new security analyst reports that she cannot assign and dismiss incidents in Azure Sentinel. You need to resolve the issue for the analyst. The solution must use the principle of least privilege.

Which role should you assign to the analyst?

Azure Sentinel Responder

Logic App Contributor

Azure Sentinel Contributor

Azure Sentinel Reader

5. You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure Sentinel requirements and the business requirements.

Which role should you assign?

Automation Operator

Automation Runbook Operator

Azure Sentinel Contributor

Logic App Contributor

6. HOTSPOT

You need to create the analytics rule to meet the Azure Sentinel requirements.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

7. HOTSPOT

You are informed of an increase in malicious email being received by users.

You need to create an advanced hunting query in Microsoft 365 Defender to identify whether the accounts of the email recipients were compromised. The query must return the most recent 20 sign-ins performed by the recipients within an hour of receiving the known malicious email.

How should you complete the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

8. DRAG DROP

You have an Azure Functions app that generates thousands of alerts in Azure Security Center each day for normal activity.

You need to hide the alerts automatically in Security Center.

Which three actions should you perform in sequence in Security Center? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

9. You use Azure Sentinel.

You need to use a built-in role to provide a security analyst with the ability to edit the queries of custom Azure Sentinel workbooks. The solution must use the principle of least privilege.

Which role should you assign to the analyst?

Azure Sentinel Contributor

Security Administrator

Azure Sentinel Responder

Logic App Contributor

10. You have a playbook in Azure Sentinel.

When you trigger the playbook, it sends an email to a distribution group.

You need to modify the playbook to send the email to the owner of the resource instead of the distribution group.

What should you do?

Add a parameter and modify the trigger.

Add a custom data connector and modify the trigger.

Add a condition and modify the action.

Add a parameter and modify the action.

Page 2 of 3

11. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center.

You receive a security alert in Security Center.

You need to view recommendations to resolve the alert in Security Center.

Solution: From Security alerts, you select the alert, select Take Action, and then expand the Prevent future attacks section.

Does this meet the goal?

Yes

12. You are investigating an incident in Azure Sentinel that contains more than 127 alerts.

You discover eight alerts in the incident that require further investigation.

You need to escalate the alerts to another Azure Sentinel administrator.

What should you do to provide the alerts to the administrator?

Create a Microsoft incident creation rule

Share the incident URL

Create a scheduled query rule

Assign the incident

13. The issue for which team can be resolved by using Microsoft Defender for Office 365?

executive

marketing

security

sales

14. HOTSPOT

You manage the security posture of an Azure subscription that contains two virtual machines name vm1 and vm2.

The secure score in Azure Security Center is shown in the Security Center exhibit. (Click the Security Center tab.)

Azure Policy assignments are configured as shown in the Policies exhibit. (Click the Policies tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

15. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Azure Sentinel.

You need to create an incident in Azure Sentinel when a sign-in to an Azure virtual machine from a malicious IP address is detected.

Solution: You create a hunting bookmark.

Does this meet the goal?

Yes

16. HOTSPOT

From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

17. You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for Endpoint requirements.

Which two configurations should you modify? Each correct answer present part of the solution. NOTE: Each correct selection is worth one point.

the Onboarding settings from Device management in Microsoft Defender Security Center

Cloud App Security anomaly detection policies

Advanced features from Settings in Microsoft Defender Security Center

the Cloud Discovery settings in Cloud App Security

18. You have a custom analytics rule to detect threats in Azure Sentinel.

You discover that the analytics rule stopped running. The rule was disabled, and the rule name has a prefix of AUTO DISABLED.

What is a possible cause of the issue?

There are connectivity issues between the data sources and Log Analytics.

The number of alerts exceeded 10,000 within two minutes.

The rule query takes too long to run and times out.

Permissions to one of the data sources of the rule query were modified.

19. You use Azure Sentinel.

You need to receive an immediate alert whenever Azure Storage account keys are enumerated.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Create a livestream

Add a data connector

Create an analytics rule

Create a hunting query.

Create a bookmark.

20. HOTSPOT

You need to create an advanced hunting query to investigate the executive team issue.

How should you complete the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Page 3 of 3

21. HOTSPOT

You purchase a Microsoft 365 subscription.

You plan to configure Microsoft Cloud App Security.

You need to create a custom template-based policy that detects connections to Microsoft 365 apps that originate from a botnet network.

What should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

22. You have an Azure subscription that contains a Log Analytics workspace.

You need to enable just-in-time (JIT) VM access and network detections for Azure resources.

Where should you enable Azure Defender?

at the subscription level

at the workspace level

at the resource level

23. You plan to create a custom Azure Sentinel query that will track anomalous Azure Active Directory (Azure AD) sign-in activity and present the activity as a time chart aggregated by day.

You need to create a query that will be used to display the time chart.

What should you include in the query?

extend

bin

makeset

workspace

24. A security administrator receives email alerts from Azure Defender for activities such as potential malware uploaded to a storage account and potential successful brute force attacks.

The security administrator does NOT receive email alerts for activities such as antimalware action failed and suspicious network activity. The alerts appear in Azure Security Center.

You need to ensure that the security administrator receives email alerts for all the activities.

What should you configure in the Security Center settings?

the severity level of email notifications

a cloud connector

the Azure Defender plans

the integration settings for Threat detection

25. Your company uses Azure Security Center and Azure Defender.

The security operations team at the company informs you that it does NOT receive email notifications for security alerts.

What should you configure in Security Center to enable the email notifications?

Security solutions

Security policy

Pricing & settings

Security alerts

Azure Defender

26. HOTSPOT

You need to configure the Azure Sentinel integration to meet the Azure Sentinel requirements.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

27. DRAG DROP

You plan to connect an external solution that will send Common Event Format (CEF) messages to Azure Sentinel.

You need to deploy the log forwarder.

Which three actions should you perform in sequence? To answer, move the appropriate actions form the list of actions to the answer area and arrange them in the correct order.