2021 Update Free Microsoft SC-200 Exam Questions and Answers

test2021-12-22T07:45:20+00:00

SC-200 Microsoft Security Operations Analyst exam is a required exam for Microsoft Certified: Security Operations Analyst Associate Certification. As a Microsoft Security Operations Analyst you will remediate active attacks in the environment, advise on improvements to threat protection practices, and refer violations of organizational policies to appropriate stakeholders.

This article will share with you how to prepare and pass your Microsoft Security Operations Analyst SC-200 exam. Proper Microsoft SC-200 Exam Questions and Answers are required in addition to this in order to achieve a satisfactory result. Try these sample questions! To pass the Microsoft SC-200 exam, FreeTestShare will be your best helper. 100% pass rate guarantee! What are you waiting for?Seize the opportunity to clear your Microsoft SC-200 exam!

Page 1 of 3

1. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center.

You receive a security alert in Security Center.

You need to view recommendations to resolve the alert in Security Center.

Solution: From Regulatory compliance, you download the report.

Does this meet the goal?

Yes

2. Your company deploys the following services:

✑ Microsoft Defender for Identity

✑ Microsoft Defender for Endpoint

✑ Microsoft Defender for Office 365

You need to provide a security analyst with the ability to use the Microsoft 365 security center. The analyst must be able to approve and reject pending actions generated by Microsoft Defender for Endpoint. The solution must use the principle of least privilege.

Which two roles should assign to the analyst? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

the Compliance Data Administrator in Azure Active Directory (Azure AD)

the Active remediation actions role in Microsoft Defender for Endpoint

the Security Administrator role in Azure Active Directory (Azure AD)

the Security Reader role in Azure Active Directory (Azure AD)

3. You are configuring Azure Sentinel.

You need to send a Microsoft Teams message to a channel whenever an incident representing a sign-in risk event is activated in Azure Sentinel.

Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Enable Entity behavior analytics.

Associate a playbook to the analytics rule that triggered the incident.

Enable the Fusion rule.

Add a playbook.

Create a workbook.

4. You create a hunting query in Azure Sentinel.

You need to receive a notification in the Azure portal as soon as the hunting query detects a match on the query. The solution must minimize effort.

What should you use?

a playbook

a notebook

a livestream

a bookmark

5. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

Solution: You add the accounts to an Active Directory group and add the group as a Sensitive group.

Does this meet the goal?

Yes

6. Your company uses Azure Sentinel.

A new security analyst reports that she cannot assign and dismiss incidents in Azure Sentinel. You need to resolve the issue for the analyst. The solution must use the principle of least privilege.

Which role should you assign to the analyst?

Azure Sentinel Responder

Logic App Contributor

Azure Sentinel Contributor

Azure Sentinel Reader

7. You are investigating a potential attack that deploys a new ransomware strain.

You plan to perform automated actions on a group of highly valuable machines that contain sensitive information.

You have three custom device groups.

You need to be able to temporarily group the machines to perform actions on the devices.

Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Add a tag to the device group.

Add the device users to the admin role.

Add a tag to the machines.

Create a new device group that has a rank of 1.

Create a new admin role.

Create a new device group that has a rank of 4.

8. HOTSPOT

You have an Azure Storage account that will be accessed by multiple Azure Function apps during the development of an application.

You need to hide Azure Defender alerts for the storage account.

Which entity type and field should you use in a suppression rule? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

9. You provision Azure Sentinel for a new Azure subscription. You are configuring the Security Events connector.

While creating a new rule from a template in the connector, you decide to generate a new alert for every event. You create the following rule query.

By which two components can you group alerts into incidents? Each correct answer presents a complete

solution. NOTE: Each correct selection is worth one point.

user

resource group

IP address

computer

10. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

Solution: You add each account as a Sensitive account.

Does this meet the goal?

Yes

Page 2 of 3

11. You create an Azure subscription.

You enable Azure Defender for the subscription.

You need to use Azure Defender to protect on-premises computers.

What should you do on the on-premises computers?

Install the Log Analytics agent.

Install the Dependency agent.

Configure the Hybrid Runbook Worker role.

Install the Connected Machine agent.

12. DRAG DROP

You need to configure DC1 to meet the business requirements.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

13. You plan to create a custom Azure Sentinel query that will provide a visual representation of the security alerts generated by Azure Security Center.

You need to create a query that will be used to display a bar graph.

What should you include in the query?

extend

bin

count

workspace

14. You use Azure Security Center.

You receive a security alert in Security Center.

You need to view recommendations to resolve the alert in Security Center.

What should you do?

From Security alerts, select the alert, select Take Action, and then expand the Prevent future attacks section.

From Security alerts, select Take Action, and then expand the Mitigate the threat section.

From Regulatory compliance, download the report.

From Recommendations, download the CSV report.

15. You have an existing Azure logic app that is used to block Azure Active Directory (Azure AD) users. The logic app is triggered manually.

You deploy Azure Sentinel.

You need to use the existing logic app as a playbook in Azure Sentinel.

What should you do first?

And a new scheduled query rule.

Add a data connector to Azure Sentinel.

Configure a custom Threat Intelligence connector in Azure Sentinel.

Modify the trigger in the logic app.

16. You use Azure Defender.

You have an Azure Storage account that contains sensitive information.

You need to run a PowerShell script if someone accesses the storage account from a suspicious IP address.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

From Azure Security Center, enable workflow automation.

Create an Azure logic appthat has a manual trigger

Create an Azure logic app that has an Azure Security Center alert trigger.

Create an Azure logic appthat has an HTTP trigger.

From Azure Active Directory (Azure AD), add an app registration.

17. You need to modify the anomaly detection policy settings to meet the Cloud App Security requirements.

Which policy should you modify?

Activity from suspicious IP addresses

Activity from anonymous IP addresses

Impossible travel

Risky sign-in

18. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring Microsoft Defender for Identity integration with Active Directory.

From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.

Solution: From Entity tags, you add the accounts as Honeytoken accounts.

Does this meet the goal?

Yes

19. Your company uses Microsoft Defender for Endpoint.

The company has Microsoft Word documents that contain macros. The documents are used frequently on the devices of the company’s accounting team.

You need to hide false positive in the Alerts queue, while maintaining the existing security posture.

Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Resolve the alert automatically.

Hide the alert.

Create a suppression rule scoped to any device.

Create a suppression rule scoped to a device group.

Generate the alert.

20. HOTSPOT

You need to recommend remediation actions for the Azure Defender alerts for Fabrikam.

What should you recommend for each threat? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Page 3 of 3

21. DRAG DROP

You have an Azure subscription.

You need to delegate permissions to meet the following requirements:

✑ Enable and disable Azure Defender.

✑ Apply security recommendations to resource.

The solution must use the principle of least privilege.

Which Azure Security Center role should you use for each requirement? To answer, drag the appropriate roles to the correct requirements. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

22. You need to implement the Azure Information Protection requirements.

What should you configure first?

Device health and compliance reports settings in Microsoft Defender Security Center

scanner clusters in Azure Information Protection from the Azure portal

content scan jobs in Azure Information Protection from the Azure portal

Advanced features from Settings in Microsoft Defender Security Center

23. You recently deployed Azure Sentinel.

You discover that the default Fusion rule does not generate any alerts. You verify that the rule is enabled.

You need to ensure that the Fusion rule can generate alerts.

What should you do?

Disable, and then enable the rule.

Add data connectors

Create a new machine learning analytics rule.

Add a hunting bookmark.

24. You receive an alert from Azure Defender for Key Vault.

You discover that the alert is generated from multiple suspicious IP addresses.

You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must minimize the impact on legitimate users.

What should you do first?

Modify the access control settings for the key vault.

Enable the Key Vault firewall.

Create an application security group.

Modify the access policy for the key vault.

25. HOTSPOT

You need to create the analytics rule to meet the Azure Sentinel requirements.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.