Microsoft SC-200 Microsoft Security Operations Analyst Exam Practice Test

You have a Microsoft Sentinel workspace that has user and Entity Behavior Analytics (UEBA) enabled for Signin Logs.

You need to ensure that failed interactive sign-ins are detected.

The solution must minimize administrative effort.

What should you use?

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint

You need to create a query that will link the Alertlnfo, AlertEvidence, and DeviceLogonEvents tables. The solution must return all the rows in the tables.

Which operator should you use?

You have an Azure subscription that uses resource type for Cloud. You need to filter the security alerts view to show the following alerts:

* Unusual user accessed a key vault

* Log on from an unusual location

* Impossible travel activity

Which severity should you use?

You need to deploy the native cloud connector to Account! to meet the Microsoft Defender for Cloud requirements. What should you do in Account! first?

You need to minimize the effort required to investigate the Microsoft Defender for Identity false positive alerts. What should you review?

You have a Microsoft Sentinel workspace named Workspace1 and 200 custom Advanced Security Information Model (ASIM) parsers based on the DNS schem

a. You need to make the 200 parsers available in Workspace1. The solution must minimize administrative effort. What should you do first?

You have an Azure subscription that uses Microsoft Defender fof Ctoud.

You have an Amazon Web Services (AWS) account that contains an Amazon Elastic Compute Cloud (EC2) instance named EC2-1.

You need to onboard EC2-1 to Defender for Cloud.

What should you install on EC2-1?