Microsoft Security Operations Analyst SC-200 Exam Practice Test

You have an Azure subscription that contains a resource group named RG1. RG1 contains a Microsoft Sentinel workspace. The subscription is linked to a Microsoft Entra tenant that contains a user named User1.

You need to ensure that User1 can deploy and customize Microsoft Sentine1 workbook templates. The solution must follow the principle of least privilege.

Which role should you assign to User1 for RG1?

You need to modify the anomaly detection policy settings to meet the Microsoft Defender for Cloud Apps requirements and resolve the reported problem.

Which policy should you modify?

You have a Microsoft 365 E5 subscription and a Microsoft Sentinel workspace. You need to create a KQL query that will combine data from the following sources:

* Microsoft Graph

* Risky users detected by using Microsoft Entra ID Protection

The solution must minimize the volume of data returned. How should the query start?

You have an Azure subscription that uses resource type for Cloud. You need to filter the security alerts view to show the following alerts:

* Unusual user accessed a key vault

* Log on from an unusual location

* Impossible travel activity

Which severity should you use?

You have a Microsoft 365 subscription.

You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode. You need to ensure that the devices are protected from malicious artifacts that were undetected by the third-party antivirus product. Solution: You configure Controlled folder access. Does this meet the goal?

Which rule setting should you configure to meet the Microsoft Sentinel requirements?

You have a Microsoft Sentinel workspace that has user and Entity Behavior Analytics (UEBA) enabled for Signin Logs.

You need to ensure that failed interactive sign-ins are detected.

The solution must minimize administrative effort.

What should you use?