Microsoft Security Operations Analyst SC-200 Exam Practice Test

Page: 1 / 14
Total 370 questions
Question 1

You need to ensure that the Group1 members can meet the Microsoft Sentinel requirements.

Which role should you assign to Group1?



Answer : C


Question 2

You have the following environment:

Azure Sentinel

A Microsoft 365 subscription

Microsoft Defender for Identity

An Azure Active Directory (Azure AD) tenant

You configure Azure Sentinel to collect security logs from all the Active Directory member servers and domain controllers.

You deploy Microsoft Defender for Identity by using standalone sensors.

You need to ensure that you can detect when sensitive groups are modified in Active Directory.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.



Question 3

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center.

You receive a security alert in Security Center.

You need to view recommendations to resolve the alert in Security Center.

Solution: From Security alerts, you select the alert, select Take Action, and then expand the Prevent future attacks section.

Does this meet the goal?



Answer : B

You need to resolve the existing alert, not prevent future alerts. Therefore, you need to select the 'Mitigate the threat' option.


https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alerts

Question 4

You have a Microsoft 365 E5 subscription that contains 500 Windows 11 devices.

You have a Microsoft Defender for Endpoint deployment that has the following settings:

Discovery mode: Basic

Live Response: Disabled

Enable EDR in block mode: Off

Tamper Protection: Off

You need to implement automatic attack disruption in Microsoft Defender XDR.

What should you do?



Answer : A


Question 5

You use Azure Security Center.

You receive a security alert in Security Center.

You need to view recommendations to resolve the alert in Security Center.

What should you do?



Question 6

You have an existing Azure logic app that is used to block Azure Active Directory (Azure AD) users. The logic app is triggered manually.

You deploy Azure Sentinel.

You need to use the existing logic app as a playbook in Azure Sentinel. What should you do first?



Question 7

You have a Microsoft 365 E5 subscription that contains two users named Userl and User2 and From the Copilot for Security portal, User1 starts a session and creates the following prompts:

* Prompt1: Provides access to the Entra plugin

* Prompt2: Provides access to the Intune plugin

* Prompt3: Provides access to the Entra plugin

User1 shares the session with User2.

User2 does NOT have access to Microsoft Intune.

For which prompts can User2 view results during the shared session?



Answer : D


Page:    1 / 14   
Total 370 questions