Microsoft SC-200 Exam Practice Test Instant Access

Question 1

You have two Azure subscriptions that use Microsoft Defender for Cloud.

You need to ensure that specific Defender for Cloud security alerts are suppressed at the root management group level. The solution must minimize administrative effort.

What should you do in the Azure portal?

ACreate an Azure Policy assignment.

BModify the Workload protections settings in Defender for Cloud.

CCreate an alert rule in Azure Monitor.

DModify the alert settings in Defender for Cloud.

Answer : D

You can use alerts suppression rules to suppress false positives or other unwanted security alerts from Defender for Cloud.

Note: To create a rule directly in the Azure portal:

1. From Defender for Cloud's security alerts page:

Select the specific alert you don't want to see anymore, and from the details pane, select Take action.

Or, select the suppression rules link at the top of the page, and from the suppression rules page select Create new suppression rule:

2. In the new suppression rule pane, enter the details of your new rule.

Your rule can dismiss the alert on all resources so you don't get any alerts like this one in the future.

Your rule can dismiss the alert on specific criteria - when it relates to a specific IP address, process name, user account, Azure resource, or location.

3. Enter details of the rule.

4. Save the rule.

Question 2

You have a Microsoft 365 E5 subscription that contains two users named Userl and User2 and From the Copilot for Security portal, User1 starts a session and creates the following prompts:

* Prompt1: Provides access to the Entra plugin

* Prompt2: Provides access to the Intune plugin

* Prompt3: Provides access to the Entra plugin

User1 shares the session with User2.

User2 does NOT have access to Microsoft Intune.

For which prompts can User2 view results during the shared session?

APrompt1 only

BPrompt1 and Prompt2 only

CPrompt3 only

DPrompt1 and Prompt3 only

EPrompt1, Prompt2, and Prompt3

Answer : D

Question 3

You use Microsoft Sentinel.

You need to receive an alert in near real-time whenever Azure Storage account keys are enumerated. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point

ACreate a bookmark.

BCreate an analytics rule.

CCreate a livestream.

DCreate a hunting query.

EAdd a data connector.

Answer : D, E

Question 4

Your company deploys the following services:

Microsoft Defender for Identity

Microsoft Defender for Endpoint

Microsoft Defender for Office 365

You need to provide a security analyst with the ability to use the Microsoft 365 security center. The analyst must be able to approve and reject pending actions generated by Microsoft Defender for Endpoint. The solution must use the principle of least privilege.

Which two roles should assign to the analyst? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Athe Compliance Data Administrator in Azure Active Directory (Azure AD)

Bthe Active remediation actions role in Microsoft Defender for Endpoint

Cthe Security Administrator role in Azure Active Directory (Azure AD)

Dthe Security Reader role in Azure Active Directory (Azure AD)

Answer : B, D

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide

Question 5

You have a Microsoft Sentinel workspace named SW1.

In SW1, you investigate an incident that is associated with the following entities:

* Host

* IP address

* User account

* Malware name

Which entity can be labeled as an indicator of compromise (loC) directly from the incident s page?

Amalware name

Bhost

Cuser account

DIP address

Answer : D

Question 6

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a user named User1.

You need to ensure that User1 can manage Microsoft Defender XDR custom detection rules and Endpoint security policies. The solution must follow the principle of least privilege.

Which role should you assign to User1?

ADesktop Analytics Administrator

BSecurity Operator

CSecurity Administrator

DCloud Device Administrator

Answer : C

Question 7

You have a Microsoft Sentinel workspace.

You receive multiple alerts for failed sign in attempts to an account.

You identify that the alerts are false positives.

You need to prevent additional failed sign-in alerts from being generated for the account. The solution must meet the following requirements.

* Ensure that failed sign-in alerts are generated for other accounts.

* Minimize administrative effort

What should do?

ACreate an automation rule.

BCreate a watchlist.

CModify the analytics rule.

DAdd an activity template to the entity behavior.

Answer : A

An automation rule will allow you to specify which alerts should be suppressed, ensuring that failed sign-in alerts are generated for other accounts while minimizing administrative effort. To create an automation rule, navigate to the Automation Rules page in the Microsoft Sentinel workspace and configure the rule parameters to suppress the false positive alerts.

Microsoft SC-200 Microsoft Security Operations Analyst Exam Practice Test