Microsoft SC-200 Exam Questions Instant Access

Question 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center.

You receive a security alert in Security Center.

You need to view recommendations to resolve the alert in Security Center.

Solution: From Regulatory compliance, you download the report.

Does this meet the goal?

AYes

BNo

Answer : B

https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alerts

Question 2

You have a third-party security information and event management (SIEM) solution.

You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD) sign-events in near real time.

What should you do to route events to the SIEM solution?

ACreate an Azure Sentinel workspace that has a Security Events connector.

BConfigure the Diagnostics settings in Azure AD to stream to an event hub.

CCreate an Azure Sentinel workspace that has an Azure Active Directory connector.

DConfigure the Diagnostics settings in Azure AD to archive to a storage account.

Answer : B

https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/overview-monitoring

Question 3

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.

You are investigating an incident.

You need to review the incident tasks that were performed. The solution must include a query that will display the incidents in a workbook, and then display the tasks of each incident in another grid.

Which table should you target in the query?

ASecuritylncident

BSecurityEvent

CSentine1Audit

DSecurityAlert

Answer : A

Question 4

You have a playbook in Azure Sentinel.

When you trigger the playbook, it sends an email to a distribution group.

You need to modify the playbook to send the email to the owner of the resource instead of the distribution group.

What should you do?

AAdd a parameter and modify the trigger.

BAdd a custom data connector and modify the trigger.

CAdd a condition and modify the action.

DAdd a parameter and modify the action.

Answer : D

https://azsec.azurewebsites.net/2020/01/19/notify-azure-sentinel-alert-to-your-email-automatically/

Question 5

You are configuring Azure Sentinel.

You need to send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected.

Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

AAdd a playbook.

BAssociate a playbook to an incident.

CEnable Entity behavior analytics.

DCreate a workbook.

EEnable the Fusion rule.

Answer : A, B

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook

Question 6

You have a Microsoft Sentinel workspace named SW1.

In SW1, you investigate an incident that is associated with the following entities:

* Host

* IP address

* User account

* Malware name

Which entity can be labeled as an indicator of compromise (loC) directly from the incident s page?

Amalware name

Bhost

Cuser account

DIP address

Answer : D

Question 7

You need to implement the Defender for Cloud requirements.

What should you configure for Server2?

Athe Microsoft Antimalware extension

Ban Azure resource lock

Can Azure resource tag

Dthe Azure Automanage machine configuration extension for Windows

Answer : D

Microsoft Security Operations Analyst SC-200 Exam Questions