SC-200 Exam - Microsoft Security Operations Analyst

  1. Home
  2. Microsoft
  3. SC-200 Dumps

certleader.com

Download of SC-200 practice test materials and questions pool for Microsoft certification for IT engineers, Real Success Guaranteed with Updated SC-200 pdf dumps vce Materials. 100% PASS Microsoft Security Operations Analyst exam Today!

Check SC-200 free dumps before getting the full version:

NEW QUESTION 1

You plan to create a custom Azure Sentinel query that will provide a visual representation of the security alerts generated by Azure Security Center.
You need to create a query that will be used to display a bar graph. What should you include in the query?

  • A. extend
  • B. bin
  • C. count
  • D. workspace

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/visualize/workbooks-chart-visualizations

NEW QUESTION 2

Your company uses Azure Security Center and Azure Defender.
The security operations team at the company informs you that it does NOT receive email notifications for security alerts.
What should you configure in Security Center to enable the email notifications?

  • A. Security solutions
  • B. Security policy
  • C. Pricing & settings
  • D. Security alerts
  • E. Azure Defender

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details

NEW QUESTION 3

You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in.
Which anomaly detection policy should you use?

  • A. Impossible travel
  • B. Activity from anonymous IP addresses
  • C. Activity from infrequent country
  • D. Malware detection

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy

NEW QUESTION 4

You need to recommend remediation actions for the Azure Defender alerts for Fabrikam.
What should you recommend for each threat? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
SC-200 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/secure-your-key-vault

NEW QUESTION 5

You create a new Azure subscription and start collecting logs for Azure Monitor.
You need to configure Azure Security Center to detect possible threats related to sign-ins from suspicious IP addresses to Azure virtual machines. The solution must validate the configuration.
Which three actions should you perform in a sequence? To answer, move the appropriate actions from the list of action to the answer area and arrange them in the correct order.
SC-200 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-alert-validation

NEW QUESTION 6

You plan to connect an external solution that will send Common Event Format (CEF) messages to Azure Sentinel.
You need to deploy the log forwarder.
Which three actions should you perform in sequence? To answer, move the appropriate actions form the list of actions to the answer area and arrange them in the correct order.
SC-200 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/connect-cef-agent?tabs=rsyslog

NEW QUESTION 7

You are investigating an incident by using Microsoft 365 Defender.
You need to create an advanced hunting query to detect failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop.
How should you complete the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
SC-200 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
SC-200 dumps exhibit

NEW QUESTION 8

Your company uses line-of-business apps that contain Microsoft Office VBA macros.
You plan to enable protection against downloading and running additional payloads from the Office VBA macros as additional child processes.
You need to identify which Office VBA macros might be affected.
Which two commands can you run to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
SC-200 dumps exhibit

  • A. Option A
  • B. Option B
  • C. Option C
  • D. Option D

Answer: BC

Explanation:
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface- reduction

NEW QUESTION 9

From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown in the following exhibit.
SC-200 dumps exhibit
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
SC-200 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-investigate-cases#use-the-investigation-graph-to-deep-d

NEW QUESTION 10

You provision a Linux virtual machine in a new Azure subscription.
You enable Azure Defender and onboard the virtual machine to Azure Defender.
You need to verify that an attack on the virtual machine triggers an alert in Azure Defender.
Which two Bash commands should you run on the virtual machine? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. cp /bin/echo ./asc_alerttest_662jfi039n
  • B. ./alerttest testing eicar pipe
  • C. cp /bin/echo ./alerttest
  • D. ./asc_alerttest_662jfi039n testing eicar pipe

Answer: AD

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-alert-validation#simulate-alerts-on-your- azure-vms-linux

NEW QUESTION 11

You are configuring Azure Sentinel.
You need to send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected.
Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

  • A. Add a playbook.
  • B. Associate a playbook to an incident.
  • C. Enable Entity behavior analytics.
  • D. Create a workbook.
  • E. Enable the Fusion rule.

Answer: AB

NEW QUESTION 12

Your company uses Azure Sentinel to manage alerts from more than 10,000 IoT devices.
A security manager at the company reports that tracking security threats is increasingly difficult due to the large number of incidents.
You need to recommend a solution to provide a custom visualization to simplify the investigation of threats and to infer threats by using machine learning.
What should you include in the recommendation?

  • A. built-in queries
  • B. livestream
  • C. notebooks
  • D. bookmarks

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/notebooks

NEW QUESTION 13

You manage the security posture of an Azure subscription that contains two virtual machines name vm1 and vm2.
The secure score in Azure Security Center is shown in the Security Center exhibit. (Click the Security Center tab.)
SC-200 dumps exhibit
Azure Policy assignments are configured as shown in the Policies exhibit. (Click the Policies tab.)
SC-200 dumps exhibit
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
SC-200 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Reference:
https://techcommunity.microsoft.com/t5/azure-security-center/security-control-restrict-unauthorized-network-ac https://techcommunity.microsoft.com/t5/azure-security-center/security-control-secure-management-ports/ba-p/1

NEW QUESTION 14

You have an Azure Sentinel deployment.
You need to query for all suspicious credential access activities.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
SC-200 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
SC-200 dumps exhibit

NEW QUESTION 15

You have a Microsoft 365 subscription that uses Azure Defender. You have 100 virtual machines in a resource group named RG1.
You assign the Security Admin roles to a new user named SecAdmin1.
You need to ensure that SecAdmin1 can apply quick fixes to the virtual machines by using Azure Defender. The solution must use the principle of least privilege.
Which role should you assign to SecAdmin1?

  • A. the Security Reader role for the subscription
  • B. the Contributor for the subscription
  • C. the Contributor role for RG1
  • D. the Owner role for RG1

Answer: C

NEW QUESTION 16

You have a custom analytics rule to detect threats in Azure Sentinel.
You discover that the analytics rule stopped running. The rule was disabled, and the rule name has a prefix of AUTO DISABLED.
What is a possible cause of the issue?

  • A. There are connectivity issues between the data sources and Log Analytics.
  • B. The number of alerts exceeded 10,000 within two minutes.
  • C. The rule query takes too long to run and times out.
  • D. Permissions to one of the data sources of the rule query were modified.

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-custom

NEW QUESTION 17
......

P.S. Easily pass SC-200 Exam with 51 Q&As Thedumpscentre.com Dumps & pdf Version, Welcome to Download the Newest Thedumpscentre.com SC-200 Dumps: https://www.thedumpscentre.com/SC-200-dumps/ (51 New Questions)


© All pages Copyright to by dumpslabs.com. All rights reserved. thedumpscentre.com