1. Home
  2. Microsoft
  3. SC-200

Microsoft Security Operations Analyst

Exam Details

  • Exam Code
    :SC-200
  • Exam Name
    :Microsoft Security Operations Analyst
  • Certification
    :Role-based
  • Vendor
    :Microsoft
  • Total Questions
    :260 Q&As
  • Last Updated
    :May 13, 2024

Microsoft Role-based SC-200 Questions & Answers

  • Question 11:

    HOTSPOT

    You have the following KQL query.

    Hot Area:

  • Question 12:

    HOTSPOT

    You have an Azure subscription.

    You plan to implement an Microsoft Sentinel workspace. You anticipate that you will ingest 20 GB of security log data per day.

    You need to configure storage for the workspace. The solution must meet the following requirements:

    Minimize costs for daily ingested data.

    Maximize the data retention period without incurring extra costs.

    What should you do for each requirement? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

    Hot Area:

  • Question 13:

    HOTSPOT

    You need to create an advanced hunting query to investigate the executive team issue.

    How should you complete the query? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 14:

    You need to complete the query for failed sign-ins to meet the technical requirements. Where can you find the column name to complete the where clause?

    A. Security alerts in Azure Security Center

    B. Activity log in Azure

    C. Azure Advisor

    D. the query windows of the Log Analytics workspace

  • Question 15:

    The issue for which team can be resolved by using Microsoft Defender for Office 365?

    A. executive

    B. marketing

    C. security

    D. sales

  • Question 16:

    You need to remediate active attacks to meet the technical requirements. What should you include in the solution?

    A. Azure Automation runbooks

    B. Azure Logic Apps

    C. Azure Functions

    D. Azure Sentinel livestreams

  • Question 17:

    You need to recommend a solution to meet the technical requirements for the Azure virtual machines. What should you include in the recommendation?

    A. just-in-time (JIT) access

    B. Azure Defender

    C. Azure Firewall

    D. Azure Application Gateway

  • Question 18:

    The issue for which team can be resolved by using Microsoft Defender for Endpoint?

    A. executive

    B. sales

    C. marketing

  • Question 19:

    You need to modify the anomaly detection policy settings to meet the Cloud App Security requirements. Which policy should you modify?

    A. Activity from suspicious IP addresses

    B. Activity from anonymous IP addresses

    C. Impossible travel

    D. Risky sign-in

  • Question 20:

    You need to implement the Azure Information Protection requirements. What should you configure first?

    A. Device health and compliance reports settings in Microsoft Defender Security Center

    B. scanner clusters in Azure Information Protection from the Azure portal

    C. content scan jobs in Azure Information Protection from the Azure portal

    D. Advanced features from Settings in Microsoft Defender Security Center

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-200 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.