Breathing Microsoft SC-200 Preparation Online

we provide Free Microsoft SC-200 free download which are the best for clearing SC-200 test, and to get certified by Microsoft Microsoft Security Operations Analyst. The SC-200 Questions & Answers covers all the knowledge points of the real SC-200 exam. Crack your Microsoft SC-200 Exam with latest dumps, guaranteed!

Page: 1 / 6
Total 75 questions Full Exam Access
Question 1
- (Exam Topic 3)
You have an Azure Sentinel deployment.
You need to query for all suspicious credential access activities.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
SC-200 dumps exhibit
Solution:
SC-200 dumps exhibit

Does this meet the goal?
My answer: -
Reference answer: A
Reference analysis:

None

Question 2
- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center.
You receive a security alert in Security Center.
You need to view recommendations to resolve the alert in Security Center.
Solution: From Security alerts, you select the alert, select Take Action, and then expand the Prevent future attacks section.
Does this meet the goal?
My answer: -
Reference answer: B
Reference analysis:

You need to resolve the existing alert, not prevent future alerts. Therefore, you need to select the ‘Mitigate the threat’ option.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alerts

Question 3
- (Exam Topic 3)
You create an Azure subscription named sub1.
In sub1, you create a Log Analytics workspace named workspace1.
You enable Azure Security Center and configure Security Center to use workspace1.
You need to ensure that Security Center processes events from the Azure virtual machines that report to workspace1.
What should you do?
My answer: -
Reference answer: A
Reference analysis:

Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection

Question 4
- (Exam Topic 3)
You are investigating a potential attack that deploys a new ransomware strain.
You plan to perform automated actions on a group of highly valuable machines that contain sensitive information.
You have three custom device groups.
You need to be able to temporarily group the machines to perform actions on the devices. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
My answer: -
Reference answer: BDE
Reference analysis:

Reference:
https://www.drware.com/how-to-use-tagging-effectively-in-microsoft-defender-for-endpoint-part-1/

Question 5
- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring Microsoft Defender for Identity integration with Active Directory.
From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.
Solution: From Azure Identity Protection, you configure the sign-in risk policy. Does this meet the goal?
My answer: -
Reference answer: B
Reference analysis:

Reference:
https://docs.microsoft.com/en-us/defender-for-identity/manage-sensitive-honeytoken-accounts

Question 6
- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center.
You receive a security alert in Security Center.
You need to view recommendations to resolve the alert in Security Center. Solution: From Regulatory compliance, you download the report.
Does this meet the goal?
My answer: -
Reference answer: B
Reference analysis:

Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alerts

Question 7
- (Exam Topic 3)
You provision a Linux virtual machine in a new Azure subscription.
You enable Azure Defender and onboard the virtual machine to Azure Defender.
You need to verify that an attack on the virtual machine triggers an alert in Azure Defender.
Which two Bash commands should you run on the virtual machine? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
My answer: -
Reference answer: AD
Reference analysis:

Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-alert-validation#simulate-alerts-on-your- azure-vms-linux

Question 8
- (Exam Topic 3)
Your company uses line-of-business apps that contain Microsoft Office VBA macros.
You plan to enable protection against downloading and running additional payloads from the Office VBA macros as additional child processes.
You need to identify which Office VBA macros might be affected.
Which two commands can you run to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
SC-200 dumps exhibit
My answer: -
Reference answer: BC
Reference analysis:

Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface- reduction

Question 9
- (Exam Topic 3)
You receive an alert from Azure Defender for Key Vault.
You discover that the alert is generated from multiple suspicious IP addresses.
You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must minimize the impact on legitimate users.
What should you do first?
My answer: -
Reference answer: B
Reference analysis:

Reference:
https://docs.microsoft.com/en-us/azure/security-center/defender-for-key-vault-usage

Question 10
- (Exam Topic 3)
Your company uses Azure Sentinel to manage alerts from more than 10,000 IoT devices.
A security manager at the company reports that tracking security threats is increasingly difficult due to the large number of incidents.
You need to recommend a solution to provide a custom visualization to simplify the investigation of threats and to infer threats by using machine learning.
What should you include in the recommendation?
My answer: -
Reference answer: C
Reference analysis:

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/notebooks

Question 11
- (Exam Topic 3)
You provision Azure Sentinel for a new Azure subscription. You are configuring the Security Events connector.
While creating a new rule from a template in the connector, you decide to generate a new alert for every event. You create the following rule query.
SC-200 dumps exhibit
By which two components can you group alerts into incidents? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
My answer: -
Reference answer: CD
Reference analysis:

None

Question 12
- (Exam Topic 2)
You need to create the analytics rule to meet the Azure Sentinel requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
SC-200 dumps exhibit
Solution:
SC-200 dumps exhibit

Does this meet the goal?
My answer: -
Reference answer: A
Reference analysis:

None

Question 13
- (Exam Topic 3)
You have a Microsoft 365 subscription that uses Azure Defender. You have 100 virtual machines in a resource group named RG1.
You assign the Security Admin roles to a new user named SecAdmin1.
You need to ensure that SecAdmin1 can apply quick fixes to the virtual machines by using Azure Defender. The solution must use the principle of least privilege.
Which role should you assign to SecAdmin1?
My answer: -
Reference answer: C
Reference analysis:

None

Question 14
- (Exam Topic 3)
From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown in the following exhibit.
SC-200 dumps exhibit
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
SC-200 dumps exhibit
Solution:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-investigate-cases#use-the-investigation-graph-to-deep-d

Does this meet the goal?
My answer: -
Reference answer: A
Reference analysis:

None

Question 15
- (Exam Topic 2)
You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure Sentinel requirements and the business requirements.
Which role should you assign?
My answer: -
Reference answer: C
Reference analysis:

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/roles

Page: 1 / 6
Total 75 questions Full Exam Access