Practice SC-200 Exam Online

Question 1

You have an Azure subscription that uses Microsoft Sentinel.

You need to minimize the administrative effort required to respond to the incidents and remediate the security threats detected by Microsoft Sentinel.

Which two features should you use? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A : Microsoft Sentinel bookmarks

B : Azure Automation runbooks

C : Microsoft Sentinel automation rules

D : Microsoft Sentinel playbooks

E : Azure Functions apps

Answer: C,D

Question 2

You need to complete the query for failed sign-ins to meet the technical requirements.
Where can you find the column name to complete the where clause?

A : Security alerts in Azure Security Center

B : Activity log in Azure

C : Azure Advisor

D : the query windows of the Log Analytics workspace

Answer: D

Question 3

You have a playbook in Azure Sentinel.
When you trigger the playbook, it sends an email to a distribution group.
You need to modify the playbook to send the email to the owner of the resource instead of the distribution group.
What should you do?

A : Add a parameter and modify the trigger.

B : Add a custom data connector and modify the trigger.

C : Add a condition and modify the action.

D : Add a parameter and modify the action.

Answer: D

Question 4

You have an Azure subscription that contains a Microsoft Sentinel workspace. The workspace contains a

Microsoft Defender for Cloud data connector. You need to customize which details will be included when an

alert is created for a specific event. What should you do?

A : Modify the properties of the connector.

B : Create a Data Collection Rule (DCR).

C : Create a scheduled query rule.

D : Enable User and Entity Behavior Analytics (UEBA)

Answer: D

Question 5

You have a third-party security information and event management (SIEM) solution.

You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD) sign-events in near real time.

What should you do to route events to the SIEM solution?

A : Create an Azure Sentinel workspace that has a Security Events connector.

B : Configure the Diagnostics settings in Azure AD to stream to an event hub.

C : Create an Azure Sentinel workspace that has an Azure Active Directory connector.

D : Configure the Diagnostics settings in Azure AD to archive to a storage account.

Answer: B

Name:	Microsoft Security Operations Analyst
Exam Code:	SC-200
Certification:	Security Operations Analyst Associate
Vendor:	Microsoft
Total Questions:	296
Last Updated:	Apr 29, 2024

Microsoft SC-200