The purpose of this Sample Question Set is to provide you with information about the Microsoft Security Operations Analyst exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the SC-200 certification test. To get familiar with real exam environment, we suggest you try our Sample Microsoft Security Operations Analyst Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual Microsoft Certified - Security Operations Analyst Associate certification exam.
These sample questions are simple and basic questions that represent likeness to the real Microsoft SC-200 exam questions. To assess your readiness and performance with real time scenario based questions, we suggest you prepare with our Premium Microsoft Security Operations Analyst Certification Practice Exam. When you solve real time scenario based questions practically, you come across many difficulties that give you an opportunity to improve.
Microsoft SC-200 Sample Questions:
01. You have a Microsoft Sentinel workspace. You need to view a visual representation of the data in the workspace. What should you use?
a) a notebook
b) a playbook
c) a workbook
d) Azure Data Factory
02. You have a Microsoft 365 subscription that contains a user named User1. You need to identify whether User1 signed in to Microsoft 365 and shared a document stored in Microsoft OneDrive during the last 30 days. What should you use?
a) the Azure portal
b) the Microsoft Defender portal
c) the Microsoft Entra admin center
d) the Microsoft Purview portal
03. Your company uses Microsoft Defender for Cloud. You need to configure the continuous export of Defender for Cloud data. To which two destinations can you export the data?
Each correct answer presents a complete solution.
a) an Azure SQL database
b) a Log Analytics workspace
c) a storage account
d) an Azure Synapse Analytics workspace
e) an event hub
04. You have a Microsoft Sentinel workspace named Workspace1. You need to create and customize a workbook based on an Identity & Access template in Workspace1. What should you do first?
a) Publish the workbook template.
b) Edit the workbook template.
c) Clone the workbook template.
d) Save the workbook template.
05. You have a Microsoft 365 E5 subscription that contains 1,000 computers. You discover that users are downloading and sharing sensitive files from Microsoft SharePoint Online. You need to view Microsoft Purview data loss prevention (DLP) alerts. What should you use in the Microsoft Defender portal?
a) Incidents
b) Inventory
c) Secure Score
d) Threat analytics
06. Your company uses Microsoft Defender XDR. You need to use Microsoft Defender XDR deception rules to detect attacks as early as possible. What Microsoft Defender XDR service should you use to create the deception rules?
a) Microsoft Defender for Cloud Apps
b) Microsoft Defender for Endpoint
c) Microsoft Defender for Identity
d) Microsoft Defender for Office 365
07. You have a Microsoft Sentinel workspace named Workspace1. Workspace1 contains a table named Table1 that stores security events from a custom application. Table1 is used by the analytics rules in Microsoft Sentinel to generate incidents.
You discover that the security events in Table1 are inaccurate. You need to ensure that future incidents are NOT generated by the analytics rules until the security events in Table1 are resolved. The solution must minimize effort.
What should you do in Microsoft Sentinel?
a) Modify the analytics rules.
b) Modify the Workspace settings.
c) Select the incidents, and then set the severity of each incident to Informational.
d) Select the incidents, and then set the status of each incident to Closed.
08. You have a Microsoft 365 E5 subscription. You plan to create a Microsoft Defender XDR hunting query to identify users that have been affected by clicking a suspicious URL. You need to create a detection rule that will mark the user as compromised. Which two properties should you include in the rule?
Each answer presents part of the solution. Select all answers that apply.
a) TimeGenerated
b) AlertId
c) ReportId
d) AccountUpn
09. You have an Azure virtual machine named VM1 that runs Windows Server. You onboard VM1 to Microsoft Sentinel by connecting VM1 to a Log Analytics workspace. You plan to run an automated response playbook based on an Azure logic app named LA1 directly from an incident in Microsoft Sentinel.
You discover that the playbook fails to run against VM1. You need to ensure that the playbook can successfully execute actions on VM1. The solution must minimize administrative effort.
What should you do?
a) Grant the playbook’s managed identity the required permissions on VM1.
b) Onboard VM1 to Azure Automation.
c) Assign a managed identity to VM1 and grant it access to LA1.
d) Add a data connector to a Microsoft Sentinel workspace.
10. You have a hybrid environment that includes an on-premises Active Directory Domain Services (AD DS) domain, a Microsoft Entra tenant, and a Microsoft 365 E5 subscription. All Windows 11 devices are onboarded to Microsoft Defender for Endpoint.
You deploy Microsoft Defender for Identity sensors to domain controllers. You need to enable automatic attack disruption in Microsoft Defender XDR. The solution must meet the following requirements:
- During an active attack, affected devices must be contained automatically, and compromised user accounts must be disabled.
- User disruptions must be minimized.
What should you configure?
a) attack surface reduction (ASR) rules in Microsoft Defender for Endpoint
b) Advanced features in Microsoft Defender for Identity
c) device isolation in Microsoft Defender for Endpoint
d) indicators in Microsoft Defender for Endpoint
Answers:
|
Question: 01 Answer: c |
Question: 02 Answer: d |
Question: 03 Answer: b, e |
Question: 04 Answer: c |
Question: 05 Answer: a |
|
Question: 06 Answer: b |
Question: 07 Answer: a |
Question: 08 Answer: c, d |
Question: 09 Answer: a |
Question: 10 Answer: b |
Note: For any error in Microsoft Certified - Security Operations Analyst Associate (SC-200) certification exam sample questions, please update us by writing an email on feedback@edusum.com.
