Microsoft Security Operations Analyst (SC-200) Certification Sample Questions

Security Operations Analyst Dumps, SC-200 Dumps, SC-200 PDF, Security Operations Analyst VCE, Microsoft SC-200 VCE, Microsoft Security Operations Analyst PDFThe purpose of this Sample Question Set is to provide you with information about the Microsoft Security Operations Analyst exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the SC-200 certification test. To get familiar with real exam environment, we suggest you try our Sample Microsoft Security Operations Analyst Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual Microsoft Certified - Security Operations Analyst Associate certification exam.

These sample questions are simple and basic questions that represent likeness to the real Microsoft SC-200 exam questions. To assess your readiness and performance with real time scenario based questions, we suggest you prepare with our Premium Microsoft Security Operations Analyst Certification Practice Exam. When you solve real time scenario based questions practically, you come across many difficulties that give you an opportunity to improve.

Microsoft SC-200 Sample Questions:

01. You are currently using Azure Sentinel for the collection of Windows security events. You want to use Azure Sentinel to identify Remote Desktop Protocol (RDP) activity that is unusual for your environment.
You need to enable the Anomalous RDP Login Detection rule. What two prerequisites do you need to ensure are in place before you can enable this rule?
Each correct answer presents part of the solution.
a) Let the machine learning algorithm collect 30 days' worth of Windows Security events data.
b) Collect Security events or Windows Security Events with Event ID 4720.
c) Collect Security events or Windows Security Events with Event ID 4624.
d) Select an event set other than None.
02. You receive a security bulletin about a potential attack that uses an image file. You need to create an indicator of compromise (IoC) in Microsoft Defender for Endpoint to prevent the attack. Which indicator type should you use?
a) a URL/domain indicator that has Action set to Alert only
b) a URL/domain indicator that has Action set to Alert and block
c) a file hash indicator that has Action set to Alert and block
d) a certificate indicator that has Action set to Alert and block
03. A security administrator receives email alerts from Azure Defender for activities such as potential malware uploaded to a storage account and potential successful brute force attacks.
The security administrator does NOT receive email alerts for activities such as antimalware action failed and suspicious network activity. The alerts appear in Azure Security Center. You need to ensure that the security administrator receives email alerts for all the activities.
What should you configure in the Security Center settings?
a) the severity level of email notifications
b) a cloud connector
c) the Azure Defender plans
d) the integration settings for Threat detection
04. You receive an alert from Azure Defender for Key Vault. You discover that the alert is generated from multiple suspicious IP addresses. You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must minimize the impact on legitimate users.
What should you do first?
a) Modify the access control settings for the key vault.
b) Enable the Key Vault firewall.
c) Create an application security group.
d) Modify the access policy for the key vault.
05. You are using the Microsoft 365 Defender portal to conduct an investigation into a multi-stage incident related to a suspected malicious document. After reviewing all the details, you have determined that the alert tied to this potentially malicious document is also related to another incident in your environment.
However, the alert is not currently listed as a part of that second incident. Your investigation into the alert is ongoing, as is your investigation into the two related incidents. You need to appropriately categorize the alert and ensure that it is associated with the second incident.
What two actions should you take in the Manage alert pane to fulfill this part of the investigation?
Each correct answer presents a part of the solution.
a) Enter the Incident ID of the related incident in the Comment section.
b) Set status to In progress.
c) Set classification to True alert.
d) Set status to New.
e) Select the Link alert to another incident option.
06. Reference Scenario: click here
The issue for which team can be resolved by using Microsoft Defender for Endpoint?
a) executive
b) sales
c) marketing
d) security
07. Your company has a single office in Istanbul and a Microsoft 365 subscription. The company plans to use conditional access policies to enforce multi-factor authentication (MFA). You need to enforce MFA for all users who work remotely.
What should you include in the solution?
a) a fraud alert
b) a user risk policy
c) a sign-in user policy
d) a named location
08. You implement Safe Attachments policies in Microsoft Defender for Office 365. Users report that email messages containing attachments take longer than expected to be received.
You need to reduce the amount of time it takes to deliver messages that contain attachments without compromising security. The attachments must be scanned for malware, and any messages that contain malware must be blocked.
What should you configure in the Safe Attachments policies?
a) Dynamic Delivery
b) Replace
c) Block and Enable redirect
d) Monitor and Enable redirect
09. Reference Scenario: click here
Which rule setting should you configure to meet the Azure Sentinel requirements?
a) From Set rule logic, turn off suppression.
b) From Analytics rule details, configure the tactics.
c) From Set rule logic, map the entities.
d) From Analytics rule details, configure the severity.
10. You are responsible for responding to Azure Defender for Key Vault alerts. During an investigation of an alert, you discover unauthorized attempts to access a key vault from a Tor exit node. What should you configure to mitigate the threat?
a) Key Vault firewalls and virtual networks
b) Azure Active Directory (Azure AD) permissions
c) role-based access control (RBAC) for the key vault
d) the access policy settings of the key vault


Question: 01
Answer: c, d
Question: 02
Answer: c
Question: 03
Answer: a
Question: 04
Answer: b
Question: 05
Answer: b, e
Question: 06
Answer: b
Question: 07
Answer: d
Question: 08
Answer: a
Question: 09
Answer: c
Question: 10
Answer: a

Note: For any error in Microsoft Certified - Security Operations Analyst Associate (SC-200) certification exam sample questions, please update us by writing an email on

Rating: 5 / 5 (71 votes)