Free Microsoft Security Operations Analyst Exam SC-200 Exam Practice Test

You implement Safe Attachments policies in Microsoft Defender for Office 365.Users report that email messages containing attachments take longer than expected to be received.You need to reduce the amount of time it takes to deliver messages that contain attachments without compromising security. The attachments must be scanned for malware, and any messages that contain malware must be blocked.What should you configure in the Safe Attachments policies?

• Dynamic Delivery
• Replace
• Block and Enable redirect
• Monitor and Enable redirect

You have a Microsoft 365 subscription that contains 1,000 Windows 10 devices. The devices have Microsoft Office 365 installed.You need to mitigate the following device threats:Microsoft Excel macros that download scripts from untrusted websitesUsers that open executable attachments in Microsoft OutlookOutlook rules and forms exploitsWhat should you use?

• Microsoft Defender Antivirus
• attack surface reduction rules in Microsoft Defender for Endpoint
• Windows Defender Firewall
• adaptive application control in Azure Defender

You have a Microsoft 365 subscription that uses Microsoft 365 Defender.You need to identify all the entities affected by an incident.Which tab should you use in the Microsoft 365 Defender portal?

• Investigations
• Devices
• Evidence and Response
• Alerts

You need to visualize Azure Sentinel data and enrich the data by using third-party data sources to identify indicators of compromise (IoC).What should you use?

• notebooks in Azure Sentinel
• Microsoft Cloud App Security
• Azure Monitor
• hunting queries in Azure Sentinel

Your company stores the data for every project in a different Azure subscription. All the subscriptions use the same Azure Active Directory (Azure AD) tenant.Every project consists of multiple Azure virtual machines that run Windows Server. The Windows events of the virtual machines are stored in a Log Analytics workspace in each machine's respective subscription.You deploy Azure Sentinel to a new Azure subscription.You need to perform hunting queries in Azure Sentinel to search across all the Log Analytics workspaces of all the subscriptions.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

• Add the Security Events connector to the Azure Sentinel workspace.
• Create a query that uses the workspace expression and the union operator.
• Use the alias statement.
• Create a query that uses the resource expression and the alias operator.
• Add the Azure Sentinel solution to each workspace.

You have five on-premises Linux servers.You have an Azure subscription that uses Microsoft Defender for Cloud.You need to use Defender for Cloud to protect the Linux servers.What should you install on the servers first?

• the Dependency agent
• the Log Analytics agent
• the Azure Connected Machine agent
• the Guest Configuration extension

You receive an alert from Azure Defender for Key Vault.You discover that the alert is generated from multiple suspicious IP addresses.You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must minimize the impact on legitimate users.What should you do first?

• Modify the access control settings for the key vault.
• Enable the Key Vault firewall.
• Create an application security group.
• Modify the access policy for the key vault.

You need to implement the Defender for Cloud requirements.Which subscription-level role should you assign to Group1?

• Security Admin
• Owner
• Security Assessment Contributor
• Contributor

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You are configuring Azure Sentinel.You need to create an incident in Azure Sentinel when a sign-in to an Azure virtual machine from a malicious IP address is detected.Solution: You create a Microsoft incident creation rule for a data connector.Does this meet the goal?

• Yes
• No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have Linux virtual machines on Amazon Web Services (AWS).You deploy Azure Defender and enable auto-provisioning.You need to monitor the virtual machines by using Azure Defender.Solution: You enable Azure Arc and onboard the virtual machines to Azure Arc.Does this meet the goal?

• Yes
• No