Free Microsoft Security Operations Analyst Exam SC-200 Exam Practice Test
SC-200 Exam Features
In Just $59 You can Access
- All Official Question Types
- Interactive Web-Based Practice Test Software
- No Installation or 3rd Party Software Required
- Customize your practice sessions (Free Demo)
- 24/7 Customer Support
Total Questions: 294
-
You have a Microsoft 365 subscription that uses Microsoft 365 Defender.You need to identify all the entities affected by an incident.Which tab should you use in the Microsoft 365 Defender portal?
Answer: C Next Question -
You have a Microsoft 365 E5 subscription that is linked to a hybrid Azure AD tenant.You need to identify all the changes made to Domain Admins group during the past 30 days.What should you use?
Answer: C Next Question -
You need to identify which mean time metrics to use to meet the Microsoft Sentinel requirements. Which workbook should you use?
Answer: C Next Question -
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You are configuring Microsoft Defender for Identity integration with Active Directory.From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.Solution: You add the accounts to an Active Directory group and add the group as a Sensitive group.Does this meet the goal?
Answer: B Next Question -
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You use Azure Security Center.You receive a security alert in Security Center.You need to view recommendations to resolve the alert in Security Center.Solution: From Security alerts, you select the alert, select Take Action, and then expand the Prevent future attacks section.Does this meet the goal?
Answer: B Next Question -
You need to modify the anomaly detection policy settings to meet the Cloud App Security requirements. Which policy should you modify?
Answer: C Next Question -
You need to correlate data from the SecurityEvent Log Anarytks table to meet the Microsoft Sentinel requirements for using UEB
Answer: C Next Question -
You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR.The security team at your company detects command and control (C2) agent traffic on the network. Agents communicate once every 50 hours.You need to create a Microsoft Defender XDR custom detection rule that will identify compromised devices and establish a pattern of communication. The solution must meet the following requirements:* Identify all the devices that have communicated during the past 14 days.* Minimize how long it takes to identify the devices.To what should you set the detection frequency for the rule?
Answer: C Next Question -
You plan to create a custom Azure Sentinel query that will track anomalous Azure Active Directory (Azure AD) sign-in activity and present the activity as a time chart aggregated by day.You need to create a query that will be used to display the time chart. What should you include in the query?
Answer: B Next Question -
You have a Microsoft Sentinel workspace named SW1.You need to identify which anomaly rules are enabled in SW1.What should you review in Microsoft Sentine1?
Answer: C Next Question
Total Questions: 294