Free SC-200 Exam Dumps

No Installation Required, Instantly Prepare for the SC-200 exam and please click the below link to start the SC-200 Exam Simulator with a real SC-200 practice exam questions.
Use directly our on-line SC-200 exam dumps materials and try our Testing Engine to pass the SC-200 which is always updated.

  • Exam Code: SC-200
  • Exam Title: Microsoft Security Operations Analyst
  • Vendor: Microsoft
  • Exam Questions: 75
  • Last Updated: December 21st,2024

Question 1

- (Exam Topic 3)
You have a third-party security information and event management (SIEM) solution.
You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD) sign-events in near real time.
What should you do to route events to the SIEM solution?

Correct Answer:B
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/overview-monitoring

Question 2

- (Exam Topic 3)
You have a Microsoft subscription that has Microsoft Defender for Cloud enabled You configure the Azure logic apps shown in the following table.
SC-200 dumps exhibit
You need to configure an automatic action that will run if a Suspicious process executed alert is triggered. The solution must minimize administrative effort.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
SC-200 dumps exhibit
Solution:
* A. Configure the Trigger automated response settings in the Azure Security Center or Azure Logic App,
* B. Filter by alert title (e.g. "Suspicious process executed").
* C. Select "Take action" (e.g. "Mitigate the threat").

Does this meet the goal?

Correct Answer:A

Question 3

- (Exam Topic 3)
You have a Microsoft Sentinel workspace named Workspace1.
You need to exclude a built-in, source-specific Advanced Security information Model (ASIM) parse from a built-in unified ASIM parser.
What should you create in Workspace1?

Correct Answer:A

Question 4

- (Exam Topic 3)
You have an Azure Sentinel workspace.
You need to test a playbook manually in the Azure portal. From where can you run the test in Azure Sentinel?

Correct Answer:D
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook#run-a-playbook-on-demand

Question 5

- (Exam Topic 3)
You create a hunting query in Azure Sentinel.
You need to receive a notification in the Azure portal as soon as the hunting query detects a match on the query. The solution must minimize effort.
What should you use?

Correct Answer:C
Use livestream to run a specific query constantly, presenting results as they come in. Reference:
https://docs.microsoft.com/en-us/azure/sentinel/hunting