Free SC-200 Exam Dumps

No Installation Required, Instantly Prepare for the SC-200 exam and please click the below link to start the SC-200 Exam Simulator with a real SC-200 practice exam questions.
Use directly our on-line SC-200 exam dumps materials and try our Testing Engine to pass the SC-200 which is always updated.

Exam Code: SC-200
Exam Title: Microsoft Security Operations Analyst
Vendor: Microsoft
Exam Questions: 75
Last Updated: June 29th,2024

Question 1

- (Exam Topic 3)
You have a third-party security information and event management (SIEM) solution.
You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD) sign-events in near real time.
What should you do to route events to the SIEM solution?

A. Create an Azure Sentinel workspace that has a Security Events connector.
B. Configure the Diagnostics settings in Azure AD to stream to an event hub.
C. Create an Azure Sentinel workspace that has an Azure Active Directory connector.
D. Configure the Diagnostics settings in Azure AD to archive to a storage account.

Correct Answer:B
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/overview-monitoring

Question 2

- (Exam Topic 3)
You have a Microsoft subscription that has Microsoft Defender for Cloud enabled You configure the Azure logic apps shown in the following table.
SC-200 dumps exhibit
You need to configure an automatic action that will run if a Suspicious process executed alert is triggered. The solution must minimize administrative effort.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
SC-200 dumps exhibit
Solution:
* A. Configure the Trigger automated response settings in the Azure Security Center or Azure Logic App,
* B. Filter by alert title (e.g. "Suspicious process executed").
* C. Select "Take action" (e.g. "Mitigate the threat").

Does this meet the goal?

A. Yes
B. No

Correct Answer:A

Question 3

- (Exam Topic 3)
You have a Microsoft Sentinel workspace named Workspace1.
You need to exclude a built-in, source-specific Advanced Security information Model (ASIM) parse from a built-in unified ASIM parser.
What should you create in Workspace1?

A. a watch list
B. an analytic rule
C. a hunting query
D. a workbook

Correct Answer:A

Question 4

- (Exam Topic 3)
You have an Azure Sentinel workspace.
You need to test a playbook manually in the Azure portal. From where can you run the test in Azure Sentinel?

A. Playbooks
B. Analytics
C. Threat intelligence
D. Incidents

Correct Answer:D
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook#run-a-playbook-on-demand

Question 5

- (Exam Topic 3)
You create a hunting query in Azure Sentinel.
You need to receive a notification in the Azure portal as soon as the hunting query detects a match on the query. The solution must minimize effort.
What should you use?

A. a playbook
B. a notebook
C. a livestream
D. a bookmark

Correct Answer:C
Use livestream to run a specific query constantly, presenting results as they come in. Reference:
https://docs.microsoft.com/en-us/azure/sentinel/hunting