Microsoft SC-200 Microsoft Security Operations Analyst Online Training
Microsoft SC-200 Online Training
The questions for SC-200 were last updated at Dec 20,2024.
- Exam Code: SC-200
- Exam Name: Microsoft Security Operations Analyst
- Certification Provider: Microsoft
- Latest update: Dec 20,2024
You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure Sentinel requirements and the business requirements.
Which role should you assign?
- A . Automation Operator
- B . Automation Runbook Operator
- C . Azure Sentinel Contributor
- D . Logic App Contributor
You need to create the test rule to meet the Azure Sentinel requirements.
What should you do when you create the rule?
- A . From Set rule logic, turn off suppression.
- B . From Analytics rule details, configure the tactics.
- C . From Set rule logic, map the entities.
- D . From Analytics rule details, configure the severity.
HOTSPOT
You need to create the analytics rule to meet the Azure Sentinel requirements.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP
You need to configure DC1 to meet the business requirements.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
HOTSPOT
You need to implement Azure Defender to meet the Azure Defender requirements and the business requirements.
What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP
You need to add notes to the events to meet the Azure Sentinel requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of action to the answer area and arrange them in the correct order.
HOTSPOT
You need to configure the Azure Sentinel integration to meet the Azure Sentinel requirements.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for Endpoint requirements.
Which two configurations should you modify? Each correct answer present part of the solution. NOTE: Each correct selection is worth one point.
- A . the Onboarding settings from Device management in Microsoft Defender Security Center
- B . Cloud App Security anomaly detection policies
- C . Advanced features from Settings in Microsoft Defender Security Center
- D . the Cloud Discovery settings in Cloud App Security
You need to restrict cloud apps running on CUENT1 to meet the Microsoft Defender for Endpoint requirements.
Which two configurations should you modify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . the Cloud Discovery settings in Microsoft Defender for Cloud Apps
- B . the Onboarding settings from Device management in Settings in Microsoft 365 Defender portal
- C . Microsoft Defender for Cloud Apps anomaly detection policies
- D . Advanced features from the Endpoints Settings in the Microsoft 365 Defender portal
HOTSPOT
You need to configure the Microsoft Sentinel integration to meet the Microsoft Sentinel requirements.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.