This page was exported from Exam for engine [ http://blog.test4engine.com ] Export date:Mon Nov 18 2:19:39 2024 / +0000 GMT ___________________________________________________ Title: Pass Microsoft SC-200 Exam With Practice Test Questions Dumps Bundle [Q83-Q105] --------------------------------------------------- Pass Microsoft SC-200 Exam With Practice Test Questions Dumps Bundle 2023 Valid SC-200 test answers & Microsoft Exam PDF Microsoft SC-200 certification exam is an excellent credential for security professionals who are interested in validating their security operations skills. By passing the exam, you will demonstrate your ability to identify and mitigate security threats, analyze security data, and respond to security incidents. Microsoft Security Operations Analyst certification is a valuable credential that can help you advance your career and demonstrate your commitment to staying current with the latest security best practices and methodologies.   Q83. You have an Azure subscription that contains a user named User1.User1 is assigned an Azure Active Directory Premium Plan 2 licenseYou need to identify whether the identity of User1 was compromised during the last 90 days.What should you use?  the risk detections report  the risky users report  Identity Secure Score recommendations  the risky sign-ins report Q84. You have an Azure subscription that uses Microsoft Sentinel and contains 100 Linux virtual machines.You need to monitor the virtual machines by using Microsoft Sentinel. The solution must meet the fallowing requirements:* Minimize administrative effort* Minimize the parsing required to read log dataWhat should you configure?  REST API integration  a SysJog connector  a Log Analytics Data Collector API  a Common Event Format (CEF) connector Q85. You have the following environment:Azure SentinelA Microsoft 365 subscriptionMicrosoft Defender for IdentityAn Azure Active Directory (Azure AD) tenantYou configure Azure Sentinel to collect security logs from all the Active Directory member servers and domain controllers.You deploy Microsoft Defender for Identity by using standalone sensors.You need to ensure that you can detect when sensitive groups are modified in Active Directory.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.  Configure the Advanced Audit Policy Configuration settings for the domain controllers.  Modify the permissions of the Domain Controllers organizational unit (OU).  Configure auditing in the Microsoft 365 compliance center.  Configure Windows Event Forwarding on the domain controllers. Reference:https://docs.microsoft.com/en-us/defender-for-identity/configure-windows-event-collectionhttps://docs.microsoft.com/en-us/defender-for-identity/configure-event-collectionQ86. You are configuring Azure Sentinel.You need to send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected.Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.  Add a playbook.  Associate a playbook to an incident.  Enable Entity behavior analytics.  Create a workbook.  Enable the Fusion rule. Explanation/Reference:https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbookQ87. You are responsible for responding to Azure Defender for Key Vault alerts.During an investigation of an alert, you discover unauthorized attempts to access a key vault from a Tor exit node.What should you configure to mitigate the threat?  Key Vault firewalls and virtual networks  Azure Active Directory (Azure AD) permissions  role-based access control (RBAC) for the key vault  the access policy settings of the key vault Reference:https://docs.microsoft.com/en-us/azure/key-vault/general/network-securityTopic 2, Contoso LtdExisting EnvironmentEnd-User EnvironmentAll users at Contoso use Windows 10 devices. Each user is licensed for Microsoft 365. In addition, iOS devices are distributed to the members of the sales team at Contoso.Cloud and Hybrid InfrastructureAll Contoso applications are deployed to Azure.You enable Microsoft Cloud App Security.Contoso and Fabrikam have different Azure Active Directory (Azure AD) tenants. Fabrikam recently purchased an Azure subscription and enabled Azure Defender for all supported resource types.Current ProblemsThe security team at Contoso receives a large number of cybersecurity alerts. The security team spends too much time identifying which cybersecurity alerts are legitimate threats, and which are not.The Contoso sales team uses only iOS devices. The sales team members exchange files with customers by using a variety of third-party tools. In the past, the sales team experienced various attacks on their devices.The marketing team at Contoso has several Microsoft SharePoint Online sites for collaborating with external vendors. The marketing team has had several incidents in which vendors uploaded files that contain malware.The executive team at Contoso suspects a security breach. The executive team requests that you identify which files had more than five activities during the past 48 hours, including data access, download, or deletion for Microsoft Cloud App Security-protected applications.RequirementsPlanned ChangesContoso plans to integrate the security operations of both companies and manage all security operations centrally.Technical RequirementsContoso identifies the following technical requirements:Receive alerts if an Azure virtual machine is under brute force attack.Use Azure Sentinel to reduce organizational risk by rapidly remediating active attacks on the environment.Implement Azure Sentinel queries that correlate data across the Azure AD tenants of Contoso and Fabrikam.Develop a procedure to remediate Azure Defender for Key Vault alerts for Fabrikam in case of external attackers and a potential compromise of its own Azure AD applications.Identify all cases of users who failed to sign in to an Azure resource for the first time from a given country. A junior security administrator provides you with the following incomplete query.BehaviorAnalytics| where ActivityType == “FailedLogOn”| where ________ == TrueQ88. Your on-premises network contains 100 servers that run Windows Server.You have an Azure subscription that uses Microsoft Sentinel.You need to upload custom logs from the on-premises servers to Microsoft Sentinel.What should you do? To answer, select the appropriate options m the answer area. Q89. You have a Microsoft 365 E5 subscription that uses Microsoft Defender and an Azure subscription that uses Azure Sentinel.You need to identify all the devices that contain files in emails sent by a known malicious email sender. The query will be based on the match of the SHA256 hash.How should you complete the query? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/microsoft-365/security/defender/advanced-hunting-query-emails-devices?view=o365-worldwideQ90. You are informed of an increase in malicious email being received by users.You need to create an advanced hunting query in Microsoft 365 Defender to identify whether the accounts of the email recipients were compromised. The query must return the most recent 20 sign-ins performed by the recipients within an hour of receiving the known malicious email.How should you complete the query? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/microsoft-365/security/defender/advanced-hunting-query-emails-devices?view=o365-worldwideQ91. You have an Azure subscription linked to an Azure Active Directory (Azure AD) tenant. The tenant contains two users named User1 and User2.You plan to deploy Azure Defender.You need to enable User1 and User2 to perform tasks at the subscription level as shown in the following table.The solution must use the principle of least privilege.Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. ExplanationBox 1: OwnerOnly the Owner can assign initiatives.Box 2: ContributorOnly the Contributor or the Owner can apply security recommendations.Reference:https://docs.microsoft.com/en-us/azure/defender-for-cloud/permissionsQ92. You have an Azure subscription that has Azure Defender enabled for all supported resource types.You create an Azure logic app named LA1.You plan to use LA1 to automatically remediate security risks detected in Azure Security Center.You need to test LA1 in Security Center.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/security-center/workflow-automation#create-a-logic-app-and-define-when-it-should-automatically-runQ93. You have a Microsoft Sentinel workspace named WorkspacesYou need to exclude a built-in. source-specific Advanced Security Information Model (ASIM) parser from a built-in unified ASIM parser.What should you create in Workspace1?  a workbook  a hunting query  a watchlist  an analytic rule ExplanationTo exclude a built-in, source-specific Advanced Security Information Model (ASIM) parser from a built-in unified ASIM parser, you should create an analytic rule in the Microsoft Sentinel workspace. An analytic rule allows you to customize the behavior of the unified ASIM parser and exclude specific source-specific parsers from being used. Reference: https://docs.microsoft.com/en-us/azure/sentinel/analytics-create-analytic-ruleQ94. You have an Azure subscription that uses Microsoft Defender for Cloud. You need to filter the security alerts view to show the following alerts:* Unusual user accessed a key vault* Log on from an unusual location* Impossible travel activityWhich severity should you use?  Informational  Low  Medium  High Q95. You need to use an Azure Resource Manager template to create a workflow automation that will trigger an automatic remediation when specific security alerts are received by Azure Security Center.How should you complete the portion of the template that will provision the required Azure resources? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/security-center/quickstart-automation-alertQ96. You need to meet the Microsoft Sentinel requirements for App1. What should you configure for App1?  an API connection  a trigger  an connector  authorization Q97. You have an Azure subscription that has Azure Defender enabled for all supported resource types.You create an Azure logic app named LA1.You plan to use LA1 to automatically remediate security risks detected in Defenders for Cloud.You need to test LA1 in Defender for Cloud.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Q98. You provision Azure Sentinel for a new Azure subscription.You are configuring the Security Events connector.While creating a new rule from a template in the connector, you decide to generate a new alert for every event.You create the following rule query.By which two components can you group alerts into incidents? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.  user  resource group  IP address  computer Section: [none]Q99. You have 100 Azure subscriptions that have enhanced security features m Microsoft Defender for Cloud enabled. All the subscriptions are linked to a single Azure AD tenant. You need to stream the Defender for Cloud togs to a syslog server. The solution must minimize administrative effort What should you do? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point ExplanationQ100. You need to implement Azure Sentinel queries for Contoso and Fabrikam to meet the technical requirements.What should you include in the solution? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/sentinel/extend-sentinel-across-workspaces-tenantsQ101. You use Azure Sentinel to monitor irregular Azure activity.You create custom analytics rules to detect threats as shown in the following exhibit.You do NOT define any incident settings as part of the rule definition.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-customQ102. You have an Azure Storage account that will be accessed by multiple Azure Function apps during the development of an application.You need to hide Azure Defender alerts for the storage account.Which entity type and field should you use in a suppression rule? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://techcommunity.microsoft.com/t5/azure-security-center/suppression-rules-for-azure-security-center-alerts-are-now/ba-p/1404920Q103. You have an Azure subscription that uses Microsoft Sentinel.You detect a new threat by using a hunting query.You need to ensure that Microsoft Sentinel automatically detects the threat. The solution must minimize administrative effort.What should you do?  Create a playbook.  Create a watchlist.  Create an analytics rule.  Add the query to a workbook. ExplanationBy creating an analytics rule, you can set up a query that will automatically run and alert you when the threat is detected, without having to manually run the query. This will help minimize administrative effort, as you can set up the rule once and it will run on a schedule, alerting you when the threat is detected. Reference:https://docs.microsoft.com/en-us/azure/sentinel/analytics-create-ruleQ104. You are investigating an incident by using Microsoft 365 Defender.You need to create an advanced hunting query to detect failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop.How should you complete the query? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Q105. You have an Azure subscription.You need to delegate permissions to meet the following requirements:Enable and disable Azure Defender.Apply security recommendations to resource.The solution must use the principle of least privilege.Which Azure Security Center role should you use for each requirement? To answer, drag the appropriate roles to the correct requirements. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/security-center/security-center-permissions Loading … Microsoft SC-200 (Microsoft Security Operations Analyst) Certification Exam is a highly respected certification that is designed to test the skills and knowledge required to analyze and respond to security threats and incidents in a Microsoft environment. SC-200 exam is intended for security analysts who work in a security operations center (SOC) and are responsible for monitoring and analyzing security incidents. SC-200 exam focuses on topics such as threat detection and response, incident investigation and analysis, and vulnerability management.   Top Microsoft SC-200 Courses Online: https://www.test4engine.com/SC-200_exam-latest-braindumps.html --------------------------------------------------- Images: https://blog.test4engine.com/wp-content/plugins/watu/loading.gif https://blog.test4engine.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2023-11-25 14:49:22 Post date GMT: 2023-11-25 14:49:22 Post modified date: 2023-11-25 14:49:22 Post modified date GMT: 2023-11-25 14:49:22