File Info
| Exam | Microsoft Security Operations Analyst |
| Number | SC-200 |
| File Name | Microsoft.SC-200.PassLeader.2025-03-30.46q.vcex |
| Size | 999 KB |
| Posted | Mar 30, 2025 |
| Download | Microsoft.SC-200.PassLeader.2025-03-30.46q.vcex |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
You are configuring Microsoft Defender for Identity integration with Active Directory. From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.
Solution: From Azure Identity Protection, you configure the sign-in risk policy.
Does this meet the goal?
- Yes
- No
Correct answer: B
Explanation:
https://docs.microsoft.com/en-us/defender-for-identity/manage-sensitive-honeytoken-accounts https://docs.microsoft.com/en-us/defender-for-identity/manage-sensitive-honeytoken-accounts
Question 2
You use Azure Security Center. You receive a security alert in Security Center. You need to view recommendations to resolve the alert in Security Center.
Solution: From Security alerts, you select the alert, select Take Action, and then expand the Prevent future attacks section.
Does this meet the goal?
- Yes
- No
Correct answer: B
Explanation:
You need to resolve the existing alert, not prevent future alerts. Therefore, you need to select the "Mitigate the threat" option. https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alerts You need to resolve the existing alert, not prevent future alerts. Therefore, you need to select the "Mitigate the threat" option.
https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alerts
Question 3
You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in. Which anomaly detection policy should you use?
- Impossible travel.
- Activity from anonymous IP addresses.
- Activity from infrequent country. SC-200 Exam Dumps SC-200 Exam Questions SC-200 PDF Dumps SC-200 VCE Dumps
- Malware detection.
Correct answer: C
Explanation:
https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
Question 4
Your company uses Microsoft Defender for Endpoint. The company has Microsoft Word documents that contain macros. The documents are used frequently on the devices of the company's accounting team. You need to hide false positive in the Alerts queue, while maintaining the existing security posture. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
- Resolve the alert automatically.
- Hide the alert.
- Create a suppression rule scoped to any device.
- Create a suppression rule scoped to a device group.
- Generate the alert.
Correct answer: BCE
Explanation:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/manage-alerts https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/manage-alerts
Question 5
You are investigating a potential attack that deploys a new ransomware strain. You plan to perform automated actions on a group of highly valuable machines that contain sensitive information. You have three custom device groups. You need to be able to temporarily group the machines to perform actions on the devices. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
- Add a tag to the device group.
- Add the device users to the admin role.
- Add a tag to the machines.
- Create a new device group that has a rank of 1.
- Create a new admin role.
- Create a new device group that has a rank of 4.
Correct answer: BDE
Explanation:
https://www.drware.com/how-to-use-tagging-effectively-in-microsoft-defender-for-endpoint-part-1/ https://www.drware.com/how-to-use-tagging-effectively-in-microsoft-defender-for-endpoint-part-1/
Question 6
You receive an alert from Azure Defender for Key Vault. You discover that the alert is generated from multiple suspicious IP addresses. You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must minimize the impact on legitimate users. What should you do first?
- Modify the access control settings for the key vault.
- Enable the Key Vault firewall.
- Create an application security group.
- Modify the access policy for the key vault.
Correct answer: B
Explanation:
https://docs.microsoft.com/en-us/azure/security-center/defender-for-key-vault-usage https://docs.microsoft.com/en-us/azure/security-center/defender-for-key-vault-usage
Question 7
You create an Azure subscription named sub1. In sub1, you create a Log Analytics workspace named workspace1. You enable Azure Security Center and configure Security Center to use workspace1. You need to ensure that Security Center processes events from the Azure virtual machines that report to workspace1. What should you do?
- In workspace1, install a solution.
- In sub1, register a provider.
- From Security Center, create a Workflow automation.
- In workspace1, create a workbook.
Correct answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection
Question 8
Your company uses Azure Security Center and Azure Defender. The security operations team at the company informs you that it does NOT receive email notifications for security alerts. What should you configure in Security Center to enable the email notifications?
- Security solutions.
- Security policy.
- Pricing & settings.
- Security alerts.
- Azure Defender.
Correct answer: C
Explanation:
https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details
Question 9
You plan to create a custom Azure Sentinel query that will track anomalous Azure Active Directory (Azure AD) sign-in activity and present the activity as a time chart aggregated by day. You need to create a query that will be used to display the time chart. What should you include in the query?
- extend
- bin
- makeset
- workspace
Correct answer: B
Explanation:
https://docs.microsoft.com/en-us/azure/azure-monitor/logs/get-started-queries https://docs.microsoft.com/en-us/azure/azure-monitor/logs/get-started-queries
Question 10
You are configuring Azure Sentinel. You need to send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected. Which two actions should you perform in Azure Sentinel? (Each correct answer presents part of the solution. Choose two.)
- Add a playbook.
- Associate a playbook to an incident.
- Enable Entity behavior analytics. SC-200 Exam Dumps SC-200 Exam Questions SC-200 PDF Dumps SC-200 VCE Dumps
- Create a workbook.
- Enable the Fusion rule.
Correct answer: AB
Explanation:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook
Question 11
You need to visualize Azure Sentinel data and enrich the data by using third-party data sources to identify indicators of compromise (IoC). What should you use?
- Notebooks in Azure Sentinel.
- Microsoft Cloud App Security.
- Azure Monitor.
- Hunting queries in Azure Sentinel.
Correct answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/sentinel/notebooks https://docs.microsoft.com/en-us/azure/sentinel/notebooks
