File Info
| Exam | Microsoft Security Operations Analyst |
| Number | SC-200 |
| File Name | Microsoft.SC-200.VCEplus.2024-08-14.93q.vcex |
| Size | 23 MB |
| Posted | Aug 14, 2024 |
| Download | Microsoft.SC-200.VCEplus.2024-08-14.93q.vcex |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
You need to implement Azure Defender to meet the Azure Defender requirements and the business requirements.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct answer: To work with this question, an Exam Simulator is required.
Question 2
You need to recommend a solution to meet the technical requirements for the Azure virtual machines.
What should you include in the recommendation?
- just-in-time (JIT) access
- Azure Defender
- Azure Firewall
- Azure Application Gateway
Correct answer: B
Explanation:
Reference:https://docsmicrosoft.com/en-us/azure/security-center/azure-defender Reference:
https://docsmicrosoft.com/en-us/azure/security-center/azure-defender
Question 3
You need to recommend remediation actions for the Azure Defender alerts for Fabrikam.
What should you recommend for each threat? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct answer: To work with this question, an Exam Simulator is required.
Question 4
You have an Azure subscription that contains a Log Analytics workspace.
You need to enable just-in-time (JIT) VM access and network detections for Azure resources.
Where should you enable Azure Defender?
- at the subscription level
- at the workspace level
- at the resource level
Correct answer: A
Explanation:
Reference:https://docs.microsoft.com/en-us/azure/security-center/enable-azure-defender Reference:
https://docs.microsoft.com/en-us/azure/security-center/enable-azure-defender
Question 5
You use Azure Defender.
You have an Azure Storage account that contains sensitive information.
You need to run a PowerShell script if someone accesses the storage account from a suspicious IP address.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- From Azure Security Center, enable workflow automation.
- Create an Azure logic app that has a manual trigger.
- Create an Azure logic app that has an Azure Security Center alert trigger.
- Create an Azure logic app that has an HTTP trigger.
- From Azure Active Directory (Azure AD), add an app registration.
Correct answer: AC
Explanation:
Reference:https://docs.microsoft.com/en-us/azure/storaqe/common/azure-defender-storaqe-confiqure?tabs=azure-security-centerhttps: //docs.microsoft.com/en-us/azure/security-ceriter/workflow-automation Reference:
https://docs.microsoft.com/en-us/azure/storaqe/common/azure-defender-storaqe-confiqure?tabs=azure-security-center
https: //docs.microsoft.com/en-us/azure/security-ceriter/workflow-automation
Question 6
You manage the security posture of an Azure subscription that contains two virtual machines name vm1 and vm2.
The secure score in Azure Security Center is shown in the Security Center exhibit. (Click the Security Center tab.)
Azure Policy assignments are configured as shown in the Policies exhibit. (Click the Policies tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Correct answer: To work with this question, an Exam Simulator is required.
Question 7
You have an Azure Storage account that will be accessed by multiple Azure Function apps during the development of an application.
You need to hide Azure Defender alerts for the storage account.
Which entity type and field should you use in a suppression rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
Reference:https://techcommunity.microsoft.com/t5/azure-security-center/suppression-rules-for-azure-security-center-alerts-are-now/ba-p/1404920 Reference:
https://techcommunity.microsoft.com/t5/azure-security-center/suppression-rules-for-azure-security-center-alerts-are-now/ba-p/1404920
Question 8
You create an Azure subscription.
You enable Azure Defender for the subscription.
You need to use Azure Defender to protect on-premises computers.
What should you do on the on-premises computers?
- Install the Log Analytics agent.
- Install the Dependency agent.
- Configure the Hybrid Runbook Worker role.
- Install the Connected Machine agent.
Correct answer: A
Explanation:
Security Center collects data from your Azure virtual machines (VMs), virtual machine scale sets, IaaS containers, and non-Azure (including on-premises) machines to monitor for security vulnerabilities and threats.Data is collected using:The Log Analytics agent, which reads various security-related configurations and event logs from the machine and copies the data to your workspace for analysis. Examples of such data are: operating system type and version, operating system logs (Windows event logs), running processes, machine name, IP addresses, and logged in user.Security extensions, such as the Azure Policy Add-on for Kubernetes, which can also provide data to Security Center regarding specialized resource types.Reference:https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection Security Center collects data from your Azure virtual machines (VMs), virtual machine scale sets, IaaS containers, and non-Azure (including on-premises) machines to monitor for security vulnerabilities and threats.
Data is collected using:
The Log Analytics agent, which reads various security-related configurations and event logs from the machine and copies the data to your workspace for analysis. Examples of such data are: operating system type and version, operating system logs (Windows event logs), running processes, machine name, IP addresses, and logged in user.
Security extensions, such as the Azure Policy Add-on for Kubernetes, which can also provide data to Security Center regarding specialized resource types.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection
Question 9
A security administrator receives email alerts from Azure Defender for activities such as potential malware uploaded to a storage account and potential successful brute force attacks.
The security administrator does NOT receive email alerts for activities such as antimalware action failed and suspicious network activity. The alerts appear in Azure Security Center.
You need to ensure that the security administrator receives email alerts for all the activities.
What should you configure in the Security Center settings?
- the severity level of email notifications
- a cloud connector
- the Azure Defender plans
- the integration settings for Threat detection
Correct answer: A
Explanation:
Reference:https://techcommunity.microsoft.com/t5/microsoft-365-defender/get-email-notifications-on-new-incidents-from-microsoft-365/ba-p/2012518 Reference:
https://techcommunity.microsoft.com/t5/microsoft-365-defender/get-email-notifications-on-new-incidents-from-microsoft-365/ba-p/2012518
Question 10
You have an Azure Functions app that generates thousands of alerts in Azure Security Center each day for normal activity.
You need to hide the alerts automatically in Security Center.
Which three actions should you perform in sequence in Security Center? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
Reference:https://techcommunity.microsoft.com/t5/azure-security-center/suppression-rules-for-azure-security-center-alerts-are-now/ba-p/1404920 Reference:
https://techcommunity.microsoft.com/t5/azure-security-center/suppression-rules-for-azure-security-center-alerts-are-now/ba-p/1404920
