Download Microsoft Security Operations Analyst Exam.CertDumps.SC-200.2022-01-25.3e.86q.vcex

The issue for which team can be resolved by using Microsoft Defender for Endpoint?

• A: executive
• B: sales
• C: marketing

Correct Answer: B

The issue for which team can be resolved by using Microsoft Defender for Office 365?

• A: executive
• B: marketing
• C: security
• D: sales

Correct Answer: B

You need to implement the Azure Information Protection requirements.  
What should you configure first?

• A: Device health and compliance reports settings in Microsoft Defender Security Center
• B: scanner clusters in Azure Information Protection from the Azure portal
• C: content scan jobs in Azure Information Protection from the Azure portal
• D: Advanced features from Settings in Microsoft Defender Security Center

Correct Answer: D

You need to modify the anomaly detection policy settings to meet the Cloud App Security requirements and  resolve the reported problem.    
Which policy should you modify?

• A: Activity from suspicious IP addresses
• B: Activity from anonymous IP addresses
• C: Impossible travel
• D: Risky sign-in

Correct Answer: C

 You need to configure DC1 to meet the business requirements.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Correct Answer: Exam simulator is required

You are investigating an incident by using Microsoft 365 Defender.    
You need to create an advanced hunting query to count failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop.    
How should you complete the query? To answer, select the appropriate options in the answer area.    
NOTE: Each correct selection is worth one point. 

Correct Answer: Exam simulator is required

You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in.  
  
Which anomaly detection policy should you use?

• A: Impossible travel
• B: Activity from anonymous IP addresses
• C: Activity from infrequent country
• D: Malware detection

Correct Answer: C

You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.    
You have Microsoft SharePoint Online sites that contain sensitive documents. The documents contain customer account numbers that each consists of 32 alphanumeric characters.    
You need to create a data loss prevention (DLP) policy to protect the sensitive documents.  
What should you use to detect which documents are sensitive?

• A: SharePoint search
• B: a hunting query in Microsoft 365 Defender
• C: Azure Information Protection
• D: RegEx pattern matching

Correct Answer: C

Your company uses line-of-business apps that contain Microsoft Office VBA macros.    
You need to prevent users from downloading and running additional payloads from the Office VBA macros as additional child processes.  
Which two commands can you run to achieve the goal? Each correct answer presents a complete solution.    
NOTE: Each correct selection is worth one point.

• A:
  
     
• B:
  
     
• C:
  
     
• D:
  
     

Correct Answer: AD

Your company uses Microsoft Defender for Endpoint.  
  
The company has Microsoft Word documents that contain macros. The documents are used frequently on the devices of the company’s accounting team.  
  
You need to hide false positive in the Alerts queue, while maintaining the existing security posture.  
Which three actions should you perform? Each correct answer presents part of the solution.  
  
NOTE: Each correct selection is worth one point.

• A: Resolve the alert automatically.
• B: Hide the alert.
• C: Create a suppression rule scoped to any device.
• D: Create a suppression rule scoped to a device group.
• E: Generate the alert.

Correct Answer: BCE