This page was exported from Free valid test braindumps [ http://free.validbraindumps.com ] Export date:Sat Apr 5 9:32:04 2025 / +0000 GMT ___________________________________________________ Title: 2022 New SC-200 Dumps - Real Microsoft Exam Questions [Q64-Q87] --------------------------------------------------- 2022 New SC-200 Dumps - Real Microsoft Exam Questions Dependable SC-200 Exam Dumps to Become Microsoft Certified How to Register For Exam SC-200: Microsoft Security Operations Analyst? Exam Register Link: https://examregistration.microsoft.com/?locale=en-us&examcode=SC-200&examname=Exam%20SC-200:%20Microsoft%20Security%20Operations%20Analyst&returnToLearningUrl=https%3A%2F%2Fdocs.microsoft.com%2Flearn%2Fcertifications%2Fexams%2Fsc-200   Q64. You use Azure Sentinel.You need to receive an immediate alert whenever Azure Storage account keys are enumerated.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.  Create a livestream  Add a data connector  Create an analytics rule  Create a hunting query.  Create a bookmark. Section: [none]Explanation/Reference:https://docs.microsoft.com/en-us/azure/sentinel/livestreamQ65. You need to create an advanced hunting query to investigate the executive team issue.How should you complete the query? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case studyTo display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.Q66. You plan to connect an external solution that will send Common Event Format (CEF) messages to Azure Sentinel.You need to deploy the log forwarder.Which three actions should you perform in sequence? To answer, move the appropriate actions form the list of actions to the answer area and arrange them in the correct order. ExplanationReference:https://docs.microsoft.com/en-us/azure/sentinel/connect-cef-agent?tabs=rsyslogQ67. You deploy Azure Sentinel.You need to implement connectors in Azure Sentinel to monitor Microsoft Teams and Linux virtual machines in Azure. The solution must minimize administrative effort.Which data connector type should you use for each workload? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/sentinel/connect-office-365https://docs.microsoft.com/en-us/azure/sentinel/connect-syslogQ68. You are informed of an increase in malicious email being received by users.You need to create an advanced hunting query in Microsoft 365 Defender to identify whether the accounts of the email recipients were compromised. The query must return the most recent 20 sign-ins performed by the recipients within an hour of receiving the known malicious email.How should you complete the query? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/microsoft-365/security/defender/advanced-hunting-query-emails-devices?view=o365-worldwideQ69. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You are configuring Azure Sentinel.You need to create an incident in Azure Sentinel when a sign-in to an Azure virtual machine from a malicious IP address is detected.Solution: You create a scheduled query rule for a data connector.Does this meet the goal?  Yes  No Section: [none]Explanation/Reference:https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-security-centerQ70. You create an Azure subscription named sub1.In sub1, you create a Log Analytics workspace named workspace1.You enable Azure Security Center and configure Security Center to use workspace1.You need to ensure that Security Center processes events from the Azure virtual machines that report to workspace1.What should you do?  In workspace1, install a solution.  In sub1, register a provider.  From Security Center, create a Workflow automation.  In workspace1, create a workbook. Reference:https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collectionQ71. You have an Azure subscription linked to an Azure Active Directory (Azure AD) tenant. The tenant contains two users named User1 and User2.You plan to deploy Azure Defender.You need to enable User1 and User2 to perform tasks at the subscription level as shown in the following table.The solution must use the principle of least privilege.Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. Reference:https://docs.microsoft.com/en-us/azure/defender-for-cloud/permissionsQ72. You need to create an advanced hunting query to investigate the executive team issue.How should you complete the query? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Q73. You implement Safe Attachments policies in Microsoft Defender for Office 365.Users report that email messages containing attachments take longer than expected to be received.You need to reduce the amount of time it takes to deliver messages that contain attachments without compromising security. The attachments must be scanned for malware, and any messages that contain malware must be blocked.What should you configure in the Safe Attachments policies?  Dynamic Delivery  Replace  Block and Enable redirect  Monitor and Enable redirect Reference:https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments?view=o365-worldQ74. You have an Azure subscription that uses Azure Defender.You plan to use Azure Security Center workflow automation to respond to Azure Defender threat alerts.You need to create an Azure policy that will perform threat remediation automatically.What should you include in the solution? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effectshttps://docs.microsoft.com/en-us/azure/security-center/workflow-automationQ75. You have an Azure subscription.You need to delegate permissions to meet the following requirements:Enable and disable Azure Defender.Apply security recommendations to resource.The solution must use the principle of least privilege.Which Azure Security Center role should you use for each requirement? To answer, drag the appropriate roles to the correct requirements. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/security-center/security-center-permissionsQ76. You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.You have Microsoft SharePoint Online sites that contain sensitive documents. The documents contain customer account numbers that each consists of 32 alphanumeric characters.You need to create a data loss prevention (DLP) policy to protect the sensitive documents.What should you use to detect which documents are sensitive?  SharePoint search  a hunting query in Microsoft 365 Defender  Azure Information Protection  RegEx pattern matching Section: [none]Explanation/Reference:https://docs.microsoft.com/en-us/azure/information-protection/what-is-information-protectionQ77. You have the resources shown in the following table.You need to prevent duplicate events from occurring in SW1.What should you use for each action? To answer, drag the appropriate resources to the correct actions. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/sentinel/connect-log-forwarder?tabs=rsyslogQ78. You need to remediate active attacks to meet the technical requirements.What should you include in the solution?  Azure Automation runbooks  Azure Logic Apps  Azure Functions  Azure Sentinel livestreams Reference:https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooksQ79. You need to modify the anomaly detection policy settings to meet the Cloud App Security requirements.Which policy should you modify?  Activity from suspicious IP addresses  Activity from anonymous IP addresses  Impossible travel  Risky sign-in Reference:https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policyQ80. You are investigating an incident by using Microsoft 365 Defender.You need to create an advanced hunting query to detect failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop.How should you complete the query? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Q81. You have the following environment:Azure SentinelA Microsoft 365 subscriptionMicrosoft Defender for IdentityAn Azure Active Directory (Azure AD) tenantYou configure Azure Sentinel to collect security logs from all the Active Directory member servers and domain controllers.You deploy Microsoft Defender for Identity by using standalone sensors.You need to ensure that you can detect when sensitive groups are modified in Active Directory.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.  Configure the Advanced Audit Policy Configuration settings for the domain controllers.  Modify the permissions of the Domain Controllers organizational unit (OU).  Configure auditing in the Microsoft 365 compliance center.  Configure Windows Event Forwarding on the domain controllers. Reference:https://docs.microsoft.com/en-us/defender-for-identity/configure-windows-event-collectionhttps://docs.microsoft.com/en-us/defender-for-identity/configure-event-collectionQ82. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You are configuring Microsoft Defender for Identity integration with Active Directory.From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.Solution: From Entity tags, you add the accounts as Honeytoken accounts.Does this meet the goal?  Yes  No Explanation/Reference:https://docs.microsoft.com/en-us/defender-for-identity/manage-sensitive-honeytoken-accounts Mitigate threats using Azure Defender Question Set 1Q83. You plan to create a custom Azure Sentinel query that will track anomalous Azure Active Directory (Azure AD) sign-in activity and present the activity as a time chart aggregated by day.You need to create a query that will be used to display the time chart. What should you include in the query?  extend  bin  makeset  workspace Reference:https://docs.microsoft.com/en-us/azure/azure-monitor/logs/get-started-queriesQ84. You create a hunting query in Azure Sentinel.You need to receive a notification in the Azure portal as soon as the hunting query detects a match on the query. The solution must minimize effort.What should you use?  a playbook  a notebook  a livestream  a bookmark Use livestream to run a specific query constantly, presenting results as they come in.Reference:https://docs.microsoft.com/en-us/azure/sentinel/huntingQ85. From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown in the following exhibit.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/sentinel/tutorial-investigate-cases#use-the-investigation-graph-to-deep-diveQ86. DRAG DROPYou have an Azure Sentinel deployment.You need to query for all suspicious credential access activities.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place: Section: [none]Explanation/Reference:https://davemccollough.com/2020/11/28/threat-hunting-with-azure-sentinel/Q87. You plan to create a custom Azure Sentinel query that will track anomalous Azure Active Directory (Azure AD) sign-in activity and present the activity as a time chart aggregated by day.You need to create a query that will be used to display the time chart.What should you include in the query?  extend  bin  makeset  workspace Section: [none]Explanation/Reference:https://docs.microsoft.com/en-us/azure/azure-monitor/logs/get-started-queries Loading … Exam SC-200: Microsoft Security Operations Analyst The content of this exam was updated on July 23, 2021. The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies. Part of the requirements for: Microsoft Certified: Security Operations Analyst Associate Download exam skills outline What is the cost of the Microsoft SC-200 Exam The price of the Microsoft SC-200 exam is $165 USD.   Get Ready with SC-200 Exam Dumps (2022): https://www.validbraindumps.com/SC-200-exam-prep.html --------------------------------------------------- Images: https://free.validbraindumps.com/wp-content/plugins/watu/loading.gif https://free.validbraindumps.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-12-15 14:55:36 Post date GMT: 2022-12-15 14:55:36 Post modified date: 2022-12-15 14:55:36 Post modified date GMT: 2022-12-15 14:55:36