Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Location Chicago IL, USA

Microsoft SC-200 Exam

Certification Provider: Microsoft
Exam: Microsoft Security Operations Analyst
Duration: 2 Hours
Number of questions in the database: 51
Exam Version: Aug. 2, 2021
Exam Topics:
  • Topic 1: Question Set 1
  • Topic 2: Question Set 2
  • Topic 3: Question Set 3
  • Topic 4: Testlet 1
  • Topic 5: Testlet 2
  • Topic 6: Testlet 3
  • Topic 7: Testlet 4
  • Topic 8: Testlet 5
Microsoft SC-200 Comments:
ANDRESCB1988
1 week, 5 days ago
Passed my exam 14 June, 20% of the questions are new while the rest are from this site. Much of these new questions were recently added by the user AIRAIRO in these comments.
upvoted 3 times
...
airairo
1 week, 5 days ago
Q19: You need to implement Azure Sentinel queries for Contoso and Fabrikam to meet the technical requirements. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point. Answer Area: - Minimum number of Log Analytics workspaces required in the Azure subscription of Fabrikam:(0,1,2,3) - Query element required to correlate data between tenants:(extend, project, workspace)
upvoted 1 times
Thi
1 week, 5 days ago
first option: 1 2nd option workspace this question is from case study refer to case study for further information.
upvoted 2 times
...
...
airairo
1 week, 5 days ago
Q18: You create an Azure subscription You enable Azure Defender for the subscription. You need to use Azure Defender to protect on - premises computers. What should you do on the on-premises computers? A- Install the Dependency agent B- Install the Connected Machine agent C- Configure the Hybrid Runbook Worker role D- Install the Log Analytics agent
upvoted 1 times
Thi
1 week, 5 days ago
D- Install the Log Analytics agent https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection
upvoted 3 times
...
...
airairo
1 week, 5 days ago
Q17: You have an Azure Storage account that will be accessed by multiple Azure Functions apps during the development of an application. You need to hide Azure Defender alerts for the storage account. Which entity type and field should you use in a suppression rule? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer Area: - Entity type: (IP address, Azure Resource, Host, User account) - Field: (name, resource ID, Address, Command line)
upvoted 1 times
PJR
2 days, 22 hours ago
Answer - Azure Resource & Resource ID
upvoted 1 times
...
...
airairo
1 week, 5 days ago
Q16: You need to implement Azure Defender to meet the Azure Defender requirements and the business requirements. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point. Answer Area: - Log Analytics workspace to use: - Windows security events to collect:
upvoted 1 times
...
airairo
1 week, 5 days ago
Q15: You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for Endpoint requirements. Which two configurations should you modify? Each correct answer presents part of the solution. NOTE Each correct selection is worth one point. A- the Onboarding settings from Device management in Microsoft Defender Security Center B- the Cloud Discovery settings in Cloud App Security C- Advanced features from Settings in Microsoft Defender Security Center D- Cloud App Security anomaly detection policies
upvoted 1 times
Said_kram
1 week, 4 days ago
B- the Cloud Discovery settings in Cloud App Security (Enable MDE Integration) C- Advanced features from Settings in Microsoft Defender Security Center (Enable MCAS and Custom Network Indicators )
upvoted 1 times
...
...
airairo
1 week, 5 days ago
Q14: You have Linux virtual machines on Amazon Web Services (AWS). You deploy Azure Defender and enable auto - provisioning. You need to monitor the virtual machines by using Azure Defender. Solution: You enable Azure Arc and onboard the virtual machines to Azure Arc. Does this meet the goal? A- Yes B- No
upvoted 1 times
Thi
1 week, 5 days ago
No (AWS), Security Center's connector for AWS transparently handles the Azure Arc deployment for you. Learn more in Connect your AWS accounts to Azure Security Center.
upvoted 3 times
...
...
airairo
1 week, 5 days ago
Q13: You use Azure Security Center; you receive a security alert in Security Center. You need to view recommendations to resolve the alert in Security Center. What should you do? A- From Security alert, select the alert, select Take Action, and then expand the Prevent future attacks section. B- From Security alerts, select the alert, select Take Action, and then expand the Mitigate the threat section. C- From Regulatory compliance, download the report D- From Recommendations, download the CSV report
upvoted 1 times
Thi
1 week, 5 days ago
B- From Security alerts, select the alert, select Take Action, and then expand the Mitigate the threat section.
upvoted 1 times
...
...
airairo
1 week, 5 days ago
Q12: You plan to create a data loss prevention (DLP) policy that will be used with insider risk management. The severity level is set to Low. You need to ensure that insider risk management alerts are generated from rules in the DLP policies. What should you do? A- Set the severity level to Medium B- Scope the policy to only specified users C- Set the scope of the policy to the Data leaks template D- Set the severity level to High
upvoted 1 times
AYap
3 days, 23 hours ago
Answer: D
upvoted 1 times
...
...
airairo
1 week, 5 days ago
Q11: A security administrator receives email alerts from Azure Defender for activities such as potential malware uploaded to a storage account and potential successful brute force attacks. The security administrator does NOT receive email alerts for activities such as antimalware action failed and suspicious network activity. The alerts appear in Azure Security Center. You need to ensure that the security administrator receives email alerts for all the activities. What should you configure in the Security Center settings? A- The integration settings for Threat detection B- the Azure Defender plans C- a cloud connector D- the severity level of email notifications
upvoted 1 times
Thi
1 week, 5 days ago
D- the severity level of email notifications
upvoted 1 times
...
...
airairo
1 week, 5 days ago
Q10: You create an Azure subscription. You enable Azure Defender for the subscription. You need to use Azure Defender to protect on - premises computers. What should you do on the on - premises computers? A- Install the Dependency agent B- Install the Connected Machine agent C- Configure the Hybrid Runbook Worker role D- Install the Log Analytics agent
upvoted 1 times
Thi
1 week, 5 days ago
D- Install the Log Analytics agent
upvoted 2 times
...
...
airairo
1 week, 5 days ago
Q9: You need to remediate active attacks to meet the technical requirements. What should you include in the solution? A- Azure Functions B- Azure Automation runbooks C- Azure Logic Apps D- Azure Sentinel livestreams
upvoted 1 times
NoNameP
1 week, 2 days ago
Answer: C
upvoted 2 times
...
...
airairo
1 week, 5 days ago
Q8: You need to complete the query for failed sign - ins to meet the technical requirements. Where can you find the column name to complete the where clause? A- Security alerts in Azure Security Center B- the query window of the Log Analytics workspace C- Activity log in Azure D- Azure Advisor
upvoted 1 times
airairo
1 day, 23 hours ago
The answer is B
upvoted 1 times
...
...
airairo
1 week, 5 days ago
Q7: deploy Azure Sentinel. You need to implement connectors in Azure Sentinel to monitor Microsoft Teams and Linux virtual machines in Azure. The solution must minimize administrative effort. Which data connector type should you use for each workload? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer Area: - Microsoft Teams: Office 365 - Linux virtual machines in Azure: syslog
upvoted 1 times
Thi
1 week, 5 days ago
True Teams: office 365 Linux connector: syslog
upvoted 3 times
...
...
airairo
2 weeks, 1 day ago
Q6: You have an Azure subscription named Sub1 and a Microsoft 365 subscription. Sub1 is linked to an Azure Active Directory (Azure AD) tenant named contoso.com. You create an Azure Sentinel workspace named workspace 1. In workspace1, you activate an Azure AD connector for contoso.com and an Office 365 connector for the Microsoft 365 subscription. You need to use the Fusion rule to detect multi - staged attacks that include suspicious sign - ins to contoso.com followed by anomalous Microsoft Office 365 activity. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Create a Microsoft Cloud App Security connector. B. Create a Microsoft incident creation rule based on Azure Security Center. C. Create an Azure AD Identity Protection Connector D. Create a custom rule based on the office connector templates.
upvoted 4 times
Thi
1 week, 5 days ago
A.Create a Microsoft Cloud App Security connector. C. Create an Azure AD Identity Protection Connector https://docs.microsoft.com/en-us/azure/sentinel/fusion#configuration-for-advanced-multistage-attack-detection
upvoted 2 times
...
...
airairo
2 weeks, 1 day ago
Q5: You have a playbook in Azure Sentinel. When you trigger the playbook, it sends an email to a distribution group. You need to modify the playbook to send the email to the owner of the resource instead of the distribution group. What should you do? A. Add a custom data connector and modify the trigger B. Add an alert and modify the action. C. Add a condition and modify the action D. Add a parameter and modify the trigger.
upvoted 3 times
Thi
1 week, 5 days ago
D. Add a parameter and modify the trigger.
upvoted 1 times
...
...
airairo
2 weeks, 1 day ago
Q4: You are configuring Microsoft Cloud App Security. You have a custom threat detection policy based on the IP address ranges of your company's United States - based offices. You receive many alerts related to impossible travel and sign - ins from risky IP addresses. You determine that 99 % of the alerts are legitimate sign - ins from your corporate offices. You need to prevent alerts for legitimate sign - ins from known locations. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Add the IP addresses to the other address range category and add a tag B. Create an activity policy that has an exclusion for the IP addresses. C. Increase the sensitivity level of the impossible travel anomaly detection policy D. Override automatic data enrichment
upvoted 2 times
PJR
2 days, 23 hours ago
I believe this to be A&D A is supported by this article -https://docs.microsoft.com/en-us/cloud-app-security/ip-tags B is to create another policy and the Q states you already have a custom threat detection policy in place - adding another policy doesnt help C is wrong as increasing sensitivity wont prevent alerts D can help a little in this instance I guess and is a much more relevant answer than B or C
upvoted 1 times
...
...

Get ready to prepare like you’ve never prepared before

As we often say at ExamTopics, work smarter not harder. You are about to see a study guide that took hours of hard collection work, expert preparation, and constant feedback. That’s why we know this exam prep will help you get that high-score on your journey to certification. Our study guides are the real thing. Our study guides are so accurate, we have to fight the droves of clone test prep sites that actually steal our material. Don’t worry though, we believe by offering our material free and upholding good values, ExamTopics will always have a strong community and a coveted place in the certification world.

Your journey to pass the SC-200

Perhaps this is your first step toward the certification, or perhaps you are coming back for another round. We hope that you feel this exam challenges you, teaches you, and prepares you to pass the SC-200. If this is your first study guide, take a moment to relax. This could be the first step to a new high-paying job and an AMAZING career. If you’ve been around the block a few times, consider taking a moment and answering some questions from newer techies. After all, it’s our great community that illuminates the material and helps build something great.

What should you know before studying the SC-200?

Every exam and certification has different requirements. If this is a serious venture, make sure to read the prerequisites before preceding. Nothing is worse than wasting months studying for an exam you can’t take or passing an exam that won’t help you get a certification! Our easy search tools are designed to help you find relevant information as well and search for a variety of different exams.

What is the SC-200 focused on?

The SC-200 or as it’s also known, the Microsoft Security Operations Analyst, like all tests, there is a bit of freedom on Microsoft's part to exam an array of subjects. That means knowing the majority of SC-200 content is required because they test randomly on the many subjects available. Be aware too that experience requirements often exist because they’ve observed the average person and what is required. You can always push past that to succeed with the SC-200 but it may take some extra work.

Rome wasn’t built in a day

Remember that incredible things take time. And just like ancient monuments took years of effort, certification is not easy. It is not always quick either. But it is worth it! Our toolset allows you to engage with an incredible community of expert tech workers and add to the conversation at ExamTopics. If you have questions, don’t forget to leave a comment and reach out. It’s here that you’ll get personalized help unheard of on test prep sites, without the outrageous fees.

Always check the foundation

Some certifications have requirements going back to older exams, while others use two or more tests to help someone pass. If you find the SC-200 is over your head, that’s ok. It might make sense to see if a lower level exam will give you some clarity.

If offered, read the exam objectives

The exam objectives are different for every single exam and usually provided by the certification provider. These normally tell the test taker what subjects are relevant, what they need to know, and why the exam seeks to cover these topics. It’s important to find them out for your specific exam. This can be found on nearly every vendor website and greatly informs the way you’ll study! Don’t worry though, we have taken those objectives into account and seek to create a testing experience comparable to an actual exam.

Remember that certification is quite rewarding

It can be hard to keep your focus on studying but remember that the best jobs in the world are only a few tests away. Whether you enter Cyber Security or do entry level tech work, certification is a clear, learnable, and rewarding path to careers that pay a LOT of money. They offer better work-life balance and you’ll get in with some of the major leaders in the business world. So don’t give up, it is worth it, and all this work will pay off!

Using ExamTopics

Practicing for an exam like the SC-200 can be a full-time job. In fact some exams are actually paid for by work because they are so intensive. Certification is not simple and takes immense work. It takes time, practice, and the right focus. We here at ExamTopics understand that. We understand that because we have been in this industry for years and working in space full of less savory test prep sources. These terrible prep sources pushed our team to make a positive change in the Exam space. We got sick and tired of seeing potential exam candidates get price-gouged over CCNA braindumps. We couldn’t handle knowing that hard workers from across the world, seeking new skills and a better life, get tricked into paying absurd amounts for low-quality exam materials. Often material that was out of date or at best, available online through community sites without hurting the wallet. And it had to stop. You are ready to jump in!

That’s it, the next page will be full of practice questions. Challenging material. And best of all, a chance to hone your skills. It’s ok if you feel in over your head. We all did at some point, this next step is about pushing through that fear and getting ready to tackle something as challenging as the SC-200. If you get stuck, reach out. If you see others stuck, help them. And as always, like we love to say, work smarter NOT harder!


SaveCancel