Exam SC-200: Microsoft Security Operations Analyst
Exam Number: SC-200 | Length of test: 120 mins |
Exam Name: Microsoft Security Operations Analyst | Number of questions in the actual exam: 40-60 |
Format: PDF, VPLUS | Passing Score: 700/1000 |
Total Questions: 307 $30 Premium PDF file 2 months updates Last updated: November-2024 |
Total Questions: 307 FREE Premium VPLUS file Last updated: 28-11-2024 |
Download practice test questions
Title | Size | Hits | Download |
---|---|---|---|
Microsoft.SC-200.by.Rina.154q | 7.20 MB | 83 | Download |
Microsoft.SC-200.by.Rina.154q | 11.17 MB | 49 | Download |
Microsoft.SC-200.vFeb-2024.by.Powyraki.133q | 7.16 MB | 74 | Download |
Study guide for Exam SC-200: Microsoft Security Operations Analyst
Audience profile
As a candidate for this exam, you’re a Microsoft security operations analyst who reduces organizational risk by:
- Rapidly remediating active attacks in cloud and on-premises environments.
- Advising on improvements to threat protection practices.
- Identifying violations of organizational policies.
As a security operations analyst, you:
- Perform triage.
- Respond to incidents.
- Mitigate risk by using exposure management.
- Hunt for threats by using threat intelligence.
- Use KQL for reporting, detections, and investigations
You also monitor, identify, investigate, and respond to threats in cloud and on-premises environments by using:
- Microsoft Defender XDR
- Copilot for Security
- Microsoft Sentinel
- Microsoft Defender for Cloud workload protections
- Third-party security solutions
You collaborate with business and security leadership to define security standards for the organization. You work with other roles across the digital enterprise to implement the standards, to enhance the security posture of an organization, and to raise security awareness.
As a candidate, you should be familiar with:
- Microsoft 365
- Azure cloud services
- Windows, Linux, and mobile operating systems
Skills at a glance
Manage a security operations environment (20–25%)
- Configure settings in Microsoft Defender XDR
- Manage assets and environments
- Design and configure a Microsoft Sentinel workspace
- Ingest data sources in Microsoft Sentinel
Configure protections and detections (15–20%)
- Configure protections in Microsoft Defender security technologies
- Configure detections in Microsoft Defender XDR
- Configure detections in Microsoft Sentinel
Manage incident response (25–30%)
- Respond to alerts and incidents in the Microsoft Defender portal
- Respond to alerts and incidents identified by Microsoft Defender for Endpoint
- Investigate Microsoft 365 activities
- Respond to incidents in Microsoft Sentinel
- Implement and use Copilot for Security
Manage security threats (15–20%)
- Hunt for threats by using Microsoft Defender XDR
- Hunt for threats by using Microsoft Sentinel
- Create and configure Microsoft Sentinel workbooks
Is this valid?
Hi,
Exam SC-200 is valid now.
Thanks
Some new sample questions:
Question:
HOTSPOT
You need to build a KQL query in a Microsoft Sentinel workspace. The query must return the SecurityEvent record for accounts that have the last record with an EventID value of 4624. How should you complete the query’ To answer, select the appropriate options in the answer area.
NOTE: Each coned selection is worth one point
Question:
You have a Microsoft 365 subscription that uses Microsoft Defender XDR.
You discover that when Microsoft Defender for Endpoint generates alerts for a commonly used executable file, it causes alert fatigue. You need to tune the alerts.
Which two actions can an alert tuning rule perform for the alerts?
Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. delete
B. hide
C. resolve
D. merge
E. assign
Question:
You have a Microsoft 365 subscription.
You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode. You need to ensure that the devices are protected from malicious artifacts that were undetected by the third-party antivirus product. Solution: You configure Controlled folder access. Does this meet the goal?
A. Yes
B. No
……
Some new questions:
Q
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains 500 Windows devices. You plan to create a Microsoft Defender XDR custom deception rule. You need to ensure that the rule will be applied to only 10 specific devices. What should you do first?
A. Add the IP address of each device to the list of decoy accounts and hosts of the rule.
B. Add the devices to a group.
C. Add custom lures to the rule.
D. Assign a tag to the devices
Q
You have an Azure subscription.
You need to stream the Microsoft Graph activity logs to a third-party security information and event management (SIEM) tool. The solution must minimize administrative effort.
To where should you stream the logs?
A. an Azure Event Hubs namespace
B. an Azure Event Grid namespace
C. an Azure Storage account
D. a Log Analytics workspace
Q
HOTSPOT
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint.
You have the on-premises devices shown in the following table.
You are preparing an incident response plan for devices infected by malware. You need to recommend response actions that meet the following requirements:
* Block malware from communicating with and infecting managed devices.
* Do NOT affect the ability to control managed devices.
Which actions should you use for each device? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
Q
HOTSPOT
You have a Microsoft Sentinel workspace.
You plan to visualize data from Microsoft SharePoint Online and OneDrive sites.
You need to create a KQL query for the visual. The solution must meet the following requirements:
* Select all workloads as a single operation.
* Include two parameters named Operations and Users.
* In the results, exclude empty values for the site URLs.
How should you complete the query? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
…….
Some new questions:
Q
You have an on-premises network.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Identity.
From the Microsoft Defender portal, you investigate an incident on a device named Device1 of a user named User1. The incident contains the following Defender for Identity alert.
Suspected identity theft (pass-the-ticket) (external ID 2018)
You need to contain the incident without affecting users and devices. The solution must minimize administrative effort.
What should you do?
A. Disable User 1 only.
B. Quarantine Device1 only.
C. Reset the password for all the accounts that previously signed in to Device1.
D. DisableUser1 and quarantine Device1.
E. Disable User1, quarantine Device1, and reset the password for all the accounts that previously signed in to Device1.
Q
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 1 and contains a macOS device named Device1.
You need to investigate a Defender for Endpoint agent alert on Device1. The solution must meet the following requirements:
* Identify all the active network connections on Device1.
* Identify all the running processes on Device1.
* Retrieve the login history of Device1.
* Minimize administrative effort.
What should you do first from the Microsoft Defender portal?
A. From Advanced features in Endpoints, disable Authenticated telemetry.
B. From Advanced features in Endpoints, enable Live Response unsigned script execution.
C. From Devices, click Collect investigation package for Device 1.
D. From Devices, initiate a live response session on Device1.
Q
You have 500 on-premises Windows 11 devices that use Microsoft Defender for Endpoint
You enable Network device discovery.
You need to create a hunting query that will identify discovered network devices and return the identity of the onboarded device that discovered each network device.
Which built-in function should you use?
A. current_cluster,endpoint()
B. DeviceFromIP ()
C. next ()
D. SeenBy ()
Q
DRAG DROP
You have a Microsoft Sentinel workspace named SW1.
In SW1. you enable User and Entity Behavior Analytics (UEBA).
You need to use KQL to perform the following tasks:
* View the entity data that has fields for each type of entity.
* Assess the quality of rules by analyzing how well a rule performs.
Which table should you use in KQL for each task?
Q
You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR.
You need to ensure that you can investigate threats by using data in the unified audit log of Microsoft Defender for Cloud Apps.
What should you configure first?
A. the Azure connector
B. the User enrichment settings
C. the Automatic log upload settings
D. the Microsoft 365 connector
………..
is this valid?
Hi,
Exam SC-200 is valid now.
Rate +89%
thanks