[May-2025] Get 100% Real Free Microsoft Certified: Security Operations Analyst Associate SC-200 Sample Questions [Q102-Q122]

Share

[May-2025] Get 100% Real Free Microsoft Certified: Security Operations Analyst Associate SC-200 Sample Questions

Accurate SC-200 Questions with Free and Fast Updates


Microsoft Security Operations Analyst, or SC-200, certification exam is designed for security professionals who are responsible for monitoring and responding to security incidents in Microsoft environments. SC-200 exam tests the candidate's knowledge and skills in various areas such as threat management, vulnerability management, incident response, and compliance. Passing the SC-200 exam demonstrates that the candidate has the expertise required to protect Microsoft environments from cyber threats.


How to Register For Exam SC-200: Microsoft Security Operations Analyst?

Exam Register Link: https://examregistration.microsoft.com/?locale=en-us&examcode=SC-200&examname=Exam%20SC-200:%20Microsoft%20Security%20Operations%20Analyst&returnToLearningUrl=https%3A%2F%2Fdocs.microsoft.com%2Flearn%2Fcertifications%2Fexams%2Fsc-200

 

NEW QUESTION # 102
You open the Cloud App Security portal as shown in the following exhibit.

You need to remediate the risk for the Launchpad app.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

1 - Select the app.
2 - Tag the app as Unsanctioned.
3 - Generate a block script.
4 - Run the script on the source appliance.
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/governance-discovery


NEW QUESTION # 103
You have a Microsoft Sentinel workspace that contains an Azure AD data connector.
You need to associate a bookmark with an Azure AD-related incident.
What should you do? To answer, drag the appropriate blades to the correct tasks. Each blade may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation
You can use the Logs blade or incident blade to create a bookmark of an Azure AD-related incident. Once the bookmark is created, you can associate it with the incident by using the incident blade. This allows you to quickly and easily access important information related to the incident in the future.


NEW QUESTION # 104
You have a Microsoft 365 E5 subscription that uses Microsoft SharePoint Online.
You delete users from the subscription.
You need to be notified if the deleted users downloaded numerous documents from SharePoint Online sites during the month before their accounts were deleted.
What should you use?

  • A. an access review policy
  • B. an insider risk policy
  • C. a file policy in Microsoft Defender for Cloud Apps
  • D. an alert policy in Microsoft Defender for Office 365

Answer: D


NEW QUESTION # 105
You have an existing Azure logic app that is used to block Azure Active Directory (Azure AD) users. The logic app is triggered manually.
You deploy Azure Sentinel.
You need to use the existing logic app as a playbook in Azure Sentinel. What should you do first?

  • A. Configure a custom Threat Intelligence connector in Azure Sentinel.
  • B. And a new scheduled query rule.
  • C. Modify the trigger in the logic app.
  • D. Add a data connector to Azure Sentinel.

Answer: C

Explanation:
https://docs.microsoft.com/en-us/azure/sentinel/playbook-triggers-actions https://docs.microsoft.com/en-us
/azure/sentinel/tutorial-respond-threats-playbook


NEW QUESTION # 106
You have a Microsoft 365 subscription that uses Microsoft Defender XDR.
You need to create a custom detection rule that will identify devices that had more than five antivirus detections within the last 24 hours.
how should you complete the query? To answer, select the appropriate options in the answer area.
NOTE Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 107
You have a Microsoft 365 E5 subscription.
You plan to perform cross-domain investigations by using Microsoft 365 Defender.
You need to create an advanced hunting query to identify devices affected by a malicious email attachment.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-query-emails-devices?view=o365-worldwide


NEW QUESTION # 108
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring Microsoft Defender for Identity integration with Active Directory.
From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.
Solution: From Azure Identity Protection, you configure the sign-in risk policy.
Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
Reference:
https://docs.microsoft.com/en-us/defender-for-identity/manage-sensitive-honeytoken-accounts


NEW QUESTION # 109
You have an Azure subscription that uses Microsoft Defender for Cloud and contains 100 virtual machines that run Windows Server.
You need to configure Defender for Cloud to collect event data from the virtual machines. The solution must minimize administrative effort and costs.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. From the workspace created by Defender for Cloud, set the data collection level to Common
  • B. From the Azure portal, create an Azure Event Grid subscription.
  • C. From the workspace created by Defender for Cloud, set the data collection level to All Events
  • D. From Defender for Cloud in the Azure portal, enable automatic provisioning for the virtual machines.
  • E. From the Microsoft Endpoint Manager admin center, enable automatic enrollment.

Answer: C,D


NEW QUESTION # 110
You have a Microsoft Sentinel workspace that contains a custom workbook named Workbook1.
You need to create a visual based on the SecuntyEvent table. The solution must meet the following requirements:
* Identify the number of security events ingested during the past week.
* Display the count of events by day in a timechart
What should you add to Workbook1?

  • A. links or tabs
  • B. a query
  • C. a metric
  • D. a group

Answer: B


NEW QUESTION # 111
You have a Microsoft 365 subscription that uses Microsoft Defender for Cloud Apps and has Cloud Discovery enabled.
You need to enrich the Cloud Discovery data. The solution must ensure that usernames in the Cloud Discovery traffic logs are associated with the user principal name (UPN) of the corresponding Microsoft Entra ID user accounts.
What should you do first?

  • A. Create a Microsoft 365 app connector.
  • B. Enable automatic redirection to Microsoft 365 Defender.
  • C. From Conditional Access App Control, configure User monitoring.
  • D. Create an Azure app connector.

Answer: A


NEW QUESTION # 112
You have an Azure subscription that is linked to a hybrid Azure AD tenant and contains a Microsoft Sentinel workspace named Sentinel1.
You need to enable User and Entity Behavior Analytics (UEBA) for Sentinel 1 and configure UEBA to use data collected from Active Directory Domain Services (AD OS).
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 113
You are configuring Azure Sentinel.
You need to send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected.
Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Associate a playbook to an incident.
  • B. Add a playbook.
  • C. Enable Entity behavior analytics.
  • D. Create a workbook.
  • E. Enable the Fusion rule.

Answer: A,B

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook


NEW QUESTION # 114
You need to complete the query for failed sign-ins to meet the technical requirements.
Where can you find the column name to complete the where clause?

  • A. Azure Advisor
  • B. the query windows of the Log Analytics workspace
  • C. Security alerts in Azure Security Center
  • D. Activity log in Azure

Answer: B

Explanation:
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.


NEW QUESTION # 115
You have an Azure Functions app that generates thousands of alerts in Azure Security Center each day for normal activity.
You need to hide the alerts automatically in Security Center.
Which three actions should you perform in sequence in Security Center? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:

Reference:
https://techcommunity.microsoft.com/t5/azure-security-center/suppression-rules-for-azure-security-center- alerts-are-now/ba-p/1404920


NEW QUESTION # 116
You need to meet the Microsoft Defender for Cloud Apps requirements
What should you do? To answer. select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 117
You have a Microsoft Sentinel workspace.
You enable User and Entity Behavior Analytics (UFBA) by using Audit logs and Signin logs. The following entities are detected in the Azure AD tenant:
* App name: App1
* IP address: 192.168.1.2
* Computer name: Device1
* Used client app: Microsoft Edge
* Email address: [email protected]
* Sign-in URL: https://www.company.com
Which entities can be investigated by using UEBA?

  • A. IP address only
  • B. used client app and app name only
  • C. app name, computer name, IP address, email address, and used client app only
  • D. IP address and email address only

Answer: A


NEW QUESTION # 118
You have an Azure Functions app that generates thousands of alerts in Azure Security Center each day for normal activity.
You need to hide the alerts automatically in Security Center.
Which three actions should you perform in sequence in Security Center? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:

Reference:
https://techcommunity.microsoft.com/t5/azure-security-center/suppression-rules-for-azure-security-center-alerts-


NEW QUESTION # 119
You purchase a Microsoft 365 subscription.
You plan to configure Microsoft Cloud App Security.
You need to create a custom template-based policy that detects connections to Microsoft 365 apps that originate from a botnet network.
What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:

Reference:
https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy


NEW QUESTION # 120
You have a Microsoft 365 E5 subscription that is linked to a hybrid Azure AD tenant.
You need to identify all the changes made to Domain Admins group during the past 30 days.
What should you use?

  • A. the Modifications of sensitive groups report in Microsoft Defender for Identity
  • B. the identity security posture assessment in Microsoft Defender for Cloud Apps
  • C. the Azure Active Directory Provisioning Analysis workbook
  • D. the Overview settings of Insider risk management

Answer: A


NEW QUESTION # 121
You have the following SQL query.

Answer:

Explanation:


NEW QUESTION # 122
......

SC-200 Study Guide Realistic Verified Dumps: https://www.passreview.com/SC-200_exam-braindumps.html

Self-Study Guide for Becoming an Microsoft Security Operations Analyst Expert: https://drive.google.com/open?id=1lN9ED7oyUxtByEM1vlynjWr9KlX7sJ5X