Practice Exams:

Free SC-200 Exam Braindumps

Pass your Microsoft Security Operations Analyst exam with these free Questions and Answers

Page 2 of 40
PDF with 197 Questions
QUESTION 1

- (Exam Topic 3)
You have a Microsoft Sentinel workspace.
You need to create a KQL query that will identify successful sign-ins from multiple countries during the last three hours.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE Each correct selection is worth one point
SC-200 dumps exhibit
Solution:
SC-200 dumps exhibit

Does this meet the goal?

  1. A. Yes
  2. B. No

Correct Answer: A

QUESTION 2

- (Exam Topic 3)
You have an Azure Sentinel deployment.
You need to query for all suspicious credential access activities.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
SC-200 dumps exhibit
Solution:
SC-200 dumps exhibit

Does this meet the goal?

  1. A. Yes
  2. B. No

Correct Answer: A

QUESTION 3

- (Exam Topic 3)
Your company has a single office in Istanbul and a Microsoft 365 subscription.
The company plans to use conditional access policies to enforce multi-factor authentication (MFA). You need to enforce MFA for all users who work remotely.
What should you include in the solution?

  1. A. a fraud alert
  2. B. a user risk policy
  3. C. a named location
  4. D. a sign-in user policy

Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

QUESTION 4

- (Exam Topic 1)
You need to recommend remediation actions for the Azure Defender alerts for Fabrikam.
What should you recommend for each threat? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
SC-200 dumps exhibit
Solution:
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/secure-your-key-vault

Does this meet the goal?

  1. A. Yes
  2. B. No

Correct Answer: A

QUESTION 5

- (Exam Topic 3)
You have an Azure Functions app that generates thousands of alerts in Azure Security Center each day for normal activity.
You need to hide the alerts automatically in Security Center.
Which three actions should you perform in sequence in Security Center? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
SC-200 dumps exhibit
Solution:
Reference:
https://techcommunity.microsoft.com/t5/azure-security-center/suppression-rules-for-azure-security-center-alerts

Does this meet the goal?

  1. A. Yes
  2. B. No

Correct Answer: A

Page 2 of 40
PDF with 197 Questions

Post your Comments and Discuss Microsoft SC-200 exam with other Community members: