SC-200 Exam Dumps - Microsoft Security Operations Analyst

From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

You have a Microsoft Sentinel workspace named Workspaces1.

The AzureActivity table in Workspace! has the following retention periods:

• Interactive: 180 days

• Total:180days

You need to modify the retention periods to meet the following requirements:

• Minimize the costs associated with storing data in the table.

• Maximize the period during which the table data remains available.

How should you configure each retention period? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to implement the Defender for Cloud requirements.

Which subscription-level role should you assign to Group1?

You need to ensure that the Group1 members can meet the Microsoft Sentinel requirements.

Which role should you assign to Group1?

You need to implement the scheduled rule for incident generation based on rulequery1.

What should you configure first?

You need to ensure that the processing of incidents generated by rulequery1 meets the Microsoft Sentinel requirements.

What should you create first?

You need to implement the Defender for Cloud requirements.

What should you configure for Server2?

You need to configure event monitoring for Server1. The solution must meet the Microsoft Sentinel requirements. What should you create first?