SC-200 Exam Dumps - Microsoft Security Operations Analyst

Go to page:

<< First
Prev
1
2
3
4
5
6
7
Next
Last >>

Question # 9

You need to visualize Azure Sentinel data and enrich the data by using third-party data sources to identify indicators of compromise (IoC).

What should you use?

notebooks in Azure Sentinel

Microsoft Cloud App Security

Azure Monitor

hunting queries in Azure Sentinel

Full Access

Question # 10

You need to deploy the native cloud connector to Account! to meet the Microsoft Defender for Cloud requirements. What should you do in Account! first?

Create an AWS user for Defender for Cloud.

Create an Access control (1AM) role for Defender for Cloud.

Configure AWS Security Hub.

Deploy the AWS Systems Manager (SSM) agent

Full Access

Question # 11

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR.

You have a Microsoft Sentinel workspace.

Microsoft Sentinel connectors are configured as shown in the following table.

You use Microsoft Sentinel to investigate suspicious Microsoft Graph API activity related to Conditional Access policies. You need to search for the following activities:

â€¢ Downloads of the Conditional Access policies by using PowerShell

â€¢ Updates to the Conditional Access policies by using the Microsoft Entra admin center

Which tables should you query for each activity? lo answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 12

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.

You are investigating an incident.

You need to review the incident tasks that were performed. The solution must include a query that will display the incidents in a workbook, and then display the tasks of each incident in another grid.

Which table should you target in the query?

Securitylncident

SecurityEvent

Sentine1Audit

SecurityAlert

Full Access

Question # 13

You have an on-premises network.

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Identity.

From the Microsoft Defender portal, you investigate an incident on a device named Device1 of a user named User1. The incident contains the following Defender for Identity alert.

Suspected identity theft (pass-the-ticket) (external ID 2018)

You need to contain the incident without affecting users and devices. The solution must minimize administrative effort.

What should you do?

Disable User 1 only.

Quarantine Device1 only.

Reset the password for all the accounts that previously signed in to Device1.

DisableUser1 and quarantine Device1.

Disable User1, quarantine Device1, and reset the password for all the accounts that previously signed in to Device1.

Full Access

Question # 14

You have an Azure subscription.

You plan to implement an Microsoft Sentinel workspace. You anticipate that you will ingest 20 GB of security log data per day.

You need to configure storage for the workspace. The solution must meet the following requirements:

â€¢ Minimize costs for daily ingested data.

â€¢ Maximize the data retention period without incurring extra costs.

What should you do for each requirement? To answer, select the appropriate options in the answer area. NOTE Each correct selection is worth one point.

Full Access

Question # 15

You use Azure Sentinel.

You need to use a built-in role to provide a security analyst with the ability to edit the queries of custom Azure Sentinel workbooks. The solution must use the principle of least privilege.

Which role should you assign to the analyst?

Azure Sentinel Contributor

Security Administrator

Azure Sentinel Responder

Logic App Contributor

Full Access