SC-200 Practice Online

Question 1

You are configuring Azure Sentinel.
You need to send a Microsoft Teams message to a channel whenever an incident representing a sign-in risk event is activated in Azure Sentinel.
Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A : Enable Entity behavior analytics.

B : Associate a playbook to the analytics rule that triggered the incident.

C : Enable the Fusion rule.

D : Add a playbook.

E : Create a workbook.

Answer: A,B

Question 2

You have an Azure subscription that uses Microsoft Defender for Endpoint.

You need to ensure that you can allow or block a user-specified range of IP addresses and URLs.

What should you enable first in the advanced features from the Endpoints Settings in the Microsoft 365 Defender portal?

A : endpoint detection and response (EDR) in block mode

B : custom network indicators

C : web content filtering

D : Live response for servers

Answer: A

Question 3

You have an Azure subscription that uses Microsoft Sentinel.

You need to minimize the administrative effort required to respond to the incidents and remediate the security threats detected by Microsoft Sentinel.

Which two features should you use? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A : Microsoft Sentinel bookmarks

B : Azure Automation runbooks

C : Microsoft Sentinel automation rules

D : Microsoft Sentinel playbooks

E : Azure Functions apps

Answer: C,D

Question 4

You are configuring Azure Sentinel.
You need to send a Microsoft Teams message to a channel whenever a sign-in from a suspicious IP address is detected.
Which two actions should you perform in Azure Sentinel? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A : Add a playbook.

B : Associate a playbook to an incident.

C : Enable Entity behavior analytics.

D : Create a workbook.

E : Enable the Fusion rule.

Answer: A,B

Question 5

You have a playbook in Azure Sentinel.
When you trigger the playbook, it sends an email to a distribution group.
You need to modify the playbook to send the email to the owner of the resource instead of the distribution group.
What should you do?

A : Add a parameter and modify the trigger.

B : Add a custom data connector and modify the trigger.

C : Add a condition and modify the action.

D : Add a parameter and modify the action.

Answer: D

Name:	Microsoft Security Operations Analyst
Exam Code:	SC-200
Certification:	Security Operations Analyst Associate
Vendor:	Microsoft
Total Questions:	296
Last Updated:	Apr 29, 2024

Download Demo SC-200 Dumps

Create Account

Password Recovery

Download Demo SC-200 Dumps

Member Login

Create Account

Password Recovery

SC-200 Practice Online