Microsoft SC-200 Exam Practice Test Instant Access

Question 1

You have an Azure subscription that contains a user named User1 and a Microsoft Sentinel workspace named WS1. WS1 uses Microsoft Defender for Cloud.

You have the Microsoft security analytics rules shown in the following table.

User1 performs an action that matches Rule1, Rule2, Rule3, and Rule4. How many incidents will be created in WS1?

Answer : A

Question 2

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a user named User1.

You need to ensure that User1 can manage Microsoft Defender XDR custom detection rules and Endpoint security policies. The solution must follow the principle of least privilege.

Which role should you assign to User1?

ADesktop Analytics Administrator

BSecurity Operator

CSecurity Administrator

DCloud Device Administrator

Answer : C

Question 3

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.

You are investigating an attacker that is known to use the Microsoft Graph API as an attack vector. The attacker performs the tactics shown the following table.

You need to search for malicious activities in your organization.

Which tactics can you analyze by using the MicrosoftGraphActivityLogs table?

ATactic? only

BTactic1 and Tactic2 only

CTac1ic2 and Tactic3 only

DTaclic1. Tac1ic2. andTactic3

Answer : B

Question 4

You have 500 on-premises Windows 11 devices that use Microsoft Defender for Endpoint

You enable Network device discovery.

You need to create a hunting query that will identify discovered network devices and return the identity of the onboarded device that discovered each network device.

Which built-in function should you use?

Acurrent_cluster,endpoint()

BDeviceFromIP ()

Cnext ()

DSeenBy ()

Answer : B

Question 5

You have an Azure subscription that contains a resource group named RG1. RG1 contains a Microsoft Sentinel workspace. The subscription is linked to a Microsoft Entra tenant that contains a user named User1.

You need to ensure that User1 can deploy and customize Microsoft Sentine1 workbook templates. The solution must follow the principle of least privilege.

Which role should you assign to User1 for RG1?

AWorkbook Contributor

BMicrosoft Sentinel Contributor

CContributor

DMicrosoft Sentinel Automation Contributor

Answer : B

Question 6

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains 500 Windows devices. As part of an incident investigation, you identify the following suspected malware files:

* sys

* pdf

* docx

* xlsx

You need to create indicator hashes to block users from downloading the files to the devices. Which files can you block by using the indicator hashes?

AFile1.sysonly

BFile1.sysand File3.docxonly

CFile1.sys. File3.docx, and File4jclsx only

DFile2.pdf. File3.docxr and File4.xlsx only

EFile1.sys, File2.pdf, File3.dooc, and File4.xlsx

Answer : A

Question 7

You have a Microsoft 365 E5 subscription that contains a device named Device 1. Device 1 is enrolled in Microsoft Defender for End point.

Device1 reports an incident that includes a file named File1 exe as evidence.

You initiate the Collect Investigation Package action and download the ZIP file.

You need to identify the first and last time File1.exe was executed.

What should you review in the investigation package?

AProcesses

BScheduled tasks

CAutoruns

DSecurity event log

EPrefetch files

Answer : E

Microsoft SC-200 Microsoft Security Operations Analyst Exam Practice Test