SC-200 Exam Dumps - Microsoft Certified: Security Operations Analyst Associate Questions and Answers

Question # 34

You need to configure Microsoft Cloud App Security to generate alerts and trigger remediation actions in response to external sharing of confidential files.

Which two actions should you perform in the Cloud App Security portal? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

From Settings, select Information Protection, select Azure Information Protection, and then select Only scan files for Azure Information Protection classification labels and content inspection warnings from this tenant

Select Investigate files, and then filter App to Office 365.

Select Investigate files, and then select New policy from search

From Settings, select Information Protection, select Azure Information Protection, and then select Automatically scan new files for Azure Information Protection classification labels and content inspection warnings

From Settings, select Information Protection, select Files, and then enable file monitoring.

Select Investigate files, and then filter File Type to Document.

Buy Now

Question # 35

You need to restrict cloud apps running on CUENT1 to meet the Microsoft Defender for Endpoint requirements. Which two configurations should you modify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Options:

the Cloud Discovery settings in Microsoft Defender for Cloud Apps

the Onboarding settings from Device management in Settings in Microsoft 365 Defender portal

Microsoft Defender for Cloud Apps anomaly detection policies

Advanced features from the Endpoints Settings in the Microsoft 365 Defender portal

Buy Now

Question # 36

You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure Sentinel requirements and the business requirements.

Which role should you assign?

Options:

Automation Operator

Automation Runbook Operator

Azure Sentinel Contributor

Logic App Contributor

Buy Now

Question # 37

You have a Microsoft 365 subscription

You need to identify all the security principals that submitted requests to change or delete groups. How should you complete the KQL query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now

Question # 38

You need to modify the anomaly detection policy settings to meet the Microsoft Defender for Cloud Apps requirements and resolve the reported problem.

Which policy should you modify?

Options:

Activity from suspicious IP addresses

Risky sign-in

Activity from anonymous IP addresses

Impossible travel

Buy Now

Question # 39

You need to ensure that the Group1 members can meet the Microsoft Sentinel requirements.

Which role should you assign to Group1?

Options:

Microsoft Sentinel Automation Contributor

Logic App Contributor

Automation Operator

Microsoft Sentinel Playbook Operator

Buy Now

Question # 40

You need to configure the Microsoft Sentinel integration to meet the Microsoft Sentinel requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Options:

Buy Now

Question # 41

You need to ensure that the configuration of HuntingQuery1 meets the Microsoft Sentinel requirements.

What should you do?

Options:

Add HuntingQuery1 to a livestream.

Create a watch list.

Create an Azure Automation rule.

Add HuntingQuery1 to favorites.

Buy Now

Question # 42

You need to monitor the password resets. The solution must meet the Microsoft Sentinel requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Buy Now

Question # 43

You need to implement the query for Workbook1 and Webapp1. The solution must meet the Microsoft Sentinel requirements. How should you configure the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.