최신 SC-200 무료덤프 - Microsoft Security Operations Analyst
You have an Azure subscription that uses Microsoft Defender for Endpoint.
You need to ensure that you can allow or block a user-specified range of IP addresses and URLs.
What should you enable first in the advanced features from the Endpoints Settings in the Microsoft 365 Defender portal?
You need to ensure that you can allow or block a user-specified range of IP addresses and URLs.
What should you enable first in the advanced features from the Endpoints Settings in the Microsoft 365 Defender portal?
정답: D
Your company stores the data of every project in a different Azure subscription. All the subscriptions use the same Microsoft Entra tenant.
Every project consists of multiple Azure virtual machines that run Windows Server. The Windows events of the virtual machines are stored in a Log Analytics workspace in each machine's respective subscription.
You deploy Microsoft Sentinel to a new Azure subscription.
You need to perform hunting queries in Microsoft Sentinel to search across all the Log Analytics workspaces of all the subscriptions.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Every project consists of multiple Azure virtual machines that run Windows Server. The Windows events of the virtual machines are stored in a Log Analytics workspace in each machine's respective subscription.
You deploy Microsoft Sentinel to a new Azure subscription.
You need to perform hunting queries in Microsoft Sentinel to search across all the Log Analytics workspaces of all the subscriptions.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
정답: D,E
You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure Sentinel requirements and the business requirements.
Which role should you assign?
Which role should you assign?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure subscription that contains a Log Analytics workspace.
You need to enable just-in-time (JIT) VM access and network detections for Azure resources.
Where should you enable Azure Defender?
You need to enable just-in-time (JIT) VM access and network detections for Azure resources.
Where should you enable Azure Defender?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
Your company deploys the following services:
* Microsoft Defender for Identity
* Microsoft Defender for Endpoint
* Microsoft Defender for Office 365
You need to provide a security analyst with the ability to use the Microsoft 365 security center. The analyst must be able to approve and reject pending actions generated by Microsoft Defender for Endpoint. The solution must use the principle of least privilege.
Which two roles should assign to the analyst? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
* Microsoft Defender for Identity
* Microsoft Defender for Endpoint
* Microsoft Defender for Office 365
You need to provide a security analyst with the ability to use the Microsoft 365 security center. The analyst must be able to approve and reject pending actions generated by Microsoft Defender for Endpoint. The solution must use the principle of least privilege.
Which two roles should assign to the analyst? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
정답: A,B
설명: (DumpTOP 회원만 볼 수 있음)
You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR.
The security team at your company detects command and control (C2) agent traffic on the network. Agents communicate once every 50 hours.
You need to create a Microsoft Defender XDR custom detection rule that will identify compromised devices and establish a pattern of communication. The solution must meet the following requirements:
* Identify all the devices that have communicated during the past 14 days.
* Minimize how long it takes to identify the devices.
To what should you set the detection frequency for the rule?
The security team at your company detects command and control (C2) agent traffic on the network. Agents communicate once every 50 hours.
You need to create a Microsoft Defender XDR custom detection rule that will identify compromised devices and establish a pattern of communication. The solution must meet the following requirements:
* Identify all the devices that have communicated during the past 14 days.
* Minimize how long it takes to identify the devices.
To what should you set the detection frequency for the rule?
정답: B
You have a Microsoft 365 subscription that uses Microsoft Purview and contains a Microsoft SharePoint Online site named Site1. Site1 contains the files shown in the following table.
From Microsoft Purview, you create the content search queries shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE; Each correct selection is worth one point.
From Microsoft Purview, you create the content search queries shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE; Each correct selection is worth one point.
정답:
Explanation:
You need to implement the Defender for Cloud requirements.
Which subscription-level role should you assign to Group1?
Which subscription-level role should you assign to Group1?
정답: D
You have a Microsoft 365 subscription that uses Microsoft Purview.
Your company has a project named Project1.
You need to identify all the email messages that have the word Project1 in the subject line. The solution must search only the mailboxes of users that worked on Project1.
What should you do?
Your company has a project named Project1.
You need to identify all the email messages that have the word Project1 in the subject line. The solution must search only the mailboxes of users that worked on Project1.
What should you do?
정답: D
Your company uses Azure Security Center and Azure Defender.
The security operations team at the company informs you that it does NOT receive email notifications for security alerts.
What should you configure in Security Center to enable the email notifications?
The security operations team at the company informs you that it does NOT receive email notifications for security alerts.
What should you configure in Security Center to enable the email notifications?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
You have a Microsoft 365 E5 subscription that uses Microsoft Defender and an Azure subscription that uses Azure Sentinel.
You need to identify all the devices that contain files in emails sent by a known malicious email sender. The query will be based on the match of the SHA256 hash.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to identify all the devices that contain files in emails sent by a known malicious email sender. The query will be based on the match of the SHA256 hash.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender/advanced-hunting-query-emails-devices?
view=o365-worldwide
You have a Microsoft 365 subscription that uses Microsoft Defender XDR. All endpoint devices are onboarded to Microsoft Defender for Endpoint.
You have an Azure subscription that contains a Microsoft Sentinel workspace named Workspace 1. All Microsoft Defender XDR events are ingested into Workspace1.
You have a Microsoft Entra tenant.
You create a KQL query named query1 that searches device logs for a known vulnerability.
You need to ensure that query1 runs every hour. The solution must minimize administrative effort.
What should you configure?
You have an Azure subscription that contains a Microsoft Sentinel workspace named Workspace 1. All Microsoft Defender XDR events are ingested into Workspace1.
You have a Microsoft Entra tenant.
You create a KQL query named query1 that searches device logs for a known vulnerability.
You need to ensure that query1 runs every hour. The solution must minimize administrative effort.
What should you configure?
정답: D
You have an Azure subscription.
You need to delegate permissions to meet the following requirements:
* Enable and disable advanced features of Microsoft Defender for Cloud.
* Apply security recommendations to a resource.
The solution must use the principle of least privilege.
Which Microsoft Defender for Cloud role should you use for each requirement? To answer, drag the appropriate roles to the correct requirements. Each role may be used once, mote than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You need to delegate permissions to meet the following requirements:
* Enable and disable advanced features of Microsoft Defender for Cloud.
* Apply security recommendations to a resource.
The solution must use the principle of least privilege.
Which Microsoft Defender for Cloud role should you use for each requirement? To answer, drag the appropriate roles to the correct requirements. Each role may be used once, mote than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
You have a Microsoft Sentinel workspace.
A Microsoft Sentinel incident is generated as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in [the graphic.
NOTE: Each correct selection is worth one point.
A Microsoft Sentinel incident is generated as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in [the graphic.
NOTE: Each correct selection is worth one point.
정답:
You have a Microsoft 365 E5 subscription.
You need to create a hunting query that will return every email that contains an attachment named Document.
pdf. The query must meet the following requirements:
* Only show emails sent during the last hour.
* Optimize query performance.
How should you complete the query? To answer, select the appropriate options in the answer area. NOTE:
Each correct selection is worth one point.
You need to create a hunting query that will return every email that contains an attachment named Document.
pdf. The query must meet the following requirements:
* Only show emails sent during the last hour.
* Optimize query performance.
How should you complete the query? To answer, select the appropriate options in the answer area. NOTE:
Each correct selection is worth one point.
정답:
Explanation:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring Azure Sentinel.
You need to create an incident in Azure Sentinel when a sign-in to an Azure virtual machine from a malicious IP address is detected.
Solution: You create a livestream from a query.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring Azure Sentinel.
You need to create an incident in Azure Sentinel when a sign-in to an Azure virtual machine from a malicious IP address is detected.
Solution: You create a livestream from a query.
Does this meet the goal?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
You have an on-premises Windows 11 Pro device named Device1 that is onboarded to Microsoft Defender for Endpoint You have a Microsoft 365 subscription.
You need to identify the processes running on Device1 and which network connections the processes have open. The solution must minimize administrative effort.
Which four actions should you perform in the Microsoft Defender portal in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to identify the processes running on Device1 and which network connections the processes have open. The solution must minimize administrative effort.
Which four actions should you perform in the Microsoft Defender portal in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
정답:
Explanation:
You have an Azure subscription that uses Microsoft Sentinel.
You detect a new threat by using a hunting query.
You need to ensure that Microsoft Sentinel automatically detects the threat. The solution must minimize administrative effort.
What should you do?
You detect a new threat by using a hunting query.
You need to ensure that Microsoft Sentinel automatically detects the threat. The solution must minimize administrative effort.
What should you do?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)