Weekend Sale 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Free Microsoft SC-200 Practice Exam with Questions & Answers | Set: 3

Questions 21

You are informed of an increase in malicious email being received by users.

You need to create an advanced hunting query in Microsoft 365 Defender to identify whether the accounts of the email recipients were compromised. The query must return the most recent 20 sign-ins performed by the recipients within an hour of receiving the known malicious email.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-200 Question 21

Options:
Microsoft SC-200 Premium Access
Questions 22

You plan to connect an external solution that will send Common Event Format (CEF) messages to Azure Sentinel.

You need to deploy the log forwarder.

Which three actions should you perform in sequence? To answer, move the appropriate actions form the list of actions to the answer area and arrange them in the correct order.

SC-200 Question 22

Options:
Questions 23

You have two Azure subscriptions that use Microsoft Defender for Cloud.

You need to ensure that specific Defender for Cloud security alerts are suppressed at the root management group level. The solution must minimize administrative effort.

What should you do in the Azure portal?

Options:
A.

Create an Azure Policy assignment.

B.

Modify the Workload protections settings in Defender for Cloud.

C.

Create an alert rule in Azure Monitor.

D.

Modify the alert settings in Defender for Cloud.

Questions 24

You have a Microsoft Sentinel workspace named sws1.

You need to create a hunting query to identify users that list storage keys of multiple Azure Storage accounts. The solution must exclude users that list storage keys for a single storage account.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

SC-200 Question 24

Options:
Questions 25

You need to use an Azure Sentinel analytics rule to search for specific criteria in Amazon Web Services (AWS) logs and to generate incidents.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

a Microsoft 365 E5

SC-200 Question 25

Options:
Questions 26

You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for Endpoint requirements.

Which two configurations should you modify? Each correct answer present part of the solution.

NOTE: Each correct selection is worth one point.

Options:
A.

the Onboarding settings from Device management in Microsoft Defender Security Center

B.

Cloud App Security anomaly detection policies

C.

Advanced features from Settings in Microsoft Defender Security Center

D.

the Cloud Discovery settings in Cloud App Security

Questions 27

Which rule setting should you configure to meet the Microsoft Sentinel requirements?

Options:
A.

From Set rule logic, turn off suppression.

B.

From Analytic rule details, configure the tactics.

C.

From Set rule logic, map the entities.

D.

From Analytic rule details, configure the severity.

Questions 28

You need to configure DC1 to meet the business requirements.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

SC-200 Question 28

Options:
Questions 29

You need to implement the Azure Information Protection requirements. What should you configure first?

Options:
A.

Device health and compliance reports settings in Microsoft Defender Security Center

B.

scanner clusters in Azure Information Protection from the Azure portal

C.

content scan jobs in Azure Information Protection from the Azure portal

D.

Advanced features from Settings in Microsoft Defender Security Center

Questions 30

You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure Sentinel requirements and the business requirements.

Which role should you assign?

Options:
A.

Automation Operator

B.

Automation Runbook Operator

C.

Azure Sentinel Contributor

D.

Logic App Contributor

Exam Code: SC-200
Certification Provider: Microsoft
Exam Name: Microsoft Security Operations Analyst
Last Update: Sep 13, 2025
Questions: 370

Microsoft Related Exams

MS-102 - Microsoft 365 Administrator Exam
DP-900 - Microsoft Azure Data Fundamentals
DP-700 - Implementing Data Engineering Solutions Using Microsoft Fabric
MO-100 - Microsoft Word (Word and Word 2019)
GH-900 - GitHub Foundations
MS-700 - Managing Microsoft Teams
GH-500 - GitHub Advanced Security Exam
MB-800 - Microsoft Dynamics 365 Business Central Functional Consultant
AZ-305 - Designing Microsoft Azure Infrastructure Solutions
AZ-104 - Microsoft Azure Administrator
MB-700 - Microsoft Dynamics 365: Finance and Operations Apps Solution Architect
77-728 - Excel 2016 Expert: Interpreting Data for Insights
MO-101 - Microsoft Word Expert (Word and Word 2019)
MB-910 - Microsoft Dynamics 365 Fundamentals Customer Engagement Apps (CRM)
MS-203 - Microsoft 365 Messaging
Microsoft Free Access
Get Microsoft Full Access

Microsoft Free Exams
Microsoft Free Exams
Prepare effectively for Microsoft certification exams with free study resources and practice tests from Examstrack.