CertsTopics Logo

New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Microsoft Certified: Security Operations Analyst Associate SC-200 Dumps PDF

Page: 9 / 14
Total 306 questions
Get SC-200 Full Access Download SC-200 PDF

Microsoft Security Operations Analyst Questions and Answers

Question 33

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You have a virtual machine that runs Windows 10 and has the Log Analytics agent installed.

You need to simulate an attack on the virtual machine that will generate an alert.

What should you do first?

Options:

A.

Run the Log Analytics Troubleshooting Tool.

B.

Copy a executable and rename the file as ASC_AlerTest_662jf10N,exe

C.

Modify the settings of the Microsoft Monitoring Agent.

D.

Run the MMASetup executable and specify the -foo argument

Question 34

You need to configure Microsoft Cloud App Security to generate alerts and trigger remediation actions in response to external sharing of confidential files.

Which two actions should you perform in the Cloud App Security portal? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

From Settings, select Information Protection, select Azure Information Protection, and then select Only scan files for Azure Information Protection classification labels and content inspection warnings from this tenant

B.

Select Investigate files, and then filter App to Office 365.

C.

Select Investigate files, and then select New policy from search

D.

From Settings, select Information Protection, select Azure Information Protection, and then select Automatically scan new files for Azure Information Protection classification labels and content inspection warnings

E.

From Settings, select Information Protection, select Files, and then enable file monitoring.

F.

Select Investigate files, and then filter File Type to Document.

Question 35

You need to meet the Microsoft Defender for Cloud Apps requirements

What should you do? To answer. select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 36

You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in.

Which anomaly detection policy should you use?

Options:

A.

Impossible travel

B.

Activity from anonymous IP addresses

C.

Activity from infrequent country

D.

Malware detection

Page: 9 / 14
Total 306 questions
Get SC-200 Full Access Download SC-200 PDF