Free Microsoft SC-200 Exam Questions
Try our Free Demo Practice Tests for Comprehensive SC-200 Exam Preparation
-
Microsoft SC-200 Exam Questions
-
Provided By: Microsoft
- Exam: Microsoft Security Operations Analyst
- Certification: Security Operations Analyst Associate
-
Total Questions: 394
-
Updated On: Jun 01, 2026
-
Rated: 4.9 |
-
Online Users: 788
-
Question 1
-
You have a Microsoft 365 subscription that uses Microsoft 365 Defender A remediation action for an
automated investigation quarantines a file across multiple devices. You need to mark the file as safe
and remove the file from quarantine on the devices. What should you use m the Microsoft 365
Defender portal?
Answer: B
-
You have a Microsoft 365 subscription that uses Microsoft 365 Defender A remediation action for an
automated investigation quarantines a file across multiple devices. You need to mark the file as safe
and remove the file from quarantine on the devices. What should you use m the Microsoft 365
Defender portal?
-
Question 2
-
You need to ensure that you can run hunting queries to meet the Microsoft Sentinel requirements.
Which type of workspace should you create?
Answer: D
-
You need to ensure that you can run hunting queries to meet the Microsoft Sentinel requirements.
Which type of workspace should you create?
-
Question 3
-
You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1.
You create a hunting query that detects a new attack vector. The attack vector maps to a tactic listed
in the MITRE ATT&CK database.
You need to ensure that an incident is created in WS1 when the new attack vector is detected.
What should you configure?
Answer: C
-
You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1.
You create a hunting query that detects a new attack vector. The attack vector maps to a tactic listed
in the MITRE ATT&CK database.
You need to ensure that an incident is created in WS1 when the new attack vector is detected.
What should you configure?
-
Question 4
-
You have a Microsoft 365 subscription that uses Microsoft Defender for Cloud Apps and has Cloud Discovery enabled.
You need to enrich the Cloud Discovery data. The solution must ensure that usernames in the Cloud Discovery traffic logs are associated with the user principal name (UPN) of the corresponding Microsoft Entra ID user accounts.
What should you do first?
Answer: B
-
You have a Microsoft 365 subscription that uses Microsoft Defender for Cloud Apps and has Cloud Discovery enabled.
-
Question 5
-
You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for Endpoint
requirements.Which two configurations should you modify? Each correct answer present part of the solution.
NOTE: Each correct selection is worth one point.
Answer: C,D
-
You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for Endpoint
requirements.Which two configurations should you modify? Each correct answer present part of the solution.
NOTE: Each correct selection is worth one point.