Microsoft Security Operations Analyst (SC-200) - Microsoft Actual Exam Questions

HOTSPOT You have an Azure subscription named Sub1 that contains the resources shown in the following table. You plan to configure Rule1 to trigger Lapp1 when an incident is generated. You need to recommend the role-based access control (RBAC) role that you should assign to WS1, and the scope at which should you assign the role. The solution must follow the principle of least privilege. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

HOTSPOT You need to create a query to investigate DNS-related activity. The solution must meet the Microsoft Sentinel requirements. How should you complete the Query? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that uses Microsoft Copilot for Security. You plan to run the following code to create a custom Copilot for Security plugin. You need to specify a format and complete the code segment. Which format should you use for the <target> variable?

You are investigating an incident in Azure Sentinel that contains more than 127 alerts. You discover eight alerts in the incident that require further investigation. You need to escalate the alerts to another Azure Sentinel administrator. What should you do to provide the alerts to the administrator?

HOTSPOT You have a Microsoft 365 subscription that uses Microsoft 365 Defender and contains a user named User1. You are notified that the account of User1 is compromised. You need to review the alerts triggered on the devices to which User1 signed in. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.