Back

Practice Free SC-200 Exam Online Questions

Question #101

You have an Azure subscription that contains a Microsoft Sentinel workspace. The workspace contains a Microsoft Defender for Cloud data connector. You need to customize which details will be included when an alert is created for a specific event.

What should you do?

  • A . Modify the properties of the connector.
  • B . Create a Data Collection Rule (DCR).
  • C . Create a scheduled query rule.
  • D . Enable User and Entity Behavior Analytics (UEBA)

Reveal Solution Hide Solution

Correct Answer: D
Question #102

Your company uses Microsoft Sentinel

A new security analyst reports that she cannot assign and resolve incidents in Microsoft Sentinel.

You need to ensure that the analyst can assign and resolve incidents. The solution must use the principle of least privilege.

Which role should you assign to the analyst?

  • A . Microsoft Sentinel Responder
  • B . Logic App Contributor
  • C . Microsoft Sentinel Reader
  • D . Microsoft Sentinel Contributor

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The Microsoft Sentinel Responder role allows users to investigate, triage, and resolve security incidents, which includes the ability to assign incidents to other users. This role is designed to provide the necessary permissions for incident management and response while still adhering to the principle of least privilege. Other roles such as Logic App Contributor and Microsoft Sentinel Contributor would have more permissions than necessary and may not be suitable for the analyst’s needs. Microsoft Sentinel Reader role is not sufficient as it doesn’t have permission to assign and resolve incidents.

Reference: https://docs.microsoft.com/en-us/azure/sentinel/role-based-access-control-rbac
Question #103

You use Azure Defender.

You have an Azure Storage account that contains sensitive information.

You need to run a PowerShell script if someone accesses the storage account from a suspicious IP address.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

  • A . From Azure Security Center, enable workflow automation.
  • B . Create an Azure logic appthat has a manual trigger
  • C . Create an Azure logic app that has an Azure Security Center alert trigger.
  • D . Create an Azure logic appthat has an HTTP trigger.
  • E . From Azure Active Directory (Azure AD), add an app registration.

Reveal Solution Hide Solution

Correct Answer: AC
AC

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/azure-defender-storage-configure?tabs=azure-security-center

https://docs.microsoft.com/en-us/azure/security-center/workflow-automation