Question 1

Your company uses Microsoft Sentinel

A new security analyst reports that she cannot assign and resolve incidents in Microsoft Sentinel.

You need to ensure that the analyst can assign and resolve incidents. The solution must use the principle of least privilege.

Which role should you assign to the analyst?

AMicrosoft Sentinel Responder

BLogic App Contributor

CMicrosoft Sentinel Reader

DMicrosoft Sentinel Contributor

Answer : A

Question 2

You have an Azure subscription that uses Microsoft Sentinel.

You need to create a custom report that will visualise sign-in information over time.

What should you create first?

Aa workbook

Ba hunting query

Ca notebook

Da playbook

Answer : A

Question 3

You create an Azure subscription.

You enable Microsoft Defender for Cloud for the subscription.

You need to use Defender for Cloud to protect on-premises computers.

What should you do on the on-premises computers?

AConfigure the Hybrid Runbook Worker role.

BInstall the Connected Machine agent.

CInstall the Log Analytics agent

DInstall the Dependency agent.

Answer : C

Question 4

You need to minimize the effort required to investigate the Microsoft Defender for Identity false positive alerts. What should you review?

Athe status update time

Bthe alert status

Cthe certainty of the source computer

Dthe resolution method of the source computer

Answer : B

Question 5

You need to deploy the native cloud connector to Account! to meet the Microsoft Defender for Cloud requirements. What should you do in Account! first?

ACreate an AWS user for Defender for Cloud.

BCreate an Access control (1AM) role for Defender for Cloud.

CConfigure AWS Security Hub.

DDeploy the AWS Systems Manager (SSM) agent

Answer : D

Free SC-200 Questions for Microsoft SC-200 Exam as PDF & Practice Test Software

Question 1

Question 2

Question 3

Question 4

Question 5