Skip to main content
Cybersecurity ⭐ Premium

Microsoft Security Operations Analyst (SC-200) - 340 Questions

By Webmaster Certland English ❤️ 0 likes

Practice exam for the Microsoft SC-200 Security Operations Analyst certification. Covers all 4 official exam domains: Manage a Security Operations Environment, Configure Protections and Detections, Manage Incident Response, and Manage Security Threats. Validates skills in Microsoft Defender XDR, Microsoft Sentinel, Microsoft Security Copilot, and Defender for Cloud.

🔒

Premium Content

This exam is exclusive to Premium users. Upgrade to get unlimited access!

Become Premium

👁️ Free Preview (5 of 340 questions)

1. A security analyst needs to ensure that the SOC team receives email notifications whenever a high-severity alert is generated for devices in the 'Finance' device group. Which feature in Microsoft Defender XDR should the analyst configure?

A Configure alert notification rules scoped to the Finance device group with High severity
B Create a suppression rule for the Finance device group alerts
C Set the automation level in automated investigation settings for the Finance group
D Review and approve pending actions in the Action Center for Finance devices

2. A SOC team wants to prevent attackers from tampering with Microsoft Defender for Endpoint security settings on Windows endpoints. Which advanced feature should the security administrator enable?

A Enable EDR in block mode
B Enable Tamper Protection
C Enable Network Protection
D Enable Live Response

3. A security analyst needs to remotely collect forensic artifacts and run scripts on a compromised Windows device without disrupting end users. Which Microsoft Defender for Endpoint advanced feature must be enabled first?

A Enable Automated Investigation
B Enable Deception Rules
C Enable Live Response
D Enable Web Content Filtering

4. A SOC analyst is reviewing alerts and identifies a recurring benign alert generated by a known internal scanning tool. The analyst wants to stop this alert from appearing in the queue. Which feature should the analyst use?

A Create a suppression rule matching the alert title and the internal scanning tool
B Add the scanning tool executable to the antivirus exclusions list
C Modify the alert notification rule to exclude the device group
D Add the scanning tool's IP as an allow indicator

5. A security administrator wants to block a specific malicious file hash across all onboarded endpoints using Microsoft Defender for Endpoint. Which endpoint rule setting should be used?

A Create a suppression rule for the malicious file hash
B Configure an alert notification rule for file hash detections
C Assign the affected devices to a separate device group
D Add the file hash as a block indicator under endpoint indicators

Want to test yourself for real?

Create a free account and run our exam simulation engine.

Free No credit card
  • Simulation engine
  • Up to 10 questions per attempt
  • Score & basic stats
Create free account Already have an account? Sign in
Best
Premium Premium
  • All 340 questions
  • Detailed explanations
  • Smart Practice + Focus Mode
⭐ Get Premium

Information

Questions 340
Time 2h
Difficulty Medium
Minimum Score 70.00%
▶ Try 5 questions — no account needed 🔒 Unlock all questions — Premium 🤍 Like

Related Exams

⭐ Premium

Microsoft Azure Security Technologies (AZ-500) - 340 Questions

340 questions · English
⭐ Premium

Microsoft Cybersecurity Architect (SC-100) - 340 Questions

340 questions · English
⭐ Premium

Microsoft Identity and Access Administrator (SC-300) - 340 Questions

340 questions · English
⭐ Premium

AWS Certified Security Specialty (SCS-C03) - 340 Questions

340 questions · English

Discussion

No comments yet. Be the first to start the discussion!

Sign in to join the discussion.