{"id":81435,"date":"2022-03-04T01:48:19","date_gmt":"2022-03-04T07:18:19","guid":{"rendered":"https:\/\/www.whizlabs.com\/blog\/?p=81435"},"modified":"2022-03-07T06:11:15","modified_gmt":"2022-03-07T11:41:15","slug":"microsoft-sc-200-exam-questions","status":"publish","type":"post","link":"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/","title":{"rendered":"Free Questions for Exam SC-200: Microsoft Security Operations Analyst"},"content":{"rendered":"<p>If you are looking for Free <a href=\"https:\/\/www.whizlabs.com\/microsoft-security-operations-analyst-sc-200\/\"><strong>SC-200 exam questions<\/strong><\/a> and preparing for SC-200 certification exam? &#8211; Then this article helps you in the exam preparation for SC-200 (Microsoft Security Operations Analyst certification exam). As we know that threats and security vulnerabilities in cloud computing are massively increasing. Effective usage of Microsoft 365 defender and Sentinel helps us to overcome such security issues and ensures healthy communication in a cloud environment.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ea7e02;color:#ea7e02\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ea7e02;color:#ea7e02\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#How_to_prepare_for_the_SC-200_Microsoft_Security_Operations_Analyst_Certification_Exam\" >How to prepare for the SC-200 Microsoft Security Operations Analyst Certification Exam?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Microsoft_365_Defender\" >Domain : Mitigate threats using Microsoft 365 Defender<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Microsoft_365_Defender-2\" >Domain : Mitigate threats using Microsoft 365 Defender<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Microsoft_365_Defender-3\" >Domain : Mitigate threats using Microsoft 365 Defender<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Microsoft_365_Defender-4\" >Domain : Mitigate threats using Microsoft 365 Defender<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Microsoft_365_Defender-5\" >Domain : Mitigate threats using Microsoft 365 Defender<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Microsoft_365_Defender-6\" >Domain : Mitigate threats using Microsoft 365 Defender<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Azure_Sentinel\" >Domain : Mitigate threats using Azure Sentinel<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Azure_Sentinel-2\" >Domain : Mitigate threats using Azure Sentinel<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Azure_Defender\" >Domain : Mitigate threats using Azure Defender<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Azure_Defender-2\" >Domain : Mitigate threats using Azure Defender<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Azure_Defender-3\" >Domain : Mitigate threats using Azure Defender<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Azure_Defender-4\" >Domain : Mitigate threats using Azure Defender<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Azure_Sentinel-3\" >Domain : Mitigate threats using Azure Sentinel<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Microsoft_365_Defender-7\" >Domain : Mitigate threats using Microsoft 365 Defender<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Azure_Defender-5\" >Domain : Mitigate threats using Azure Defender<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Azure_Defender-6\" >Domain : Mitigate threats using Azure Defender<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Azure_Defender-7\" >Domain : Mitigate threats using Azure Defender<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Azure_Defender-8\" >Domain : Mitigate threats using Azure Defender<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Azure_Sentinel-4\" >Domain : Mitigate threats using Azure Sentinel<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Azure_Sentinel-5\" >Domain : Mitigate threats using Azure Sentinel<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Azure_Sentinel-6\" >Domain : Mitigate threats using Azure Sentinel<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Azure_Sentinel-7\" >Domain : Mitigate threats using Azure Sentinel<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Azure_Sentinel-8\" >Domain : Mitigate threats using Azure Sentinel<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Azure_Sentinel-9\" >Domain : Mitigate threats using Azure Sentinel<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Domain_Mitigate_threats_using_Azure_Sentinel-10\" >Domain : Mitigate threats using Azure Sentinel<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-sc-200-exam-questions\/#Summary\" >Summary<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"How_to_prepare_for_the_SC-200_Microsoft_Security_Operations_Analyst_Certification_Exam\"><\/span>How to prepare for the SC-200 Microsoft Security Operations Analyst Certification Exam?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Preparation for the Microsoft security operations analyst certification exam is very simple. You need to be very thorough on the exam objectives, then you have to learn the expected skills through video courses. By learning through video courses, you will be able to understand the exam objectives very clearly.<\/p>\n<p>Once you are ready to take up the exam, test your earned skills by taking out these free questions on SC-200 and practice tests. If you found struggling in any topics, then re-learn and attempt the mock tests again before taking the actual exam.<\/p>\n<p>These Free questions give you foundational knowledge and help in your SC-200 exam preparation. Let&#8217;s start exploring!<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Microsoft_365_Defender\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Microsoft 365 Defender<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q1 : You are a\u00a0 SOC Analyst of a company XYZ that has implemented Microsoft Defender for Endpoint. You are allocated an incident with alerts related to a doubtful PowerShell command line. You start by going through the incident and apprehend all the related alerts, devices, and evidence.<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">You open the alert page to evaluate the Alert and choose to perform further analysis on the device. You open the Device page and decide that you require remote access to the device to collect more forensics information using a custom .ps1 script.<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">Which type of information is gathered in an Investigation package?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Prefetch Files<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Network transactions<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Command History<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Process History<\/span><\/p>\n<p><b>Correct Answer:<\/b> <b>A<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Network transactions, Process and Command History are not collected. Only Prefetch files are collected.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">An investigation package contains the following folders when you collect it from a device as part of the investigation process. These can help us identify the present state of devices and methods used by attackers.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Autoruns, installed programs, Network Connections, Prefetch files, Prefetch folder, Processes, Scheduled tasks, Security event log, Services, Windows Server Message Block (SMB) sessions, System Information, Temp Directories, Users and Groups, WdSupportLogs, CollectionSummaryReport.xls<\/span><\/p>\n<p><b>\u00a0Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender-endpoint\/respond-machine-alerts?view=o365-worldwide\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender-endpoint\/respond-machine-alerts?view=o365-worldwide<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Microsoft_365_Defender-2\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Microsoft 365 Defender<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q2 : Which information is shared on the user account page?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Security groups<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Threat hunt ID<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Associated alerts<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>All of the above<\/span><\/p>\n<p><b>Correct Answer:<\/b> <b>C<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The security groups, user accounts belong to and threat hunt ID is not shown.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Associated alerts are made available.<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-81445 size-full\" title=\"Alerts Microsoft Defender\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-2.png\" alt=\"Alerts Microsoft Defender\" width=\"596\" height=\"629\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-2.png 596w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-2-284x300.png 284w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-2-398x420.png 398w\" sizes=\"(max-width: 596px) 100vw, 596px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender\/investigate-users?view=o365-worldwide\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender\/investigate-users?view=o365-worldwide<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Microsoft_365_Defender-3\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Microsoft 365 Defender<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q3 : Microsoft Defender for Endpoint gives configuration selections for alerts and detections. These include notifications, custom indicators, and detection rules. Which filter is a part of an Alert notification rule?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Subject IDs<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Alert Severity<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Account<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Alert IDs<\/span><\/p>\n<p><b>Correct Answer:<\/b> <b>B<\/b><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-81446 size-full\" title=\"Notification Settings in Microsoft Defender\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-3.png\" alt=\"Notification Settings in Microsoft Defender\" width=\"985\" height=\"503\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-3.png 985w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-3-300x153.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-3-768x392.png 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-3-822x420.png 822w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-3-640x327.png 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-3-681x348.png 681w\" sizes=\"(max-width: 985px) 100vw, 985px\" \/><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender-endpoint\/configure-email-notifications?view=o365-worldwide\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender-endpoint\/configure-email-notifications?view=o365-worldwide<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Microsoft_365_Defender-4\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Microsoft 365 Defender<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q4 : From which of the following can a SOC (<\/span><b>Security Operation Center<\/b><span style=\"font-weight: 400;\">) analyst make a customized detection?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Alert<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Incident<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Advanced Hunting<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Request<\/span><\/p>\n<p><b>Correct Answer:<\/b> <b>C<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Advanced hunting gives a choice to save the query as a detection, while Alert and Incident don&#8217;t provide an option to save as a detection.<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-81447 size-full\" title=\"Advanced Hunting in Microsoft Defender\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-4.png\" alt=\"Advanced Hunting in Microsoft Defender\" width=\"782\" height=\"635\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-4.png 782w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-4-300x244.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-4-768x624.png 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-4-517x420.png 517w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-4-640x520.png 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-4-681x553.png 681w\" sizes=\"(max-width: 782px) 100vw, 782px\" \/><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender\/advanced-hunting-query-results?view=o365-worldwide\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender\/advanced-hunting-query-results?view=o365-worldwide<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Microsoft_365_Defender-5\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Microsoft 365 Defender<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q5 : Microsoft 365 Defender gives a purpose-based UI to manage and examine security incidents and alerts across Microsoft 365 services.<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">You are a SOC Analyst working at a company XYZ that has configured Microsoft 365 Defender solutions, including Defender for Endpoint, Defender for Identity, Defender for Office 365, and Cloud App Security.<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">You are required to monitor related alerts across all the solutions as a single incident to observe the incident&#8217;s full impact and do an RCA (root cause investigation). The Microsoft Security center portal has a fused view of incidents and actions are taken on them.<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">Which tab is present on the incident page when investigating a particular incident?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Machines<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Mailboxes<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Networks<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Incidents<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-81448 size-full\" title=\"Multistage Incident in Microsoft Defender\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-5.png\" alt=\"Multistage Incident in Microsoft Defender\" width=\"1156\" height=\"434\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-5.png 1156w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-5-300x113.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-5-1024x384.png 1024w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-5-768x288.png 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-5-1119x420.png 1119w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-5-640x240.png 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-5-681x256.png 681w\" sizes=\"(max-width: 1156px) 100vw, 1156px\" \/><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender-endpoint\/investigate-incidents?view=o365-worldwide\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender-endpoint\/investigate-incidents?view=o365-worldwide<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Microsoft_365_Defender-6\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Microsoft 365 Defender<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em>Q6 : Insider risk management in Microsoft 365 benefits organizations by addressing internal risks, such as Intellectual Property theft, fraud, sabotage, etc. A credit card database admin\u2019s unencrypted work laptop got stolen at a home in a burglary. Sensitive data for 1000 users was on the laptop. Which type of internal risk is this an example of?<\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Sabotage<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Data leak<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>IP Theft<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Regulatory compliance violation<\/span><\/p>\n<p><b>Correct Answer:<\/b> <b>D<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><b>Option D is correct.<\/b><span style=\"font-weight: 400;\"> If a business handles the personal, medical, sensitive, or classified data of individuals or government organizations, the law requires you to follow strict compliance regulations.<\/span><br \/>\n<b>Options A and C are incorrect.<\/b><span style=\"font-weight: 400;\"> Sabotage and IP Theft include acting to harm specific individuals, the organization, or the organization\u2019s data systems or daily business operations.<\/span><br \/>\n<b>Option B is incorrect.<\/b><span style=\"font-weight: 400;\"> There is a potential data leak situation here. However, there is an internal risk due to actions or non-actions before a leak might occur.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/insider-risk-management?view=o365-worldwide\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/insider-risk-management?view=o365-worldwide<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Azure_Sentinel\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Azure Sentinel<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q7 : You are using Azure Defender and Azure Sentinel to protect your cloud workloads and monitor your environment.<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">You need to use the Kusto Query Language (KQL) to construct a query that identifies Azure Defender alerts.<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">What query should you write to meet this requirements? To answer, complete the query by selecting the correct options from the drop down menus.<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">| where ProductName == \u201c________________________\u201d<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Azure Security Center<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Azure Security Sentinel<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Security Alert<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Security Events<\/span><\/p>\n<p><b>Correct Answer: A<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">You should complete the query as follows:<\/span><\/p>\n<p><span style=\"font-weight: 400;\">| where ProductName == &#8220;Azure Security Center&#8221;<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This completes a basic query to identify all security alerts in Azure Security Center. Placing SecurityAlert first queries the SecurityAlert table, and then using | where ProductName ==&#8221;Azure Security Center&#8221; afterwards ensures that in that SecurityAlert table you are only looking for entries where the ProductName column has a value of Azure Security Center.From here, you can expand. For example, you could use KQL to specify time frames or specific devices to query. Kusto Query Language (KQL) is the language you will use when building queries in Azure Sentinel. Queries serve as a way to search through the massive amount of data Azure Sentinel has access to.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You should not begin the query with Azure Security Center. The structure of a query requires that you first identify the key table you will be querying. The SecurityAlert table includes the security alerts that are being digested by Azure Sentinel. You should first query this table, then narrow the search to the alerts coming from the Azure Security Center product.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You should not begin the query with Azure Sentinel. Again, the structure of a query requires that you first identify the key table you will be querying. In this case, that would be the SecurityAlert table. More importantly, while Azure Sentinel is the solution aggregating this data and performing the query, it should not be used as the ProductName. This should be specified as the Azure Security Center.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You should not end the query with Azure Sentinel. As mentioned in the paragraph above, the ProductName (solution source) for the SecurityAlert (alerts) table you should query is Azure Security Center. The query would be run in Azure Sentinel, but do not confuse the solution being queried with the one running the query.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You should not end the query with SecurityAlert. Here you need to name the solution you want to query. In this case, that is Azure Security Center. SecurityAlert would not be a valid ProductName.<\/span><\/p>\n<p><b>Reference<\/b><span style=\"font-weight: 400;\">: <\/span><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/sentinel\/connect-azure-security-center\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/azure\/sentinel\/connect-azure-security-center<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Azure_Sentinel-2\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Azure Sentinel<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q8 : You are threat hunting using Azure Sentinel. You have created a query designed to identify a specific event on your domain controller. You need to create several similar queries because you have multiple domain controllers and want to keep each query separate. The solution should minimize administrative effort.<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">Which three actions should you perform in sequence to clone a query? To answer, move the appropriate actions from the list of possible actions to the answer area and arrange them in the correct order.<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">Create a list in the correct order.<\/span><\/em><\/h4>\n<ol>\n<li>\n<h4><em><span style=\"font-weight: 400;\"> Choose Clone query by clicking the ellipsis icon at the end of the row.<\/span><\/em><\/h4>\n<\/li>\n<li>\n<h4><em><span style=\"font-weight: 400;\"> On the Hunting page of Azure Sentinel. Select New query.<\/span><\/em><\/h4>\n<\/li>\n<li>\n<h4><em><span style=\"font-weight: 400;\"> On the Create Custom query, make your edits then click the Create button.<\/span><\/em><\/h4>\n<\/li>\n<li>\n<h4><em><span style=\"font-weight: 400;\"> Select the ellipsis in the line of the query you want to modify, and select Edit query.<\/span><\/em><\/h4>\n<\/li>\n<li>\n<h4><em><span style=\"font-weight: 400;\"> On the Hunting page of the Azure Sentinel, find the query you wish to clone.<\/span><\/em><\/h4>\n<\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>A-&gt;C-&gt;E<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>D -&gt; C -&gt; A<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>C -&gt; E -&gt; A<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>E -&gt; A -&gt; C<\/span><\/p>\n<p><b>Correct Answer:<\/b> <b>D<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">You should perform the following tasks in order:<\/span><\/p>\n<ol>\n<li><span style=\"font-weight: 400;\"> On the Hunting page of Azure Sentinel, find the query you wish to clone.<\/span><\/li>\n<li><span style=\"font-weight: 400;\"> Choose Clone query by clicking the ellipsis icon at the end of the row.<\/span><\/li>\n<li><span style=\"font-weight: 400;\"> On the Create custom query page, make your edits, then click the Create button.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">First, you should find the query you wish to clone. You will do this by navigating to the Hunting page within Azure Sentinel and then looking through the list of queries. This will allow you to ensure the right initial query is cloned in the next step.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Next, you should choose the Clone query option. This is accessible via the ellipsis at the end of the row for the query you found in step one. This will make a copy of the query you identified in the first step and take you to the page where you can make changes to that copy.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Finally, you should make your edits, then click the Create button. These edits will be made on the Create custom query page, which is the page you are taken to after selecting the Clone query in step two. This will allow you to tweak the copy to your needs. When you click Create, the initial query you copied will still exist in its original state, and a new query with the changes you make in this step will be generated\/saved.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This process would allow you, for example, to alter the IP or hostname in the query to match your other domain controllers (DCs) but keep the rest of the query the same. As mentioned above, it also leaves the original query untouched\/as-is. This is a fast, efficient way to make several related queries but require minor tweaks to meet the desired outcome. Starting each query from scratch would take much longer and would be more likely to result in human error in the query syntax.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You should not select New query on the Hunting page of Azure Sentinel. While this option could ultimately be chosen to generate the queries for your other DCs, you would be starting from scratch, as mentioned above. If you only need to change a few minor things in your query, going to New query is a waste of time as the clone option gives you a better starting point.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You should not select the ellipsis in the line of the query you want to modify and select the Edit query. This would allow you to edit an existing query, but it would not create a copy of it. Any edits made here would alter the original query. With the Clone query option, you leave the original unaltered while efficiently creating new queries based on it.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/sentinel\/hunting\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/azure\/sentinel\/hunting<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Azure_Defender\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Azure Defender<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q9 : By which of the following Azure Defender\u2019s main role can be described?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Cloud configuration management<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Cloud security posture management<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Cloud workload protection<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Cloud Security Management<\/span><b>\u00a0<\/b><\/p>\n<p><b>Correct Answer: C<\/b><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Azure Defender is for Cloud workload protection, not for Cloud Security posture, security, and configuration management. Hence, only <\/span><b>option C is correct.<\/b><br \/>\n<b>Options A, B, and D are incorrect.<\/b><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/azure-defender\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/azure-defender<\/span><\/a><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Azure_Defender-2\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Azure Defender<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q10 : Which selection helps you ensure Azure Defender is enabled over all the resources in a Subscription?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Continuous assessments<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Coverage type<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Automatic provisioning<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Azure Arc<\/span><\/p>\n<p><b>Correct Answer:<\/b> <b>C<\/b><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Option C is correct <\/b><span style=\"font-weight: 400;\">as Automatic provisioning will install the required agent for the resources.<\/span><br \/>\n<b>Options A &amp; B are incorrect <\/b><span style=\"font-weight: 400;\">as such feature is not present under Continuous assessments and coverage.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/azure-defender\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/azure-defender<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Azure_Defender-3\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Azure Defender<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q11 : You are a SOC (<\/span><b>Security Operations Center<\/b><span style=\"font-weight: 400;\">) Analyst working at a company that is in the process of deploying cloud workload protection with Azure Defender.<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">You are the SOC team member working with the application and infrastructure teams to architect the resource architecture for the new web application that uses containers and Azure SQL. You are accountable for ensuring the workloads are secure with Azure Defender and offer options for non-protected workloads.<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">Which attribute of Azure Defender inspects registries and files of application software, operating system, and others for any changes that might point out an attack?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>File integrity monitoring<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Adaptive application controls<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Adaptive network hardening<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Log Inspection <\/span><b>\u00a0<\/b><\/p>\n<p><b>Correct Answer:<\/b> <b>A<\/b><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Option A is correct. <\/b><span style=\"font-weight: 400;\">File integrity monitoring examines files.<\/span><br \/>\n<b>Option B is incorrect. <\/b><span style=\"font-weight: 400;\">This option is related to Applications.<\/span><br \/>\n<b>Option C is incorrect.<\/b><span style=\"font-weight: 400;\"> This option is related to Network Security Groups.<\/span><br \/>\n<b>Option D is incorrect. <\/b><span style=\"font-weight: 400;\">This option is not related to Azure Defender.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/azure-defender\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/azure-defender<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Azure_Defender-4\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Azure Defender<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q12 : You are a SOC Analyst for company XYZ that is deploying cloud workload protection with Azure Defender. Your work is to ensure Azure Defender automatically protects the Azure resources. Your organization has a small number of Azure virtual machines that are not part of the auto-provisioning scheme. You must manually configure protection for these Azure resources.<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">Which of the below is an extension of auto-provisioning?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Windows Events<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Policy for Azure Policy<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Policy Add-on for Kubernetes<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Policy for DNS<\/span><\/p>\n<p><b>Correct Answer:<\/b> <b>C<\/b><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Option C is correct <\/b><span style=\"font-weight: 400;\">as we get to provision policies for Kubernetes under the settings tab.<\/span><br \/>\n<b>Options A, B and D are incorrect<\/b><span style=\"font-weight: 400;\"> as we don\u2019t get them to provision automatically using Security Center.<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-81449 size-full\" title=\"Azure Defender Auto provisioning\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-12.png\" alt=\"Azure Defender Auto provisioning\" width=\"1083\" height=\"460\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-12.png 1083w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-12-300x127.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-12-1024x435.png 1024w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-12-768x326.png 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-12-989x420.png 989w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-12-640x272.png 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-12-681x289.png 681w\" sizes=\"(max-width: 1083px) 100vw, 1083px\" \/><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/azure-defender\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/azure-defender<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Azure_Sentinel-3\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Azure Sentinel<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q13 : You are a SOC Analyst employed at a company that has set up cloud workload protection with Azure Defender. You are in charge of remediating security alerts created by Azure Defender detections.<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">You get an alert regarding a container; the alert offers information to manually remediate the issue and what you can do in the future to stop further attacks. You work with the infra team to resolve the issue. The infrastructure team provides recommendations for making automated remediation tasks for future alerts regarding the same problem.<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">You are requested to provide a report containing tools, tactics and procedures. Which of the following feature will you use to leverage to do the same?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Incident<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Threat Intelligence<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Secure Score<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Threat Score<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><b>Option B is correct. <\/b><span style=\"font-weight: 400;\">The threat intelligence report contains attacker information if available.<\/span><br \/>\n<b>Options A, C, and D are incorrect <\/b><span style=\"font-weight: 400;\">as we don\u2019t have the feasibility of downloading the report.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/security-center-threat-report\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/security-center-threat-report<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Microsoft_365_Defender-7\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Microsoft 365 Defender<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q14 : You need to give a manager, jdoe@Contoso.onmicrosoft.com, the ability to read events in the security center, but prevent them from making any changes. Which command should you use?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Add-MsolRoleMember -RoleName &#8220;Security Administrator&#8221; -RoleMemberEmailAddress <\/span><a href=\"mailto:jdoe@Contoso.onmicrosoft.com\"><span style=\"font-weight: 400;\">jdoe@Contoso.onmicrosoft.com<\/span><\/a><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Add-MsolRoleMember -RoleName &#8220;Security Reader&#8221; -RoleMemberEmailAddress <\/span><a href=\"mailto:jdoe@Contoso.onmicrosoft.com\"><span style=\"font-weight: 400;\">jdoe@Contoso.onmicrosoft.com<\/span><\/a><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Add-MsolRoleMember -RoleName &#8220;Global Administrator&#8221; -RoleMemberEmailAddress <\/span><a href=\"mailto:jdoe@Contoso.onmicrosoft.com\"><span style=\"font-weight: 400;\">jdoe@Contoso.onmicrosoft.com<\/span><\/a><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Add-MsolRoleMember -RoleName &#8220;Global Reader&#8221; -RoleMemberEmailAddress jdoe@Contoso.onmicrosoft.com<\/span><\/p>\n<p><b>Correct Answer:<\/b> <b>B<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><b>Option B is correct.<\/b><span style=\"font-weight: 400;\"> Read-only access is granted to users with a Security Reader role in Azure AD. Always follow the principle of least privilege.<\/span><br \/>\n<b>Option A is incorrect. <\/b><span style=\"font-weight: 400;\">A security administrator can read security information and reports and manage configuration.<\/span><br \/>\n<b>Option C is incorrect. <\/b><span style=\"font-weight: 400;\">A global admin can manage all aspects of Azure and Microsoft services that use Azure identities.<\/span><br \/>\n<b>Option D is incorrect. <\/b><span style=\"font-weight: 400;\">A global reader can read everything that a Global Administrator can.<\/span><\/p>\n<p><b>Reference<\/b><span style=\"font-weight: 400;\">: <\/span><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender-endpoint\/rbac?view=o365-worldwide\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender-endpoint\/rbac?view=o365-worldwide<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Azure_Defender-5\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Azure Defender<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q15 : If you have a security recommendation that is not applicable for your environment, and you don\u2019t want to negatively affect your secure score, which option is the most appropriate to use?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Create an exemption for the recommendation<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Disable the recommendation<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Create a new resource group and exempt the recommendation from the resource group<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Create a custom recommendation<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Option B is correct. <\/b><span style=\"font-weight: 400;\">It is recommended for disabling recommendations when they&#8217;re inapplicable in your environment.<\/span><br \/>\n<b>Options A, C &amp; D are incorrect.<\/b><span style=\"font-weight: 400;\"> It is not possible and appropriate to do them.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/security-center-recommendations\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/security-center-recommendations<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Azure_Defender-6\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Azure Defender<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q16 : When configuring GCP Connector in Azure Defender, which component is mandatory to have already configured in GCP?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>GCP Security Command Center<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Security Hub<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Google Cloud Console API<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>All the options above<\/span><\/p>\n<p><b>Correct Answer: A<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><b>Option A is correct.<\/b><span style=\"font-weight: 400;\"> The integration of GCP in Azure Defender leverages Google Security Command Center and is required for data to be available.<\/span><br \/>\n<b>Option B,C &amp; D are incorrect.<\/b><span style=\"font-weight: 400;\"> These are later steps when configuring the GCP connector in Azure Defender.<\/span><\/p>\n<p><b>Reference<\/b><span style=\"font-weight: 400;\">: <\/span><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/quickstart-onboard-gcp\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/quickstart-onboard-gcp<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Azure_Defender-7\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Azure Defender<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q17 : When reviewing Just-in-Time VM access, you noticed that some VMs appear under \u201cNot Applicable\u201d. What are the reasons that must be present for a VM to be considered not applicable?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>The VM is not assigned to a network security group<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>The VM is not protected by a Firewall<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>The VM has JIT already enabled<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>VM has been deployed through ARM (Azure Resource Manager)<\/span><\/p>\n<p><b>Correct Answers: A and B<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><b>Options A &amp; B are correct.<\/b><br \/>\n<span style=\"font-weight: 400;\">JIT is not supported on VMs where:<\/span><br \/>\n<span style=\"font-weight: 400;\">It is missing a network security group (NSG) or Azure Firewall.<\/span><br \/>\n<span style=\"font-weight: 400;\">Deployed as classic VM &#8211; JIT only supports VMs deployed through ARM, not &#8216;classic deployment&#8217;. Hence, <\/span><b>Option D is incorrect.<\/b><br \/>\n<span style=\"font-weight: 400;\">Other &#8211; Your VM might be in this tab if the JIT solution is disabled in the security policy of the subscription or the resource group.<\/span><br \/>\n<b>Option C is incorrect.<\/b><span style=\"font-weight: 400;\"> JIT is already enabled.<\/span><\/p>\n<p><b>Reference<\/b><span style=\"font-weight: 400;\">: <\/span><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/just-in-time-explained\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/just-in-time-explained<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Azure_Defender-8\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Azure Defender<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q18 : What capabilities given below are part of Azure Defender for Servers?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Adaptive Application Control<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Integration with Qualys for Vulnerability Assessment<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Adaptive Network Hardening<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Fileless attack detection for Windows<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>E. <\/strong>Vulnerability assessment for Azure Container Registries<\/span><\/p>\n<p><b>Correct Answers: A, B, C and D<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><b>Options A, B, C and D are correct.<\/b><span style=\"font-weight: 400;\"> They are capabilities of Azure Defender.<\/span><br \/>\n<b>Option E is incorrect <\/b><span style=\"font-weight: 400;\">as it is not a feature of Azure Defender.<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-81450 size-full\" title=\"Security Center in Azure Defender\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-18.png\" alt=\"Security Center in Azure Defender\" width=\"1357\" height=\"1010\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-18.png 1357w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-18-300x223.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-18-1024x762.png 1024w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-18-768x572.png 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-18-564x420.png 564w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-18-80x60.png 80w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-18-100x75.png 100w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-18-180x135.png 180w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-18-238x178.png 238w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-18-640x476.png 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-18-681x507.png 681w\" sizes=\"(max-width: 1357px) 100vw, 1357px\" \/><\/p>\n<p><b>Reference<\/b><span style=\"font-weight: 400;\">: <\/span><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/defender-for-servers-introduction\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/defender-for-servers-introduction<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Azure_Sentinel-4\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Azure Sentinel<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q19 : Azure Sentinel for SAP only supports cloud-based implementations of SAP.<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>True<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>False<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-81451 size-full\" title=\"Mitigate threats using Azure Sentinel\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-19.jpg\" alt=\"Mitigate threats using Azure Sentinel\" width=\"1369\" height=\"738\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-19.jpg 1369w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-19-300x162.jpg 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-19-1024x552.jpg 1024w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-19-768x414.jpg 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-19-779x420.jpg 779w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-19-640x345.jpg 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-19-681x367.jpg 681w\" sizes=\"(max-width: 1369px) 100vw, 1369px\" \/><\/p>\n<p><b>Reference<\/b><span style=\"font-weight: 400;\">: <\/span><a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/05\/19\/protecting-sap-applications-with-the-new-azure-sentinel-sap-threat-monitoring-solution\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/www.microsoft.com\/security\/blog\/2021\/05\/19\/protecting-sap-applications-with-the-new-azure-sentinel-sap-threat-monitoring-solution\/<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Azure_Sentinel-5\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Azure Sentinel<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q20 : Which of the following APIs should be used to assist with managing content through a CI\/CD pipeline?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Security Graph API<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Query API<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Azure Sentinel Management API<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Threat intelligence API<\/span><\/p>\n<p><b>Correct Answer: C<\/b><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Option C is correct.<\/b><span style=\"font-weight: 400;\"> Azure Sentinel API can be used in CI\/CD pipeline for content management.<\/span><br \/>\n<b>Option A is incorrect. <\/b><span style=\"font-weight: 400;\">The Microsoft Graph Security API is an intermediary service (or broker) that provides a single programmatic interface to connect multiple Microsoft Graph Security providers (also called security providers or providers).<\/span><br \/>\n<b>Option B is incorrect. <\/b><span style=\"font-weight: 400;\">Query API sends a query to the service.<\/span><br \/>\n<b>Option D is incorrect.<\/b><span style=\"font-weight: 400;\"> Threat intelligence API is responsible for threat intelligence feeds and data.<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-81452 size-full\" title=\"Role assignment in Azure sentinel\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-20.png\" alt=\"Role assignment in Azure sentinel\" width=\"999\" height=\"385\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-20.png 999w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-20-300x116.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-20-768x296.png 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-20-640x247.png 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-20-681x262.png 681w\" sizes=\"(max-width: 999px) 100vw, 999px\" \/><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/techcommunity.microsoft.com\/t5\/azure-sentinel\/azure-sentinel-api-101\/ba-p\/1438928\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/techcommunity.microsoft.com\/t5\/azure-sentinel\/azure-sentinel-api-101\/ba-p\/1438928<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Azure_Sentinel-6\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Azure Sentinel<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q21 : What does the &#8220;h&#8221; in front of a string literal such as h&#8217;my string&#8217; mean?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>The string is considered hot path data<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>The string is a hyperlink<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>The string is obfuscated<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Nothing &#8211; this character is always ignored<\/span><\/p>\n<p><b>Correct Answer: C<\/b><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Option C is correct. <\/b><span style=\"font-weight: 400;\">An obfuscated string literal can be formed by taking a &#8220;regular&#8221; string literal and prepending an h or an H character in front of it.<\/span><br \/>\n<b>Options A, B, and D are incorrect <\/b><span style=\"font-weight: 400;\">as &#8216;h&#8217; is used only for obfuscation.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/data-explorer\/kusto\/query\/scalar-data-types\/string\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/azure\/data-explorer\/kusto\/query\/scalar-data-types\/string<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Azure_Sentinel-7\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Azure Sentinel<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q22 : Additional permissions are required to launch a playbook from automation rules.<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>True<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>False<\/span><\/p>\n<p><b>Correct Answer:<\/b> <b>A<\/b><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Option A is correct. <\/b><span style=\"font-weight: 400;\">Azure Sentinel requires explicit permissions to run playbooks.<\/span><br \/>\n<b>Option B is incorrect.<\/b><span style=\"font-weight: 400;\"> If playbook shows unavailable, it means that Azure Sentinel does not have these permissions.<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-81453 size-full\" title=\"Run playbook in Azure sentinel\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-22.png\" alt=\"Run playbook in Azure sentinel\" width=\"556\" height=\"182\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-22.png 556w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc200-22-300x98.png 300w\" sizes=\"(max-width: 556px) 100vw, 556px\" \/><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/sentinel\/tutorial-respond-threats-playbook\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/azure\/sentinel\/tutorial-respond-threats-playbook<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Azure_Sentinel-8\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Azure Sentinel<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q23 : Which of the following data connectors have automation support in the Azure Sentinel PowerShell Module, Az.SecurityInsights?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Dynamics 365<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Cisco ASA<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>AWS Cloudtrail<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Office 365<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>E. <\/strong>Azure Active Directory<\/span><\/p>\n<p><b>Correct Answers: C, D and E<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">All supported data connectors are:<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><b>Name<\/b><\/td>\n<td><b> Description<\/b><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">AADDataConnector<\/span><\/td>\n<td><span style=\"font-weight: 400;\"> Represents AAD (Azure Active Directory Identity Protection)<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">AATPDataConnector<\/span><\/td>\n<td><span style=\"font-weight: 400;\"> Represents AATP (Azure Advanced Threat Protection)<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">ASCDataConnector<\/span><\/td>\n<td><span style=\"font-weight: 400;\"> Represents ASC (Azure Security Center)<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">AwsCloudTrailDataConnector<\/span><\/td>\n<td><span style=\"font-weight: 400;\"> Represents Amazon Web Services CloudTrail<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">MCASDataConnector<\/span><\/td>\n<td><span style=\"font-weight: 400;\"> Represents MCAS (Microsoft Cloud App Security)<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">MDATPDataConnector<\/span><\/td>\n<td><span style=\"font-weight: 400;\"> Represents MDATP (Microsoft Defender Advanced Threat Protection)<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">OfficeDataConnector<\/span><\/td>\n<td><span style=\"font-weight: 400;\"> Represents Office 365<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">TIDataConnector<\/span><\/td>\n<td><span style=\"font-weight: 400;\"> Represents threat intelligence data<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><b>Reference: <\/b><a href=\"https:\/\/techcommunity.microsoft.com\/t5\/azure-sentinel\/new-year-new-official-azure-sentinel-powershell-module\/ba-p\/2025041\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/techcommunity.microsoft.com\/t5\/azure-sentinel\/new-year-new-official-azure-sentinel-powershell-module\/ba-p\/2025041<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Azure_Sentinel-9\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Azure Sentinel<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q24 : In the query<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">&#8220;extend ProcessEntropy = -log2(PCoHValue\/TPCoHValue)*(PCoHValue\/TPCoHValue)&#8221;<\/span><\/em><br \/>\n<em><span style=\"font-weight: 400;\">PCoHValue means the ProcessCountOnHost value.<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>True<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>False<\/span><\/p>\n<p><b>Correct Answer: A<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Entropy calculation is used to help identify Hosts where they have a high variety of processes (a high entropy process list on a given Host over time). This helps us identify rare processes on a given Host. Rare here means a process that shows up on the Host relatively few times in the last 7days.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/github.com\/Azure\/Azure-Sentinel\/blob\/master\/Hunting%20Queries\/SecurityEvent\/ProcessEntropy.yaml\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/github.com\/Azure\/Azure-Sentinel\/blob\/master\/Hunting%20Queries\/SecurityEvent\/ProcessEntropy.yaml<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Mitigate_threats_using_Azure_Sentinel-10\"><\/span><span style=\"font-weight: 400;\">Domain : <\/span><span style=\"font-weight: 400;\">Mitigate threats using Azure Sentinel<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q25 : Which of the following are valid parsers in the ASIM?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Source-agnostic<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>All of the options listed<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Source-explicit<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>source-gnostic<\/span><\/p>\n<p><b>Correct Answer: A<\/b><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Option A is correct.<\/b><span style=\"font-weight: 400;\"> ASIM includes two levels of parsers: source-agnostic and source-specific parsers.<\/span><br \/>\n<b>Options B, C &amp; D are incorrect.<\/b><span style=\"font-weight: 400;\"> These parsers are invalid.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/sentinel\/normalization-about-parsers\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/azure\/sentinel\/normalization-about-parsers<\/span><\/a><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Summary\"><\/span>Summary<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>If you spend more time on the above SC-200 questions which have detailed explanations, you will become very confident on trying out your real exams. But still, it is recommended to take the SC-200 practice tests before starting your actual certification journey. Practice tests can help you in assessing your skill gaps clearly, in which you can re-learn and fill-in such gaps before attempting the actual exams.<\/p>\n<p>Hope you have enjoyed these questions. Stay tuned to this blog for more updates!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you are looking for Free SC-200 exam questions and preparing for SC-200 certification exam? &#8211; Then this article helps you in the exam preparation for SC-200 (Microsoft Security Operations Analyst certification exam). As we know that threats and security vulnerabilities in cloud computing are massively increasing. Effective usage of Microsoft 365 defender and Sentinel helps us to overcome such security issues and ensures healthy communication in a cloud environment. How to prepare for the SC-200 Microsoft Security Operations Analyst Certification Exam? Preparation for the Microsoft security operations analyst certification exam is very simple. You need to be very thorough [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":81505,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[15],"tags":[4834,4833],"class_list":["post-81435","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-azure","tag-microsoft-security-operations-analyst","tag-sc-200-exam"],"uagb_featured_image_src":{"full":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc-200-free-questions.jpg",600,315,false],"thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc-200-free-questions-150x150.jpg",150,150,true],"medium":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc-200-free-questions-300x158.jpg",300,158,true],"medium_large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc-200-free-questions.jpg",600,315,false],"large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc-200-free-questions.jpg",600,315,false],"1536x1536":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc-200-free-questions.jpg",600,315,false],"2048x2048":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc-200-free-questions.jpg",600,315,false],"profile_24":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc-200-free-questions.jpg",24,13,false],"profile_48":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc-200-free-questions.jpg",48,25,false],"profile_96":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc-200-free-questions.jpg",96,50,false],"profile_150":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc-200-free-questions.jpg",150,79,false],"profile_300":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc-200-free-questions.jpg",300,158,false],"tptn_thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc-200-free-questions-250x250.jpg",250,250,true],"web-stories-poster-portrait":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc-200-free-questions.jpg",600,315,false],"web-stories-publisher-logo":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc-200-free-questions.jpg",96,50,false],"web-stories-thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/03\/sc-200-free-questions.jpg",150,79,false]},"uagb_author_info":{"display_name":"Krishna Srinivasan","author_link":"https:\/\/www.whizlabs.com\/blog\/author\/krishna\/"},"uagb_comment_info":10,"uagb_excerpt":"If you are looking for Free SC-200 exam questions and preparing for SC-200 certification exam? &#8211; Then this article helps you in the exam preparation for SC-200 (Microsoft Security Operations Analyst certification exam). As we know that threats and security vulnerabilities in cloud computing are massively increasing. Effective usage of Microsoft 365 defender and Sentinel&hellip;","_links":{"self":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/81435","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/comments?post=81435"}],"version-history":[{"count":7,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/81435\/revisions"}],"predecessor-version":[{"id":81474,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/81435\/revisions\/81474"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media\/81505"}],"wp:attachment":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media?parent=81435"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/categories?post=81435"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/tags?post=81435"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}