SC-200 Leak Questions

Microsoft Security Operations Analyst Questions and Answers

Question 17

You have a third-party security information and event management (SIEM) solution.

You need to ensure that the SIEM solution can generate alerts for Azure Active Directory (Azure AD) sign-events in near real time.

What should you do to route events to the SIEM solution?

Create an Azure Sentinel workspace that has a Security Events connector.

Configure the Diagnostics settings in Azure AD to stream to an event hub.

Create an Azure Sentinel workspace that has an Azure Active Directory connector.

Configure the Diagnostics settings in Azure AD to archive to a storage account.

Question 18

A company uses Azure Sentinel.

You need to create an automated threat response.

What should you use?

a data connector

a playbook

a workbook

a Microsoft incident creation rule

Question 19

You have a Microsoft Sentinel workspace.

A Microsoft Sentinel incident is generated as shewn in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Question 20

You need to create an advanced hunting query to investigate the executive team issue.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.