合格させるMicrosoft SC-200試験には保証が付きます。更新されたのは307問があります
最新のSC-200合格保証付き試験問題集の認定サンプル問題
Microsoft SC-200認定試験は、Microsoft Security TechnologiesとTechniquesの専門知識を実証したいセキュリティ専門家にとって貴重な認定です。認定試験では、脅威管理、脆弱性管理、インシデント対応、コンプライアンスなど、セキュリティ業務に関連する幅広いトピックをカバーしています。試験に合格することにより、候補者は、さまざまなセキュリティの脅威から組織のIT環境を保護する能力を実証できます。
質問 # 184
You have an Azure subscription that uses Azure Defender.
You plan to use Azure Security Center workflow automation to respond to Azure Defender threat alerts.
You need to create an Azure policy that will perform threat remediation automatically.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects
https://docs.microsoft.com/en-us/azure/security-center/workflow-automation
質問 # 185
You have a custom analytics rule to detect threats in Azure Sentinel.
You discover that the analytics rule stopped running. The rule was disabled, and the rule name has a prefix of AUTO DISABLED.
What is a possible cause of the issue?
- A. The number of alerts exceeded 10,000 within two minutes.
- B. Permissions to one of the data sources of the rule query were modified.
- C. There are connectivity issues between the data sources and Log Analytics.
- D. The rule query takes too long to run and times out.
正解:B
質問 # 186
You have a Microsoft 365 E5 subscription that uses Microsoft Teams.
You need to perform a content search of Teams chats for a user by using the Microsoft Purview compliance portal. The solution must minimize the scope of the search.
How should you configure the content search? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
質問 # 187
You have an existing Azure logic app that is used to block Azure Active Directory (Azure AD) users. The logic app is triggered manually.
You deploy Azure Sentinel.
You need to use the existing logic app as a playbook in Azure Sentinel.
What should you do first?
- A. Modify the trigger in the logic app.
- B. Add a data connector to Azure Sentinel.
- C. And a new scheduled query rule.
- D. Configure a custom Threat Intelligence connector in Azure Sentinel.
正解:B
解説:
Explanation/Reference:
質問 # 188
You use Azure Sentinel.
You need to use a built-in role to provide a security analyst with the ability to edit the queries of custom Azure Sentinel workbooks. The solution must use the principle of least privilege.
Which role should you assign to the analyst?
- A. Logic App Contributor
- B. Security Administrator
- C. Azure Sentinel Contributor
- D. Azure Sentinel Responder
正解:D
解説:
Azure Sentinel Contributor can create and edit workbooks, analytics rules, and other Azure Sentinel resources.
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/roles
質問 # 189
You have a Microsoft 365 E5 subscription that uses Microsoft Defender 36S.
Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with Azure AD.
You need to identify the 100 most recent sign-in attempts recorded on devices and AD DS domain controllers.
How should you complete The KQL query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
質問 # 190
From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-investigate-cases#use-the-investigation-graph-to-deep-dive
質問 # 191
Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with Azure AD.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender 365.
You need to identify all the interactive authentication attempts by the users in the finance department of your company.
How should you complete the KQL query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 192
You need to meet the Microsoft Defender for Cloud Apps requirements
What should you do? To answer. select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
質問 # 193
Your company uses line-of-business apps that contain Microsoft Office VBA macros.
You plan to enable protection against downloading and running additional payloads from the Office VBA macros as additional child processes.
You need to identify which Office VBA macros might be affected.
Which two commands can you run to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- A. Option A
- B. Option B
- C. Option D
- D. Option C
正解:B、D
解説:
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface- reduction
質問 # 194
You have an Azure subscription that has Azure Defender enabled for all supported resource types.
You create an Azure logic app named LA1.
You plan to use LA1 to automatically remediate security risks detected in Defenders for Cloud.
You need to test LA1 in Defender for Cloud.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 # 195
You have a Microsoft Sentinel workspace named Workspaces
You configure Workspace1 to c
ollect DNS events and deploy the Advanced Security information Model (ASIM) unifying parser for the DNS schema.
You need to query the ASIM DNS schema to list all the DNS events from the last 24 hours that have a response code of 'NXDOMAIN' and were aggregated by the source IP address in 15-minute intervals. The solution must maximize query performance.
How should you complete the query? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 196
You have a Microsoft 365 E5 subscription.
You need to create a hunting query that will return every email that contains an attachment named Document.
pdf. The query must meet the following requirements:
* Only show emails sent during the last hour.
* Optimize query performance.
How should you complete the query? To answer, select the appropriate options in the answer area. NOTE:
Each correct selection is worth one point.
正解:
解説:
Explanation:
質問 # 197
You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in.
Which anomaly detection policy should you use?
- A. Malware detection
- B. Impossible travel
- C. Activity from infrequent country
- D. Activity from anonymous IP addresses
正解:C
解説:
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
質問 # 198
You have a Microsoft 365 subscription.
You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode. You need to ensure that the devices are protected from malicious artifacts that were undetected by the third-party antivirus product Solution: You enable automated investigation and response (AIR) Does this meet the goal?
- A. Yes
- B. No
正解:A
質問 # 199
You need to create a query for a workbook. The query must meet the following requirements:
List all incidents by incident number.
Only include the most recent log for each incident.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://www.drware.com/whats-new-soc-operational-metrics-now-available-in-sentinel/
質問 # 200
You need to implement the Azure Information Protection requirements. What should you configure first?
- A. Device health and compliance reports settings in Microsoft Defender Security Center
- B. content scan jobs in Azure Information Protection from the Azure portal
- C. scanner clusters in Azure Information Protection from the Azure portal
- D. Advanced features from Settings in Microsoft Defender Security Center
正解:D
質問 # 201
You have an Azure subscription linked to an Azure Active Directory (Azure AD) tenant. The tenant contains two users named User1 and User2.
You plan to deploy Azure Defender.
You need to enable User1 and User2 to perform tasks at the subscription level as shown in the following table.
The solution must use the principle of least privilege.
Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/defender-for-cloud/permissions
質問 # 202
You have an Azure subscription that uses Microsoft Sentinel.
You need to minimize the administrative effort required to respond to the incidents and remediate the security threats detected by Microsoft Sentinel.
Which two features should you use? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Microsoft Sentinel automation rules
- B. Azure Automation runbooks
- C. Azure Functions apps
- D. Microsoft Sentinel bookmarks
- E. Microsoft Sentinel playbooks
正解:A、C
質問 # 203
You have an Azure subscription that use Microsoft Defender for Cloud and contains a user named User1.
You need to ensure that User1 can modify Microsoft Defender for Cloud security policies. The solution must use the principle of least privilege.
Which role should you assign to User1?
- A. Security Admin
- B. Owner
- C. Security operator
- D. Contributor
正解:A
質問 # 204
A company wants to analyze by using Microsoft 365 Apps.
You need to describe the connected experiences the company can use.
Which connected experiences should you describe? To answer, drag the appropriate connected experiences to the correct description. Each connected experience may be used once, more than once, or not at all. You may need to drag the split between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 205
You have a Microsoft 365 subscription that uses Microsoft Defender XDR.
You are investigating an attacker that is known to use the Microsoft Graph API as an attack vector. The attacker performs the tactics shown the following table.
You need to search for malicious activities in your organization.
Which tactics can you analyze by using the MicrosoftGraphActivityLogs table?
- A. Tac1ic2 and Tactic3 only
- B. Tactic1 and Tactic2 only
- C. Taclic1. Tac1ic2. andTactic3
- D. Tactic? only
正解:B
質問 # 206
You have a Microsoft 365 E5 subscription.
You plan to perform cross-domain investigations by using Microsoft 365 Defender.
You need to create an advanced hunting query to identify devices affected by a malicious email attachment.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-query-emails-devices?view=o365-worldwide
質問 # 207
......
Microsoft SC-200(Microsoft Security Operations Analyst)認定試験は、サイバーの脅威から保護するためにMicrosoft Security Technologiesを使用するセキュリティ専門家の知識とスキルをテストする包括的な試験です。これは、セキュリティの専門家が脅威保護、インシデント対応、セキュリティオペレーションオートメーションなどのセキュリティオペレーションタスクを実行する能力を検証する高度なレベルの認定です。この試験は、組織内のセキュリティインシデントの監視と対応を担当するセキュリティ専門家に適しています。
最新SC-200テスト材料には有効なSC-200テストエンジン:https://jp.fast2test.com/SC-200-premium-file.html
SC-200更新された試験問題集で[2025年最新] 練習には有効な試験問題集:https://drive.google.com/open?id=1RtxLDdRYc3XXZKNJWZWlSC0pzDAYPdDs