100%無料SC-200試験問題集リアルMicrosoft Certified: Security Operations Analyst Associate問題集225解答を掴み取れ! [Q123-Q143]

Share

100%無料SC-200試験問題集リアルMicrosoft Certified: Security Operations Analyst Associate問題集225解答を掴み取れ!

あなたを余裕でSC-200試験合格させます!100%試験高合格率保証 [2023]


Microsoft SC-200認定試験は、セキュリティの基礎、脅威インテリジェンス、セキュリティ運用、インシデント対応、ガバナンス、リスク、コンプライアンス(GRC)など、幅広いトピックをカバーしています。また、実際のセキュリティインシデントをシミュレートし、セキュリティの脅威を特定、調査、および対応するために知識とスキルを適用する必要がある実用的なシナリオも含まれています。試験形式は複数選択であり、完了するには180分かかります。

 

質問 # 123
You need to use an Azure Sentinel analytics rule to search for specific criteria in Amazon Web Services (AWS) logs and to generate incidents.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

正解:

解説:

1 - Add the Amazon Web Services connector
2 - From Analytics in Azure Sentinel. create a custom analytics rule that uses a scheduled query
3 - Set the alert logic
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/detect-threats-custom


質問 # 124
You have an Azure subscription that contains an Microsoft Sentinel workspace.
You need to create a hunting query using Kusto Query Language (KQL) that meets the following requirements:
* Identifies an anomalous number of changes to the rules of a network security group (NSG) made by the same security principal
* Automatically associates the security principal with an Microsoft Sentinel entity How should you complete the query? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 125
You have an Azure Storage account that will be accessed by multiple Azure Function apps during the development of an application.
You need to hide Azure Defender alerts for the storage account.
Which entity type and field should you use in a suppression rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://techcommunity.microsoft.com/t5/azure-security-center/suppression-rules-for-azure-security-center-alerts-are-now/ba-p/1404920


質問 # 126
You recently deployed Azure Sentinel.
You discover that the default Fusion rule does not generate any alerts. You verify that the rule is enabled.
You need to ensure that the Fusion rule can generate alerts.
What should you do?

  • A. Add data connectors
  • B. Create a new machine learning analytics rule.
  • C. Disable, and then enable the rule.
  • D. Add a hunting bookmark.

正解:A

解説:
Section: [none]
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/sentinel/connect-data-sources


質問 # 127
You manage the security posture of an Azure subscription that contains two virtual machines name vm1 and vm2.
The secure score in Azure Security Center is shown in the Security Center exhibit. (Click the Security Center tab.)

Azure Policy assignments are configured as shown in the Policies exhibit. (Click the Policies tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation

Reference:
https://techcommunity.microsoft.com/t5/azure-security-center/security-control-restrict-unauthorized-network-acc
https://techcommunity.microsoft.com/t5/azure-security-center/security-control-secure-management-ports/ba-p/15


質問 # 128
You need to remediate active attacks to meet the technical requirements.
What should you include in the solution?

  • A. Azure Logic Apps
  • B. Azure Automation runbooks
  • C. Azure Functions

正解:A

解説:
D Azure Sentinel livestreams
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks


質問 # 129
You have an Azure Storage account that will be accessed by multiple Azure Function apps during the development of an application.
You need to hide Azure Defender alerts for the storage account.
Which entity type and field should you use in a suppression rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://techcommunity.microsoft.com/t5/azure-security-center/suppression-rules-for-azure-security-center-alerts-are-now/ba-p/1404920


質問 # 130
You need to implement Microsoft Defender for Cloud to meet the Microsoft Defender for Cloud requirements and the business requirements. What should you include in the solution? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 131
You have 50 on-premises servers.
You have an Azure subscription that uses Microsoft Defender for Cloud. The Defender for Cloud deployment has Microsoft Defender for Servers and automatic provisioning enabled.
You need to configure Defender for Cloud to support the on-premises servers. The solution must meet the following requirements:
* Provide threat and vulnerability management.
* Support data collection rules.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

正解:

解説:

Explanation
To configure Defender for Cloud to support the on-premises servers, you should perform the following three actions in sequence:
On the on-premises servers, install the Azure Connected Machine agent.
On the on-premises servers, install the Log Analytics agent.
From the Data controller settings in the Azure portal, create an Azure Arc data controller.
Once these steps are completed, the on-premises servers will be able to communicate with the Azure Defender for Cloud deployment and will be able to support threat and vulnerability management as well as data collection rules.
Reference: https://docs.microsoft.com/en-us/azure/security-center/deploy-azure-security-center#on-premises-dep


質問 # 132
You need to recommend remediation actions for the Azure Defender alerts for Fabrikam.
What should you recommend for each threat? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/secure-your-key-vault


質問 # 133
From Azure Sentinel, you open the Investigation pane for a high-severity incident as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-investigate-cases#use-the-investigation-graph-to-deep-dive


質問 # 134
You need to configure DC1 to meet the business requirements.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

正解:

解説:

1 - log in to https://portal.atp.azure.com as a global admin
2 - Create the instance
3 - Connect the instance to Active Directory
4 - Download and install the sensor.
Reference:
https://docs.microsoft.com/en-us/defender-for-identity/install-step1
https://docs.microsoft.com/en-us/defender-for-identity/install-step4


質問 # 135
You need to create the analytics rule to meet the Azure Sentinel requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 136
You receive an alert from Azure Defender for Key Vault.
You discover that the alert is generated from multiple suspicious IP addresses.
You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must minimize the impact on legitimate users.
What should you do first?

  • A. Modify the access control settings for the key vault.
  • B. Modify the access policy for the key vault.
  • C. Create an application security group.
  • D. Enable the Key Vault firewall.

正解:D

解説:
Section: [none]
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/security-center/defender-for-key-vault-usage


質問 # 137
You have a Microsoft Sentinel workspace named workspace1 that contains custom Kusto queries.
You need to create a Python-based Jupyter notebook that will create visuals. The visuals will display the results of the queries and be pinned to a dashboard. The solution must minimize development effort.
What should you use to create the visuals?

  • A. TensorFlow
  • B. plotly
  • C. msticpy
  • D. matplotlib

正解:C

解説:
msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to: query log data from multiple sources. enrich the data with Threat Intelligence, geolocations and Azure resource data. extract Indicators of Activity (IoA) from logs and unpack encoded data.
MSTICPy reduces the amount of code that customers need to write for Microsoft Sentinel, and provides:
Data query capabilities, against Microsoft Sentinel tables, Microsoft Defender for Endpoint, Splunk, and other data sources.
Threat intelligence lookups with TI providers, such as VirusTotal and AlienVault OTX.
Enrichment functions like geolocation of IP addresses, Indicator of Compromise (IoC) extraction, and WhoIs lookups.
Visualization tools using event timelines, process trees, and geo mapping.
Advanced analyses, such as time series decomposition, anomaly detection, and clustering.
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/notebook-get-started
https://msticpy.readthedocs.io/en/latest/


質問 # 138
You deploy Azure Sentinel.
You need to implement connectors in Azure Sentinel to monitor Microsoft Teams and Linux virtual machines in Azure. The solution must minimize administrative effort.
Which data connector type should you use for each workload? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/connect-office-365
https://docs.microsoft.com/en-us/azure/sentinel/connect-syslog


質問 # 139
You need to create an advanced hunting query to investigate the executive team issue.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 140
You use Azure Sentinel.
You need to receive an immediate alert whenever Azure Storage account keys are enumerated. Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Create a livestream
  • B. Add a data connector
  • C. Create a bookmark.
  • D. Create a hunting query.
  • E. Create an analytics rule

正解:B、E

解説:
Explanation
B: To add a data connector, you would use the Azure Sentinel data connectors feature to connect to your Azure subscription and to configure log data collection for Azure Storage account key enumeration events.
C: After adding the data connector, you need to create an analytics rule to analyze the log data from the Azure storage connector, looking for the specific event of Azure storage account keys enumeration. This rule will trigger an alert when it detects the specific event, allowing you to take immediate action.


質問 # 141
You have an existing Azure logic app that is used to block Azure Active Directory (Azure AD) users. The logic app is triggered manually.
You deploy Azure Sentinel.
You need to use the existing logic app as a playbook in Azure Sentinel. What should you do first?

  • A. Add a data connector to Azure Sentinel.
  • B. And a new scheduled query rule.
  • C. Modify the trigger in the logic app.
  • D. Configure a custom Threat Intelligence connector in Azure Sentinel.

正解:C

解説:
Explanation
https://docs.microsoft.com/en-us/azure/sentinel/playbook-triggers-actions
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook


質問 # 142
You have a Microsoft Sentinel workspace named workspace1 and an Azure virtual machine named VM1.
You receive an alert for suspicious use of PowerShell on VM1.
You need to investigate the incident, identify which event triggered the alert, and identify whether the following actions occurred on VM1 after the alert:
The modification of local group memberships
The purging of event logs
Which three actions should you perform in sequence in the Azure portal? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

正解:

解説:

Explanation
Step 1: From the Investigation blade, select Insights
The Investigation Insights Workbook is designed to assist in investigations of Azure Sentinel Incidents or individual IP/Account/Host/URL entities.
Step 2: From the Investigation blade, select the entity that represents VM1.
The Investigation Insights workbook is broken up into 2 main sections, Incident Insights and Entity Insights.
Incident Insights
The Incident Insights gives the analyst a view of ongoing Sentinel Incidents and allows for quick access to their associated metadata including alerts and entity information.
Entity Insights
The Entity Insights allows the analyst to take entity data either from an incident or through manual entry and explore related information about that entity. This workbook presently provides view of the following entity types:
IP Address
Account
Host
URL
Step 3: From the details pane of the incident, select Investigate.
Choose a single incident and click View full details or Investigate.
Reference:
https://github.com/Azure/Azure-Sentinel/wiki/Investigation-Insights---Overview
https://docs.microsoft.com/en-us/azure/sentinel/investigate-cases


質問 # 143
......

学習材料は有効SC-200効率的問題集:https://jp.fast2test.com/SC-200-premium-file.html

SC-200問題集本日限定!無料アクセス可能に!:https://drive.google.com/open?id=1RtxLDdRYc3XXZKNJWZWlSC0pzDAYPdDs


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어