[Q97-Q113] Fast2test SC-200リアル試験問題解答は更新された[2024年05月24日]

Share

Fast2test SC-200リアル試験問題解答は更新された[2024年05月24日]

お手軽に合格させる 最新Microsoft SC-200問題集には245問があります


Microsoft SC-200認定試験は、組織の資産を保護し、セキュリティインシデントの検出と対応、およびセキュリティ管理の実施のスキルを検証したいセキュリティオペレーションアナリスト向けに設計されています。この試験は、Microsoft Certifiedの一部です。SC-900 Fundamentals試験も含まれているMicrosoft Operations Analyst Associate Associate認定があります。 SC-200試験では、Microsoft Security Technologiesを使用してセキュリティの脅威を特定して対応する能力を測定します。


Microsoft Security Operations Analyst認定試験としても知られるMicrosoft SC-200は、組織のセキュリティ脅威の検出、調査、および対応を担当するセキュリティ専門家のスキルと知識を検証するように設計された高度に専門化された試験です。環境。認定試験は、Microsoft Security Technologiesと協力するセキュリティオペレーションセンター(SOC)アナリスト、セキュリティエンジニア、およびセキュリティ管理者を対象としています。


Microsoft SC-200認定試験は、セキュリティの基礎、脅威インテリジェンス、セキュリティ運用、インシデント対応、ガバナンス、リスク、コンプライアンス(GRC)など、幅広いトピックをカバーしています。また、実際のセキュリティインシデントをシミュレートし、セキュリティの脅威を特定、調査、および対応するために知識とスキルを適用する必要がある実用的なシナリオも含まれています。試験形式は複数選択であり、完了するには180分かかります。

 

質問 # 97
You have an Azure subscription that contains an Microsoft Sentinel workspace.
You need to create a hunting query using Kusto Query Language (KQL) that meets the following requirements:
* Identifies an anomalous number of changes to the rules of a network security group (NSG) made by the same security principal
* Automatically associates the security principal with an Microsoft Sentinel entity How should you complete the query? To answer, select the appropriate options in the answer area. NOTE:
Each correct selection is worth one point.

正解:

解説:


質問 # 98
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring Azure Sentinel.
You need to create an incident in Azure Sentinel when a sign-in to an Azure virtual machine from a malicious IP address is detected.
Solution: You create a Microsoft incident creation rule for a data connector.
Does this meet the goal?

  • A. Yes
  • B. No

正解:A

解説:
Section: [none]
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-security-center


質問 # 99
You need to meet the Microsoft Sentinel requirements for App1. What should you configure for App1?

  • A. an API connection
  • B. authorization
  • C. an connector
  • D. a trigger

正解:D


質問 # 100
You have a Microsoft Sentinel workspace named workspace1 and an Azure virtual machine named VM1.
You receive an alert for suspicious use of PowerShell on VM1.
You need to investigate the incident, identify which event triggered the alert, and identify whether the following actions occurred on VM1 after the alert:
The modification of local group memberships
The purging of event logs
Which three actions should you perform in sequence in the Azure portal? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

正解:

解説:

Explanation
Step 1: From the Investigation blade, select Insights
The Investigation Insights Workbook is designed to assist in investigations of Azure Sentinel Incidents or individual IP/Account/Host/URL entities.
Step 2: From the Investigation blade, select the entity that represents VM1.
The Investigation Insights workbook is broken up into 2 main sections, Incident Insights and Entity Insights.
Incident Insights
The Incident Insights gives the analyst a view of ongoing Sentinel Incidents and allows for quick access to their associated metadata including alerts and entity information.
Entity Insights
The Entity Insights allows the analyst to take entity data either from an incident or through manual entry and explore related information about that entity. This workbook presently provides view of the following entity types:
IP Address
Account
Host
URL
Step 3: From the details pane of the incident, select Investigate.
Choose a single incident and click View full details or Investigate.
Reference:
https://github.com/Azure/Azure-Sentinel/wiki/Investigation-Insights---Overview
https://docs.microsoft.com/en-us/azure/sentinel/investigate-cases


質問 # 101
You have the resources shown in the following table.

You need to prevent duplicate events from occurring in SW1.
What should you use for each action? To answer, drag the appropriate resources to the correct actions. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/connect-log-forwarder?tabs=rsyslog


質問 # 102
You plan to connect an external solution that will send Common Event Format (CEF) messages to Azure Sentinel.
You need to deploy the log forwarder.
Which three actions should you perform in sequence? To answer, move the appropriate actions form the list of actions to the answer area and arrange them in the correct order.

正解:

解説:

Explanation

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/connect-cef-agent?tabs=rsyslog


質問 # 103
You create a new Azure subscription and start collecting logs for Azure Monitor.
You need to configure Azure Security Center to detect possible threats related to sign-ins from suspicious IP addresses to Azure virtual machines. The solution must validate the configuration.
Which three actions should you perform in a sequence? To answer, move the appropriate actions from the list of action to the answer area and arrange them in the correct order.

正解:

解説:

1 - Enable Azure Defender for the subscription.
2 - Copy an executable file on a virtual machine and rename the file as ASC_AlertTest_662jfi039N.exe.
3 - Run the executable file and specify the appropriate arguments.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-alert-validation


質問 # 104
You need to correlate data from the SecurityEvent Log Anarytks table to meet the Microsoft Sentinel requirements for using UEBA. Which Log Analytics table should you use?

  • A. SentwlAuoNt
  • B. IdentityOirectoryEvents
  • C. AADRiskyUsers
  • D. Identityinfo

正解:B


質問 # 105
You need to correlate data from the SecurityEvent Log Anarytks table to meet the Microsoft Sentinel requirements for using UEBA.
Which Log Analytics table should you use?

  • A. SentwlAuoNt
  • B. IdentityOirectoryEvents
  • C. AADRiskyUsers
  • D. Identityinfo

正解:B


質問 # 106
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring Azure Sentinel.
You need to create an incident in Azure Sentinel when a sign-in to an Azure virtual machine from a malicious IP address is detected.
Solution: You create a scheduled query rule for a data connector.
Does this meet the goal?

  • A. Yes
  • B. No

正解:B

解説:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-security-center


質問 # 107
You have a Microsoft 365 E5 subscription that contains 200 Windows 10 devices enrolled in Microsoft Defender for Endpoint.
You need to ensure that users can access the devices by using a remote shell connection directly from the Microsoft 365 Defender portal. The solution must use the principle of least privilege.
What should you do in the Microsoft 365 Defender portal? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation
Box 1: Turn on Live Response
Live response is a capability that gives you instantaneous access to a device by using a remote shell connection. This gives you the power to do in-depth investigative work and take immediate response actions.
Box: 2 : Add a network assessment job
Network assessment jobs allow you to choose network devices to be scanned regularly and added to the device inventory.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/respond-machine-alerts?view=o365-
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-devices?view=o365-worldw


質問 # 108
You plan to connect an external solution that will send Common Event Format (CEF) messages to Azure Sentinel.
You need to deploy the log forwarder.
Which three actions should you perform in sequence? To answer, move the appropriate actions form the list of actions to the answer area and arrange them in the correct order.

正解:

解説:

1 - Download and install the Log Analytics agent.
2 - Set the Log Analytics agent to listen on port 25226 and forward the CEF messages to A zure Sentinel.
3 - Configure the syslog daemon.Restart the syslog daemon and the Log Analytics agent.
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/connect-cef-agent?tabs=rsyslog


質問 # 109
You need to implement Azure Sentinel queries for Contoso and Fabrikam to meet the technical requirements.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/extend-sentinel-across-workspaces-tenants


質問 # 110
You have a Microsoft 365 subscription that uses Microsoft 365 Defender and contains a user named User1.
You are notified that the account of User1 is compromised.
You need to review the alerts triggered on the devices to which User1 signed in.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation
Box 1: join
An inner join.
This query uses kind=inner to specify an inner-join, which prevents deduplication of left side values for DeviceId.
This query uses the DeviceInfo table to check if a potentially compromised user (<account-name>) has logged on to any devices and then lists the alerts that have been triggered on those devices.
DeviceInfo
//Query for devices that the potentially compromised account has logged onto
| where LoggedOnUsers contains '<account-name>'
| distinct DeviceId
//Crosscheck devices against alert records in AlertEvidence and AlertInfo tables
| join kind=inner AlertEvidence on DeviceId
| project AlertId
//List all alerts on devices that user has logged on to
| join AlertInfo on AlertId
| project AlertId, Timestamp, Title, Severity, Category
DeviceInfo LoggedOnUsers AlertEvidence "project AlertID"
Box 2: project
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender/advanced-hunting-query-emails-devices?view=


質問 # 111
You need to use an Azure Resource Manager template to create a workflow automation that will trigger an automatic remediation when specific security alerts are received by Azure Security Center.
How should you complete the portion of the template that will provision the required Azure resources? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/security-center/quickstart-automation-alert


質問 # 112
You are investigating an incident by using Microsoft 365 Defender.
You need to create an advanced hunting query to detect failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation


質問 # 113
......

最新のSC-200学習ガイド2024年最新の- 提供するのはテストエンジンとPDF:https://jp.fast2test.com/SC-200-premium-file.html

最新版を今すぐ試そうSC-200練習テスト問題解答:https://drive.google.com/open?id=1RtxLDdRYc3XXZKNJWZWlSC0pzDAYPdDs


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어