SC-200 Free Practice Test

- (Topic 4)
Your company uses Microsoft Sentinel
A new security analyst reports that she cannot assign and resolve incidents in Microsoft Sentinel.
You need to ensure that the analyst can assign and resolve incidents. The solution must use the principle of least privilege.
Which role should you assign to the analyst?

1. A. Microsoft Sentinel Responder
2. B. Logic App Contributor
3. C. Microsoft Sentinel Reader
4. D. Microsoft Sentinel Contributor

Correct Answer: A
The Microsoft Sentinel Responder role allows users to investigate, triage, and resolve security incidents, which includes the ability to assign incidents to other users. This role is designed to provide the necessary permissions for incident management and response while still adhering to the principle of least privilege. Other roles such as Logic App Contributor and Microsoft Sentinel Contributor would have more permissions than necessary and may not be suitable for the analyst's needs. Microsoft Sentinel Reader role is not sufficient as it doesn't have permission to assign and resolve incidents.
Reference: https://docs.microsoft.com/en-us/azure/sentinel/role-based-access-control-rbac

- (Topic 4)
You use Azure Security Center.
You receive a security alert in Security Center.
You need to view recommendations to resolve the alert in Security Center. What should you do?

1. A. From Security alerts, select the alert, select Take Action, and then expand the Prevent future attacks section.
2. B. From Security alerts, select Take Action, and then expand the Mitigate the threat section.
3. C. From Regulatory compliance, download the report.
4. D. From Recommendations, download the CSV report.

Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and- responding-alerts

- (Topic 4)
You recently deployed Azure Sentinel.
You discover that the default Fusion rule does not generate any alerts. You verify that the rule is enabled.
You need to ensure that the Fusion rule can generate alerts. What should you do?

1. A. Disable, and then enable the rule.
2. B. Add data connectors
3. C. Create a new machine learning analytics rule.
4. D. Add a hunting bookmark.

Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/connect-data-sources

- (Topic 1)
You need to remediate active attacks to meet the technical requirements. What should you include in the solution?

1. A. Azure Automation runbooks
2. B. Azure Logic Apps
3. C. Azure FunctionsD Azure Sentinel livestreams

Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/automate-responses-with-playbooks

HOTSPOT - (Topic 4)
You need to assign role-based access control (RBAQ roles to Group1 and Group2 to meet The Microsoft Defender for Cloud requirements and the business requirements Which role should you assign to each group? To answer, select the appropriate options in the answer area NOTE Each correct selection is worth one point.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A