SC-200 Free Practice Test

- (Exam Topic 3)
You have an Azure Sentinel workspace.
You need to test a playbook manually in the Azure portal. From where can you run the test in Azure Sentinel?

1. A. Playbooks
2. B. Analytics
3. C. Threat intelligence
4. D. Incidents

Correct Answer: D
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook#run-a-playbook-on-demand

- (Exam Topic 3)
Your company uses Azure Sentinel to manage alerts from more than 10,000 IoT devices.
A security manager at the company reports that tracking security threats is increasingly difficult due to the large number of incidents.
You need to recommend a solution to provide a custom visualization to simplify the investigation of threats and to infer threats by using machine learning.
What should you include in the recommendation?

1. A. built-in queries
2. B. livestream
3. C. notebooks
4. D. bookmarks

Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/notebooks

- (Exam Topic 3)
You have an Azure subscription that uses Microsoft Defender for Cloud and contains a storage account named storage1. You receive an alert that there was an unusually high volume of delete operations on the blobs in storage1. You need to identify which blobs were deleted. What should you review?

1. A. the activity logs of storage1
2. B. the Azure Storage Analytics logs
3. C. the alert details
4. D. the related entities of the alert

Correct Answer: A
To identify which blobs were deleted, you should review the activity logs of the storage account. The activity logs contain information about all the operations that have taken place in the storage account, including delete operations. These logs can be accessed in the Azure portal by navigating to the storage account, selecting "Activity log" under the "Monitoring" section, and filtering by the appropriate time range. You can also use Azure Monitor and Log Analytics to query and analyze the activity logs data.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-activity-logs
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-azure-storage

- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring Microsoft Defender for Identity integration with Active Directory.
From the Microsoft Defender for identity portal, you need to configure several accounts for attackers to exploit.
Solution: From Azure Identity Protection, you configure the sign-in risk policy. Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/defender-for-identity/manage-sensitive-honeytoken-accounts

- (Exam Topic 2)
You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure Sentinel requirements and the business requirements.
Which role should you assign?

1. A. Automation Operator
2. B. Automation Runbook Operator
3. C. Azure Sentinel Contributor
4. D. Logic App Contributor

Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/roles