Microsoft Security Operations Analyst v1.0 (SC-200)

Page:    1 / 17   
Total 246 questions

You receive an alert from Azure Defender for Key Vault.
You discover that the alert is generated from multiple suspicious IP addresses.
You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must minimize the impact on legitimate users.
What should you do first?

  • A. Modify the access control settings for the key vault.
  • B. Enable the Key Vault firewall.
  • C. Create an application security group.
  • D. Modify the access policy for the key vault.


Answer : B

Reference:
https://docs.microsoft.com/en-us/azure/security-center/defender-for-key-vault-usage

HOTSPOT -
You have an Azure subscription that has Azure Defender enabled for all supported resource types.
You create an Azure logic app named LA1.
You plan to use LA1 to automatically remediate security risks detected in Azure Security Center.
You need to test LA1 in Security Center.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Reference:
https://docs.microsoft.com/en-us/azure/security-center/workflow-automation#create-a-logic-app-and-define-when-it-should-automatically-run

You have a Microsoft 365 subscription that uses Azure Defender.
You have 100 virtual machines in a resource group named RG1.
You assign the Security Admin roles to a new user named SecAdmin1.
You need to ensure that SecAdmin1 can apply quick fixes to the virtual machines by using Azure Defender. The solution must use the principle of least privilege.
Which role should you assign to SecAdmin1?

  • A. the Security Reader role for the subscription
  • B. the Contributor for the subscription
  • C. the Contributor role for RG1
  • D. the Owner role for RG1


Answer : C

You provision a Linux virtual machine in a new Azure subscription.
You enable Azure Defender and onboard the virtual machine to Azure Defender.
You need to verify that an attack on the virtual machine triggers an alert in Azure Defender.
Which two Bash commands should you run on the virtual machine? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. cp /bin/echo ./asc_alerttest_662jfi039n
  • B. ./alerttest testing eicar pipe
  • C. cp /bin/echo ./alerttest
  • D. ./asc_alerttest_662jfi039n testing eicar pipe


Answer : AD

Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-alert-validation#simulate-alerts-on-your-azure-vms-linux-

You create an Azure subscription named sub1.
In sub1, you create a Log Analytics workspace named workspace1.
You enable Azure Security Center and configure Security Center to use workspace1.
You need to collect security event logs from the Azure virtual machines that report to workspace1.
What should you do?

  • A. From Security Center, enable data collection
  • B. In sub1, register a provider.
  • C. From Security Center, create a Workflow automation.
  • D. In workspace1, create a workbook.


Answer : A

Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection

DRAG DROP -
You create a new Azure subscription and start collecting logs for Azure Monitor.
You need to configure Azure Security Center to detect possible threats related to sign-ins from suspicious IP addresses to Azure virtual machines. The solution must validate the configuration.
Which three actions should you perform in a sequence? To answer, move the appropriate actions from the list of action to the answer area and arrange them in the correct order.
Select and Place:



Answer :

Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-alert-validation

Your company uses Azure Security Center and Azure Defender.

The security operations team at the company informs you that it does NOT receive email notifications for security alerts.
What should you configure in Security Center to enable the email notifications?

  • A. Security solutions
  • B. Security policy
  • C. Pricing & settings
  • D. Security alerts
  • E. Azure Defender


Answer : C

Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details

DRAG DROP -
You have resources in Azure and Google cloud.
You need to ingest Google Cloud Platform (GCP) data into Azure Defender.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:



Answer :

Reference:
https://docs.microsoft.com/en-us/azure/security-center/quickstart-onboard-gcp

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center.
You receive a security alert in Security Center.
You need to view recommendations to resolve the alert in Security Center.
Solution: From Regulatory compliance, you download the report.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : B

Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alerts

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center.
You receive a security alert in Security Center.
You need to view recommendations to resolve the alert in Security Center.
Solution: From Security alerts, you select the alert, select Take Action, and then expand the Mitigate the threat section.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : A

Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alerts

You have an Azure subscription that has Azure Defender enabled for all supported resource types.
You need to configure the continuous export of high-severity alerts to enable their retrieval from a third-party security information and event management (SIEM) solution.
To which service should you export the alerts?

  • A. Azure Cosmos DB
  • B. Azure Event Grid
  • C. Azure Event Hubs
  • D. Azure Data Lake


Answer : C

Reference:
https://docs.microsoft.com/en-us/azure/security-center/continuous-export?tabs=azure-portal

You are responsible for responding to Azure Defender for Key Vault alerts.
During an investigation of an alert, you discover unauthorized attempts to access a key vault from a Tor exit node.
What should you configure to mitigate the threat?

  • A. Key Vault firewalls and virtual networks
  • B. Azure Active Directory (Azure AD) permissions
  • C. role-based access control (RBAC) for the key vault
  • D. the access policy settings of the key vault


Answer : A

Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/network-security

HOTSPOT -
You need to use an Azure Resource Manager template to create a workflow automation that will trigger an automatic remediation when specific security alerts are received by Azure Security Center.
How should you complete the portion of the template that will provision the required Azure resources? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Reference:
https://docs.microsoft.com/en-us/azure/security-center/quickstart-automation-alert

You have an Azure subscription that contains a Log Analytics workspace.
You need to enable just-in-time (JIT) VM access and network detections for Azure resources.
Where should you enable Azure Defender?

  • A. at the subscription level
  • B. at the workspace level
  • C. at the resource level


Answer : A

Reference:
https://docs.microsoft.com/en-us/azure/security-center/enable-azure-defender

You use Azure Defender.
You have an Azure Storage account that contains sensitive information.
You need to run a PowerShell script if someone accesses the storage account from a suspicious IP address.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. From Azure Security Center, enable workflow automation.
  • B. Create an Azure logic app that has a manual trigger.
  • C. Create an Azure logic app that has an Azure Security Center alert trigger.
  • D. Create an Azure logic app that has an HTTP trigger.
  • E. From Azure Active Directory (Azure AD), add an app registration.


Answer : AC

Reference:
https://docs.microsoft.com/en-us/azure/storage/common/azure-defender-storage-configure?tabs=azure-security-center https://docs.microsoft.com/en-us/azure/security-center/workflow-automation

Page:    1 / 17   
Total 246 questions