Exam Name: | Microsoft Security Operations Analyst | ||
Exam Code: | SC-200 Dumps | ||
Vendor: | Microsoft | Certification: | Microsoft Certified: Security Operations Analyst Associate |
Questions: | 370 Q&A's | Shared By: | nia |
You have a Microsoft Sentinel workspace.
You need to create playbooks that meet the following requirements:
• Use an automation rule to trigger actions on an entity.
• Call the Entities - Get Hosts action.
Which types of playbooks should you use, and which parameters should you specify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that uses Microsoft Copilot for Security. You plan to run the following code to create a custom Copilot for Security plugin.
You need to specify a format and complete the code segment. Which format should you use for the
You have an Azure subscription that contains a Log Analytics workspace named Workspace1.
You configure Azure activity logs and Microsoft Entra ID logs to be forwarded to Workspace1.
You need to identify which Azure resources have been queried or modified by risky users.
How should you complete the KQL query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that is linked to a Microsoft Entra tenant named contoso.com.
You need to query Microsoft Graph activity logs to identify changes to the roles in contoso.com.
How should you complete the KQL query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.