| Exam Name: | Microsoft Security Operations Analyst | ||
| Exam Code: | SC-200 Dumps | ||
| Vendor: | Microsoft | Certification: | Microsoft Certified: Security Operations Analyst Associate |
| Questions: | 347 Q&A's | Shared By: | iqra |
You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.
You have Microsoft SharePoint Online sites that contain sensitive documents. The documents contain customer account numbers that each consists of 32 alphanumeric characters.
You need to create a data loss prevention (DLP) policy to protect the sensitive documents. What should you use to detect which documents are sensitive?
You have an Azure Sentinel deployment.
You need to query for all suspicious credential access activities.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains a Windows device named Device!.
You initiated a live response session on Device1.
You need to run a command that will download a 250-MB file named File! .exe from the live response library to Device1. The solution must ensure that Filel.exe is downloaded as a background process.
How should you complete the live response command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a Windows device named Device1.
You investigate Device1 for malicious activity and discover a suspicious file named File1.exe. You collect an investigation package from Device1.
You need to review the following forensic data points:
. Is an attacker currently accessing Device1 remotely?
. When was File1.exe first executed?
Which folder in the investigation package should you review for each data point? To answer, select the appropriate options in the answer area.
TESTED 02 Jul 2025
