← Back to exam page

SC-200 Microsoft Security Operations Analyst

Loading demo links...

Showing 1–3 of 15 questions

Question 1 (Mixed Questions)

DRAG DROP

Your company deploys Azure Sentinel.

You plan to delegate the administration of Azure Sentinel to various groups.

You need to delegate the following tasks:

Create and run playbooks

Create workbooks and analytic rules.

The solution must use the principle of least privilege.

Which role should you assign for each task? To answer, drag the appropriate roles to the correct tasks. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Select and Place:

Answer is in the explanation below.

Question 2 (New Update)

You have an Azure subscription that contains 100 Linux virtual machines.

You need to configure Microsoft Sentinel to collect event logs from the virtual machines.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

E:\mudassar\Untitled.png

Answer is in the explanation below.

Question 3 (New Update)

You have the following KQL query.

Graphical user interface, text, application Description automatically generated

Answer is in the explanation below.