← Back to exam page

SC-200 Microsoft Security Operations Analyst

Loading demo links...

Showing 10–12 of 15 questions

Question 10 (New Update)

You have a Microsoft Sentinel workspace named Workspace1 and 200 custom Advanced Security Information Model (ASIM) parsers based on the DNS schema. You need to make the 200 parsers available in Workspace1. The solution must minimize administrative effort. What should you do first?

Select an option, then click Submit answer.

  • Copy the parsers to the Azure Monitor Logs page.

  • Create a JSON file based on the DNS template.

  • Create an XML file based on the DNS template.

  • Create a YAML file based on the DNS template.
Question 11 (New Update)

You create an Azure subscription.

You enable Microsoft Defender for Cloud for the subscription.

You need to use Defender for Cloud to protect on-premises computers.

What should you do on the on-premises computers?

Select an option, then click Submit answer.

  • Configure the Hybrid Runbook Worker role.

  • Install the Connected Machine agent.

  • Install the Log Analytics agent

  • Install the Dependency agent.
Question 12 (New Update)

You have an Azure subscription that uses Microsoft Defender for Endpoint.

You need to ensure that you can allow or block a user-specified range of IP addresses and URLs.

What should you enable first in the advanced features from the Endpoints Settings in the Microsoft 365 Defender portal?

Select an option, then click Submit answer.

  • endpoint detection and response (EDR) in block mode

  • custom network indicators

  • web content filtering

  • Live response for servers