Online Access Free SC-200 Exam Questions
| Exam Code: | SC-200 |
| Exam Name: | Microsoft Security Operations Analyst |
| Certification Provider: | Microsoft |
| Free Question Number: | 370 |
| Posted: | Dec 15, 2025 |
You have a Microsoft 365 tenant that uses Microsoft Exchange Online and Microsoft Defender for Office 365.
What should you use to identify whether zero-hour auto purge (ZAP) moved an email message from the mailbox of a user?
You need to configure event monitoring for Server1. The solution must meet the Microsoft Sentinel requirements.
What should you create first?
You plan to review Microsoft Defender for Cloud alerts by using a third-party security information and event management (SIEM) solution.
You need to locate alerts that indicate the use of the Privilege Escalation MITRE ATT&CK tactic.
Which JSON key should you search?
You need to restrict cloud apps running on CUENT1 to meet the Microsoft Defender for Endpoint requirements. Which two configurations should you modify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains 500 Windows devices. As part of an incident investigation, you identify the following suspected malware files:
* sys
* pdf
* docx
* xlsx
You need to create indicator hashes to block users from downloading the files to the devices. Which files can you block by using the indicator hashes?
Recent Comments (The most recent comments are at the top.)
Amazing material. Thank you!
it's good thing
This is very good study material, thank you!
This is very good study material, thank you!