Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-200

Microsoft SC-200 Exam Questions
Microsoft Security Operations Analyst (Page 23 )

Updated On: 8-Mar-2026
Page 15 of 79
PDF with 424 Questions
View Related Case Study

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.
You discover that when Microsoft Defender for Endpoint generates alerts for a commonly used executable file, it causes alert fatigue.
You need to tune the alerts.
Which two actions can an alert tuning rule perform for the alerts? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  1. delete
  2. hide
  3. resolve
  4. merge
  5. assign

Answer(s): B,C



View Related Case Study

Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.
You have a Microsoft 365 subscription.
You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode.
You need to ensure that the devices are protected from malicious artifacts that were undetected by the third- party antivirus product.
Solution: You configure endpoint detection and response (EDR) in block mode. Does this meet the goal?

  1. Yes
  2. No

Answer(s): A

Explanation:

Enabling EDR in block mode allows Microsoft Defender to provide additional protection by blocking and remediating malicious artifacts that might bypass the third-party antivirus. EDR in block mode works even when Defender Antivirus is in passive mode, providing an effective safety net against threats undetected by the primary antivirus.



View Related Case Study

Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.
You have a Microsoft 365 subscription.
You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode.
You need to ensure that the devices are protected from malicious artifacts that were undetected by the third- party antivirus product.
Solution: You configure Controlled folder access. Does this meet the goal?

  1. Yes
  2. No

Answer(s): B

Explanation:

Controlled Folder Access is a feature of Microsoft Defender that protects specified folders from unauthorized changes, such as those by ransomware. While it is beneficial for protecting important files, it does not focus on identifying or blocking malicious artifacts undetected by the primary antivirus. This feature does not enhance the detection or blocking capabilities against a wide range of threats that might bypass the third-party antivirus.



View Related Case Study

Note: This section contains one or more sets of questions with the same scenario and problem. Each
question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.
You have a Microsoft 365 subscription.
You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode.
You need to ensure that the devices are protected from malicious artifacts that were undetected by the third- party antivirus product.
Solution: You enable automated investigation and response (AIR). Does this meet the goal?

  1. Yes
  2. No

Answer(s): B

Explanation:

Automated Investigation and Response automates the investigation and remediation of alerts, helping security teams respond faster to potential threats. However, AIR primarily addresses post-alert actions rather than actively blocking threats at the endpoint level. It relies on alerts to trigger, so it does not fill the gap for additional real-time threat blocking, unlike EDR in block mode, which proactively blocks and remediates threats that may bypass the primary antivirus.



View Related Case Study

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.
You need to implement deception rules. The solution must ensure that you can limit the scope of the rules. What should you create first?

  1. device groups
  2. device tags
  3. honeytoken entity tags
  4. sensitive entity tags

Answer(s): B



Viewing page 23 of 79
Viewing questions 111 - 115 out of 424 questions



Post your Comments and Discuss Microsoft SC-200 exam dumps with other Community members:

SC-200 Exam Discussions & Posts

AI Tutor