Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-200

Microsoft SC-200 Exam Questions
Microsoft Security Operations Analyst (Page 7 )

Updated On: 8-Mar-2026
Page 7 of 79
PDF with 424 Questions
View Related Case Study

HOTSPOT (Drag and Drop is not supported)
You purchase a Microsoft 365 subscription.
You plan to configure Microsoft Defender for Cloud Apps.
You need to create a custom template-based policy that detects connections to Microsoft 365 apps that originate from a botnet network.
What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy



View Related Case Study

Your company has a single office in Istanbul and a Microsoft 365 subscription.
The company plans to use conditional access policies to enforce multi-factor authentication (MFA). You need to enforce MFA for all users who work remotely.
What should you include in the solution?

  1. a fraud alert
  2. a user risk policy
  3. a named location
  4. a sign-in user policy

Answer(s): C


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition



View Related Case Study

You are configuring Microsoft Defender for Cloud Apps.
You have a custom threat detection policy based on the IP address ranges of your company’s United States- based offices.
You receive many alerts related to impossible travel and sign-ins from risky IP addresses. You determine that 99% of the alerts are legitimate sign-ins from your corporate offices. You need to prevent alerts for legitimate sign-ins from known locations.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  1. Configure automatic data enrichment.
  2. Add the IP addresses to the corporate address range category.
  3. Increase the sensitivity level of the impossible travel anomaly detection policy.
  4. Add the IP addresses to the other address range category and add a tag.
  5. Create an activity policy that has an exclusion for the IP addresses.

Answer(s): A,B



View Related Case Study

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring Microsoft Defender for Identity integration with Active Directory.
From the Microsoft Defender portal, you need to configure several accounts for attackers to exploit. Solution: You add each account as a Sensitive account.
Does this meet the goal?

  1. Yes
  2. No

Answer(s): B


Reference:

https://docs.microsoft.com/en-us/defender-for-identity/manage-sensitive-honeytoken-accounts



View Related Case Study

You have a Microsoft 365 tenant that uses Microsoft Exchange Online and Microsoft Defender for Office 365.
What should you use to identify whether zero-hour auto purge (ZAP) moved an email message from the mailbox of a user?

  1. the Threat Protection Status report in Microsoft Defender for Office 365
  2. the mailbox audit log in Exchange
  3. the Safe Attachments file types report in Microsoft Defender for Office 365
  4. the mail flow report in Exchange

Answer(s): A

Explanation:

To determine if ZAP moved your message, you can use either the Threat Protection Status report or Threat Explorer (and real-time detections).


Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365- worldwide



Viewing page 7 of 79
Viewing questions 31 - 35 out of 424 questions



Post your Comments and Discuss Microsoft SC-200 exam dumps with other Community members:

SC-200 Exam Discussions & Posts

AI Tutor