SC-200試験無料問題集「Microsoft Security Operations Analyst 認定」
You open the Cloud App Security portal as shown in the following exhibit.
You need to remediate the risk for the Launchpad app.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to remediate the risk for the Launchpad app.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
1 - Select the app.
2 - Tag the app as Unsanctioned.
3 - Generate a block script.
4 - Run the script on the source appliance.
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/governance-discovery
You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.
You have Microsoft SharePoint Online sites that contain sensitive documents. The documents contain customer account numbers that each consists of 32 alphanumeric characters.
You need to create a data loss prevention (DLP) policy to protect the sensitive documents. What should you use to detect which documents are sensitive?
You have Microsoft SharePoint Online sites that contain sensitive documents. The documents contain customer account numbers that each consists of 32 alphanumeric characters.
You need to create a data loss prevention (DLP) policy to protect the sensitive documents. What should you use to detect which documents are sensitive?
正解:B
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have an Azure subscription that has the enhanced security features in Microsoft Defender for Cloud enabled and contains a user named User1.
You need to ensure that User1 can export alert data from Defender for Cloud. The solution must use the principle of least privilege.
Which role should you assign to User1?
You need to ensure that User1 can export alert data from Defender for Cloud. The solution must use the principle of least privilege.
Which role should you assign to User1?
正解:B
解答を投票する
You have an Azure subscription that contains the following resources:
* A virtual machine named VM1 that runs Windows Server
* A Microsoft Sentinel workspace named Sentinel1 that has User and Entity Behavior Analytics (UEBA) enabled You have a scheduled query rule named Rule1 that tracks sign-in attempts to VM1.
You need to update Rule 1 to detect when a user from outside the IT department of your company signs in to VM1. The solution must meet the following requirements:
* Utilize UEBA results.
* Maximize query performance.
* Minimize the number of false positives.
How should you complete the rule definition? To answer select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
* A virtual machine named VM1 that runs Windows Server
* A Microsoft Sentinel workspace named Sentinel1 that has User and Entity Behavior Analytics (UEBA) enabled You have a scheduled query rule named Rule1 that tracks sign-in attempts to VM1.
You need to update Rule 1 to detect when a user from outside the IT department of your company signs in to VM1. The solution must meet the following requirements:
* Utilize UEBA results.
* Maximize query performance.
* Minimize the number of false positives.
How should you complete the rule definition? To answer select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
You have a Microsoft Sentinel workspace.
You plan to visualize data from Microsoft SharePoint Online and OneDrive sites.
You need to create a KQL query for the visual. The solution must meet the following requirements:
* Select all workloads as a single operation.
* Include two parameters named Operations and Users.
* In the results, exclude empty values for the site URLs.
How should you complete the query? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
You plan to visualize data from Microsoft SharePoint Online and OneDrive sites.
You need to create a KQL query for the visual. The solution must meet the following requirements:
* Select all workloads as a single operation.
* Include two parameters named Operations and Users.
* In the results, exclude empty values for the site URLs.
How should you complete the query? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
正解:
You have a Microsoft Sentinel workspace named workspace1 and an Azure virtual machine named VM1.
You receive an alert for suspicious use of PowerShell on VM1.
You need to investigate the incident, identify which event triggered the alert, and identify whether the following actions occurred on VM1 after the alert:
The modification of local group memberships
The purging of event logs
Which three actions should you perform in sequence in the Azure portal? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You receive an alert for suspicious use of PowerShell on VM1.
You need to investigate the incident, identify which event triggered the alert, and identify whether the following actions occurred on VM1 after the alert:
The modification of local group memberships
The purging of event logs
Which three actions should you perform in sequence in the Azure portal? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
1 - From the Investigation blade, select Insights
2 - From the Investigation blade, select the entity that represents VM1.
3 - From the details pane of the incident, select Investigate.
Reference:
https://github.com/Azure/Azure-Sentinel/wiki/Investigation-Insights---Overview
https://docs.microsoft.com/en-us/azure/sentinel/investigate-cases
You have an Azure subscription that contains the users shown in the following table.
You need to delegate the following tasks:
* Enable Microsoft Defender for Servers on virtual machines.
* Review security recommendations and enable server vulnerability scans.
The solution must use the principle of least privilege.
Which user should perform each task? To answer, drag the appropriate users to the correct tasks. Each user may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You need to delegate the following tasks:
* Enable Microsoft Defender for Servers on virtual machines.
* Review security recommendations and enable server vulnerability scans.
The solution must use the principle of least privilege.
Which user should perform each task? To answer, drag the appropriate users to the correct tasks. Each user may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
正解:
Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure AD tenant.
You have a Microsoft Sentinel workspace named Sentinel1.
You need to enable User and Entity Behavior Analytics (UEBA) for Sentinel1 and collect security events from the AD DS domain.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have a Microsoft Sentinel workspace named Sentinel1.
You need to enable User and Entity Behavior Analytics (UEBA) for Sentinel1 and collect security events from the AD DS domain.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
1 - To the AD DS domain, deploy Microsoft Defender for Identity.
2 - For sentinel1, configure the Microsoft Defender for Identity connector.
3 - For Sentinel1, enable UEBA.
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 1 and contains a macOS device named Device1.
You need to investigate a Defender for Endpoint agent alert on Device1. The solution must meet the following requirements:
* Identify all the active network connections on Device1.
* Identify all the running processes on Device1.
* Retrieve the login history of Device1.
* Minimize administrative effort.
What should you do first from the Microsoft Defender portal?
You need to investigate a Defender for Endpoint agent alert on Device1. The solution must meet the following requirements:
* Identify all the active network connections on Device1.
* Identify all the running processes on Device1.
* Retrieve the login history of Device1.
* Minimize administrative effort.
What should you do first from the Microsoft Defender portal?
正解:D
解答を投票する
You receive an alert from Azure Defender for Key Vault.
You discover that the alert is generated from multiple suspicious IP addresses.
You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must minimize the impact on legitimate users.
What should you do first?
You discover that the alert is generated from multiple suspicious IP addresses.
You need to reduce the potential of Key Vault secrets being leaked while you investigate the issue. The solution must be implemented as soon as possible and must minimize the impact on legitimate users.
What should you do first?
正解:A
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have a Microsoft Sentine1 workspace that contains a custom workbook named Workbook1.
You need to create a visual in Workbook1 that will display the logon count for accounts that have logon event IDs of 4624 and 4634.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE Each correct selection is worth one point.
You need to create a visual in Workbook1 that will display the logon count for accounts that have logon event IDs of 4624 and 4634.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE Each correct selection is worth one point.
正解:
You plan to create a custom Azure Sentinel query that will track anomalous Azure Active Directory (Azure AD) sign-in activity and present the activity as a time chart aggregated by day.
You need to create a query that will be used to display the time chart. What should you include in the query?
You need to create a query that will be used to display the time chart. What should you include in the query?
正解:B
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)