試験高合格率保証2024年04月28日 SC-200試験問題と正確な回答!
テストエンジン練習問題SC-200有効最新の問題集
SC-200試験は、150分以内に完了する必要がある約40〜60件の複数選択の質問で構成されています。この試験は、英語、日本、韓国語、および簡素化された中国語で入手できます。試験に合格した候補者は、2年間有効なMicrosoft Security Operations Analyst認定を取得します。認定を維持するには、候補者は更新試験に合格するか、特定の継続教育要件を完了する必要があります。
試験は脅威管理、エンドポイントセキュリティ、アイデンティティとアクセス管理、クラウドセキュリティ、コンプライアンス管理など、いくつかのセクションに分かれています。各セクションは、セキュリティ運用の特定の領域で候補者の知識とスキルをテストするため、セキュリティ運用のすべての側面を網羅した総合的な試験です。
質問 # 130
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint.
You need to add threat indicators for all the IP addresses in a range of 171.23.3432-171.2334.63. The solution must minimize administrative effort.
What should you do in the Microsoft 365 Defender portal?
- A. Select Add indicator and set the IP address to 171.23.34.32/27
- B. Select Add indicator and set the IP address to 171.2334.32-171.23.34.63.
- C. Create an import file that contains the individual IP addresses in the range. Select Import and import the file.
- D. Create an import file that contains the IP address of 171.23.34.32/27. Select Import and import the file.
正解:C
解説:
Explanation
This will add all the IP addresses in the range of 171.23.34.32/27 as threat indicators. This is the simplest and most efficient way to add all the IP addresses in the range.
Reference:
[1] https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/threat-intelligenc
質問 # 131
You have an Azure subscription linked to an Azure Active Directory (Azure AD) tenant. The tenant contains two users named User1 and User2.
You plan to deploy Azure Defender.
You need to enable User1 and User2 to perform tasks at the subscription level as shown in the following table.
The solution must use the principle of least privilege.
Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
正解:
解説:
Explanation
Box 1: Owner
Only the Owner can assign initiatives.
Box 2: Contributor
Only the Contributor or the Owner can apply security recommendations.
Reference:
https://docs.microsoft.com/en-us/azure/defender-for-cloud/permissions
質問 # 132
You have an Azure subscription that uses Microsoft Defender for Cloud and contains a storage account named storage1. You receive an alert that there was an unusually high volume of delete operations on the blobs in storage1.
You need to identify which blobs were deleted.
What should you review?
- A. the related entities of the alert
- B. the alert details
- C. the Azure Storage Analytics logs
- D. the activity logs of storage1
正解:D
質問 # 133
You have a custom analytics rule to detect threats in Azure Sentinel.
You discover that the analytics rule stopped running. The rule was disabled, and the rule name has a prefix of AUTO DISABLED.
What is a possible cause of the issue?
- A. Permissions to one of the data sources of the rule query were modified.
- B. The rule query takes too long to run and times out.
- C. There are connectivity issues between the data sources and Log Analytics.
- D. The number of alerts exceeded 10,000 within two minutes.
正解:A
質問 # 134
You need to complete the query for failed sign-ins to meet the technical requirements.
Where can you find the column name to complete the where clause?
- A. the query windows of the Log Analytics workspace
- B. Azure Advisor
- C. Security alerts in Azure Security Center
- D. Activity log in Azure
正解:A
解説:
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
質問 # 135
You open the Cloud App Security portal as shown in the following exhibit.
You need to remediate the risk for the Launchpad app.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
解説:
Explanation
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/governance-discovery
質問 # 136
You need to use an Azure Sentinel analytics rule to search for specific criteria in Amazon Web Services (AWS) logs and to generate incidents.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
解説:
1 - Add the Amazon Web Services connector
2 - From Analytics in Azure Sentinel, create a ,,,,,,,,
3 - Set the alert logic
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/detect-threats-custom
質問 # 137
You open the Cloud App Security portal as shown in the following exhibit.
You need to remediate the risk for the Launchpad app.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
解説:
Explanation
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/governance-discovery
質問 # 138
You deploy Azure Sentinel.
You need to implement connectors in Azure Sentinel to monitor Microsoft Teams and Linux virtual machines in Azure. The solution must minimize administrative effort.
Which data connector type should you use for each workload? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/connect-office-365
https://docs.microsoft.com/en-us/azure/sentinel/connect-syslog
質問 # 139
You have a custom detection rule that includes the following KQL query.
For each of the following statements, select Yes if True. Otherwise select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 140
You have an Azure subscription that has Azure Defender enabled for all supported resource types.
You need to configure the continuous export of high-severity alerts to enable their retrieval from a third-party security information and event management (SIEM) solution.
To which service should you export the alerts?
- A. Azure Event Grid
- B. Azure Data Lake
- C. Azure Event Hubs
- D. Azure Cosmos DB
正解:C
解説:
Section: [none]
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/security-center/continuous-export?tabs=azure-portal
質問 # 141
You need to implement the Azure Information Protection requirements. What should you configure first?
- A. Advanced features from Settings in Microsoft Defender Security Center
- B. Device health and compliance reports settings in Microsoft Defender Security Center
- C. scanner clusters in Azure Information Protection from the Azure portal
- D. content scan jobs in Azure Information Protection from the Azure portal
正解:A
解説:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/information- protection-in-windows-overview
質問 # 142
You have an existing Azure logic app that is used to block Azure Active Directory (Azure AD) users. The logic app is triggered manually.
You deploy Azure Sentinel.
You need to use the existing logic app as a playbook in Azure Sentinel. What should you do first?
- A. And a new scheduled query rule.
- B. Modify the trigger in the logic app.
- C. Configure a custom Threat Intelligence connector in Azure Sentinel.
- D. Add a data connector to Azure Sentinel.
正解:B
解説:
https://docs.microsoft.com/en-us/azure/sentinel/playbook-triggers-actions https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook
質問 # 143
You have an Azure subscription that uses Microsoft Sentinel and contains a user named User1.
You need to ensure that User1 can enable User and Entity Behavior Analytics (UEBA) for entity behavior in Azure AD The solution must use The principle of least privilege.
Which roles should you assign to Used? To answer select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 # 144
Your on-premises network contains 100 servers that run Windows Server.
You have an Azure subscription that uses Microsoft Sentinel.
You need to upload custom logs from the on-premises servers to Microsoft Sentinel.
What should you do? To answer, select the appropriate options m the answer area.
正解:
解説:
質問 # 145
You have an Azure subscription.
You need to delegate permissions to meet the following requirements:
Enable and disable Azure Defender.
Apply security recommendations to resource.
The solution must use the principle of least privilege.
Which Azure Security Center role should you use for each requirement? To answer, drag the appropriate roles to the correct requirements. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-permissions
質問 # 146
You are investigating an incident by using Microsoft 365 Defender.
You need to create an advanced hunting query to detect failed sign-in authentications on three devices named CFOLaptop, CEOLaptop, and COOLaptop.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 147
Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with Azure AD.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender 365.
You need to identify all the interactive authentication attempts by the users in the finance department of your company.
How should you complete the KQL query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 148
You have an Azure subscription that has Azure Defender enabled for all supported resource types.
You create an Azure logic app named LA1.
You plan to use LA1 to automatically remediate security risks detected in Azure Security Center.
You need to test LA1 in Security Center.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/workflow-automation#create-a-logic-app-and-define-when-it-should-automatically-run
質問 # 149
......
Microsoft SC-200試験に合格することで、候補者はMicrosoft環境におけるセキュリティ脅威を特定、調査、対応する能力を証明することができます。この認定により、候補者はセキュリティインシデントを管理し、Microsoft環境をサイバー脅威から保護するために必要なスキルと知識を持っていることが示されます。この認定は、業界で高く評価され、セキュリティオペレーションアナリストの新しいキャリア機会を提供する可能性があります。
試験解答SC-200最新版とテストエンジン:https://www.jpntest.com/shiken/SC-200-mondaishu