Microsoft SecOps Analyst (SC-200) Exam Questions Apr - 2025

Microsoft SecOps Analyst (SC-200) Exam Questions Apr - 2025

Description:

Skills at a glance

  • Manage a security operations environment (20–25%)

  • Configure protections and detections (15–20%)

  • Manage incident response (25–30%)

  • Manage security threats (15–20%)

Manage a security operations environment

Configure settings in Microsoft Defender XDR

  • Configure alert and vulnerability notification rules

  • Configure Microsoft Defender for Endpoint advanced features

  • Configure endpoint rules settings

  • Manage automated investigation and response capabilities in Microsoft Defender XDR

  • Configure automatic attack disruption in Microsoft Defender XDR

Manage assets and environments

  • Configure and manage device groups, permissions, and automation levels in Microsoft Defender for Endpoint

  • Identify unmanaged devices in Microsoft Defender for Endpoint

  • Discover unprotected resources by using Defender for Cloud

  • Identify and remediate devices at risk by using Microsoft Defender Vulnerability Management

  • Mitigate risk by using Exposure Management in Microsoft Defender XDR

Design and configure a Microsoft Sentinel workspace

  • Plan a Microsoft Sentinel workspace

  • Configure Microsoft Sentinel roles

  • Specify Azure RBAC roles for Microsoft Sentinel configuration

  • Design and configure Microsoft Sentinel data storage, including log types and log retention

Ingest data sources in Microsoft Sentinel

  • Identify data sources to be ingested for Microsoft Sentinel

  • Implement and use Content hub solutions

  • Configure and use Microsoft connectors for Azure resources, including Azure Policy and diagnostic settings

  • Plan and configure Syslog and Common Event Format (CEF) event collections

  • Plan and configure collection of Windows Security events by using data collection rules, including Windows Event Forwarding (WEF)

  • Create custom log tables in the workspace to store ingested data

  • Monitor and optimize data ingestion

Configure protections and detections

Configure protections in Microsoft Defender security technologies

  • Configure policies for Microsoft Defender for Cloud Apps

  • Configure policies for Microsoft Defender for Office 365

  • Configure security policies for Microsoft Defender for Endpoints, including attack surface reduction (ASR) rules

  • Configure cloud workload protections in Microsoft Defender for Cloud

Configure detections in Microsoft Defender XDR

  • Configure and manage custom detection rules

  • Manage alerts, including tuning, suppression, and correlation

  • Configure deception rules in Microsoft Defender XDR

Configure detections in Microsoft Sentinel

  • Classify and analyze data by using entities

  • Configure and manage analytics rules

  • Query Microsoft Sentinel data by using ASIM parsers

  • Implement behavioral analytics

Manage incident response

Respond to alerts and incidents in the Microsoft Defender portal

  • Investigate and remediate threats by using Microsoft Defender for Office 365

  • Investigate and remediate ransomware and business email compromise incidents identified by automatic attack disruption

  • Investigate and remediate compromised entities identified by Microsoft Purview data loss prevention (DLP) policies

  • Investigate and remediate threats identified by Microsoft Purview insider risk policies

  • Investigate and remediate alerts and incidents identified by Microsoft Defender for Cloud workload protections

  • Investigate and remediate security risks identified by Microsoft Defender for Cloud Apps

  • Investigate and remediate compromised identities that are identified by Microsoft Entra ID

  • Investigate and remediate security alerts from Microsoft Defender for Identity

Respond to alerts and incidents identified by Microsoft Defender for Endpoint

  • Investigate device timelines

  • Perform actions on the device, including live response and collecting investigation packages

  • Perform evidence and entity investigation

Investigate Microsoft 365 activities

  • Investigate threats by using the unified audit log

  • Investigate threats by using Content Search

  • Investigate threats by using Microsoft Graph activity logs

Respond to incidents in Microsoft Sentinel

  • Investigate and remediate incidents in Microsoft Sentinel

  • Create and configure automation rules

  • Create and configure Microsoft Sentinel playbooks

  • Run playbooks on on-premises resources

Implement and use Microsoft Security Copilot

  • Create and use promptbooks

  • Manage sources for Security Copilot, including plugins and files

  • Integrate Security Copilot by implementing connectors

  • Manage permissions and roles in Security Copilot

  • Monitor Security Copilot capacity and cost

  • Identify threats and risks by using Security Copilot

  • Investigate incidents by using Security Copilot

Manage security threats

Hunt for threats by using Microsoft Defender XDR

  • Identify threats by using Kusto Query Language (KQL)

  • Interpret threat analytics in the Microsoft Defender portal

  • Create custom hunting queries by using KQL

Hunt for threats by using Microsoft Sentinel

  • Analyze attack vector coverage by using the MITRE ATT&CK matrix

  • Manage and use threat indicators

  • Create and manage hunts

  • Create and monitor hunting queries

  • Use hunting bookmarks for data investigations

  • Retrieve and manage archived log data

  • Create and manage search jobs

Create and configure Microsoft Sentinel workbooks

  • Activate and customize workbook templates

  • Create custom workbooks that include KQL

  • Configure visualizations

Course Fee

$19.99

Discounted Fee

$0.00

Hours

0

Views

49

Get Course
Click here to Get Course