1. Home
  2. SC-200 Exam
Exam Code: SC-200
Exam Questions: 373
Microsoft Security Operations Analyst
Updated: 24 Nov, 2025
Viewing Page : 1 - 38
Practicing : 1 - 5 of 373 Questions
Question 1

You have a Microsoft 365 tenant that uses Microsoft Exchange Online and Microsoft Defender for Office 365.
What should you use to identify whether zero-hour auto purge (ZAP) moved an email message from the mailbox of a user?

Options :
Answer: A
Question 2

You have a Microsoft 365 subscription that uses Microsoft Purview and Microsoft Teams.

You have a team named Team1 that has a project named Project1.

You need to identify any Project1 files that were stored on the team site of Team1 between February 1, 2023, and February 10, 2023.

Which KQL query should you run?

Options :
Answer: B
Question 3

You have an Azure subscription that has Microsoft Defender for Cloud enabled.

You have a virtual machine named Server1 that runs Windows Server 2022 and is hosted in Amazon Web Services (AWS).

You need to collect logs and resolve vulnerabilities for Server1 by using Defender for Cloud.

What should you install first on Server1?

Options :
Answer: B
Question 4

You have an Azure Sentinel workspace.
You need to test a playbook manually in the Azure portal. From where can you run the test in Azure Sentinel?

Options :
Answer: D
Question 5

You have an Azure subscription that uses Microsoft Defender for Cloud and contains a storage account named storage1. You receive an alert that there was an unusually high volume of delete operations on the blobs in storage1.
You need to identify which blobs were deleted.
What should you review?

Options :
Answer: B
Viewing Page : 1 - 38
Practicing : 1 - 5 of 373 Questions

© Copyrights FreePDFQuestions 2025. All Rights Reserved

We use cookies to ensure that we give you the best experience on our website (FreePDFQuestions). If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the FreePDFQuestions.