Free Microsoft SC-200 Exam Questions
Absolute Free SC-200 Exam Practice for Comprehensive Preparation
-
Microsoft SC-200 Exam Questions
-
Provided By: Microsoft
- Exam: Microsoft Security Operations Analyst
- Certification: Security Operations Analyst Associate
-
Total Questions: 394
-
Updated On: Jun 01, 2026
-
Rated: 4.9 |
-
Online Users: 788
-
Question 1
-
You have a Microsoft 365 E5 subscription that uses Microsoft Copilot for Security. You have a Copilot
for Security workspace that uses the following plugins:
Microsoft Entra
Microsoft Defender XDR
From the Microsoft Defender portal, you use Copilot for Security to investigate a reported incident.
You need to run a promptbook that will include information from Microsoft Entra ID Protection in the
investigation. What should you do first?
Answer: C
-
You have a Microsoft 365 E5 subscription that uses Microsoft Copilot for Security. You have a Copilot
for Security workspace that uses the following plugins:
Microsoft Entra
Microsoft Defender XDR
From the Microsoft Defender portal, you use Copilot for Security to investigate a reported incident.
You need to run a promptbook that will include information from Microsoft Entra ID Protection in the
investigation. What should you do first?
-
Question 2
-
You need to restrict cloud apps running on CLIENT1 to meet the Microsoft Defender for Endpoint requirements.Which two configurations should you modify? Each correct answer present part of the solution. NOTE: Each correct selection is worth one point.
Answer: C,D
-
-
Question 3
-
You have a Microsoft 365 E5 subscription that uses Microsoft Copilot for Security. You have a Copilot
for Security workspace that uses the following plugins:
Microsoft Entra
Microsoft Defender XDR
From the Microsoft Defender portal, you use Copilot for Security to investigate a reported incident.
You need to run a promptbook that will include information from Microsoft Entra ID Protection in the
investigation. What should you do first?
Answer: C
-
You have a Microsoft 365 E5 subscription that uses Microsoft Copilot for Security. You have a Copilot
for Security workspace that uses the following plugins:
Microsoft Entra
Microsoft Defender XDR
From the Microsoft Defender portal, you use Copilot for Security to investigate a reported incident.
You need to run a promptbook that will include information from Microsoft Entra ID Protection in the
investigation. What should you do first?
-
Question 4
-
You have a Microsoft 365 E5 subscription that uses Microsoft Copilot for Security. You have a Copilot
for Security workspace that uses the following plugins:
Microsoft Entra
Microsoft Defender XDR
From the Microsoft Defender portal, you use Copilot for Security to investigate a reported incident.
You need to run a promptbook that will include information from Microsoft Entra ID Protection in the
investigation. What should you do first?
Answer: C
-
You have a Microsoft 365 E5 subscription that uses Microsoft Copilot for Security. You have a Copilot
for Security workspace that uses the following plugins:
Microsoft Entra
Microsoft Defender XDR
From the Microsoft Defender portal, you use Copilot for Security to investigate a reported incident.
You need to run a promptbook that will include information from Microsoft Entra ID Protection in the
investigation. What should you do first?
-
Question 5
-
You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You discover that when Microsoft Defender for Endpoint generates alerts for a commonly used executable file, it causes alert fatigue. You need to tune the alerts. Which two actions can an alert tuning rule perform for the alerts? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Answer: B,C
-