Microsoft Azure

Microsoft Security Operations Analyst

SC-200
Popular

Validate your skills with the SC-200 exam for Microsoft Security Operations Analyst.

147 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 91–100 of 147

Q91

Which service allows you to automate incident response in Azure?

  • A Azure Logic Apps
  • B Azure Monitor
  • C Azure Sentinel
  • D Azure Security Center
Explanation Azure Logic Apps can automate workflows and responses; others provide monitoring but not automation directly.
Q92

A company needs to ensure its key vault can only be accessed from specific virtual networks. What should they do?

  • A Use Azure Key Vault policies
  • B Implement Azure Firewall
  • C Configure virtual network service endpoints
  • D Enable Key Vault access logging
Explanation Virtual network service endpoints restrict Key Vault access; other options don’t enforce strict network-level access.
Q93

What happens when Azure Security Center reports a vulnerability in a virtual machine?

  • A VM is automatically deleted
  • B Recommended remediation actions are provided
  • C The VM is immediately shut down
  • D No action is taken automatically
Explanation Azure Security Center provides detailed remediation actions; other options suggest irrelevant outcomes not supported by the service.
Q94

Which service provides real-time threat protection for Azure resources?

  • A Azure Security Center
  • B Azure Backup
  • C Azure Functions
  • D Azure DevOps
Explanation Azure Security Center provides threat protection, while the others focus on backup, serverless functions, and development tools.
Q95

A company needs to ensure that their Azure resources are compliant with regulatory requirements. Which feature should they implement?

  • A Azure Policy
  • B Azure Monitor
  • C Azure Backup
  • D Azure Active Directory
Explanation Azure Policy enforces compliance, whereas others serve monitoring, backup, or identity management purposes.
Q96

What happens when you configure Azure Firewall with a default rule collection?

  • A All traffic is denied automatically
  • B Only outbound traffic is allowed
  • C Inbound and outbound traffic is allowed
  • D Explicit allows take precedence over denials
Explanation The default rule denies all traffic unless specified otherwise.
Q97

Which service provides Azure Security Score recommendations?

  • A Azure Security Center
  • B Azure Monitor
  • C Azure Sentinel
  • D Azure Active Directory
Explanation Azure Security Center offers recommendations for enhancing security posture, while the other options focus on monitoring or identity services.
Q98

A company needs to analyze security incidents in real-time. What should they use?

  • A Azure AD
  • B Azure Sentinel
  • C Azure Backup
  • D Azure Firewall
Explanation Azure Sentinel is a SIEM solution designed for real-time analysis of incidents, unlike options A, C, and D which serve other purposes.
Q99

What happens when an Azure AD user account is disabled?

  • A Cannot sign in or access resources
  • B Account is deleted permanently
  • C User can still access resources
  • D Password must be changed soon
Explanation Disabling an account prevents sign-in and access, while the other options inaccurately describe user account statuses.
Q100

Which Azure service provides network security groups?

  • A Azure Virtual Network
  • B Azure Load Balancer
  • C Azure Functions
  • D Azure Storage
Explanation Azure Virtual Network supports network security groups, while the others serve different purposes.