Microsoft Certified: Security Operations Analyst Associate Questions and Answers

200 questions organized by topic with detailed explanations

Microsoft
SC-200
200 questions
3 topics
Updated May 2026

Manage a security operations environment

83 questions22 easy41 medium20 hard~41% of exam
View All
A security lead wants email alerts from Microsoft Defender XDR when new incidents meet configured severity criteria. Whi...Which Microsoft Sentinel analytics rule type is designed for near real-time detection with minimal latency?Which Microsoft service underpins Microsoft Sentinel playbooks?

Respond to security incidents

73 questions19 easy37 medium17 hard~37% of exam
View All
A cloud security analyst needs to investigate risky activity in sanctioned SaaS applications and user sessions. Which Mi...A device shows suspicious behavior, and the responder must inspect artifacts and run approved remote investigation comma...An endpoint investigation requires examining suspicious files, processes, URLs, and IP addresses as related evidence. Wh...

Perform threat hunting

44 questions11 easy22 medium11 hard~22% of exam
View All
Which Microsoft Defender XDR feature provides curated reports about active threats, impacted assets, and recommended act...A hunter wants to aggregate recurring query results into a reusable table for easier later analysis. Which Sentinel feat...A hunter wants to look for suspicious outbound connections from endpoints. Which Advanced Hunting table is the most appr...

All Questions

#QuestionTopicDifficulty
1A cloud security analyst needs to investigate risky activity in sanctioned SaaS applications and use...Respond to security incidents
medium
2A security lead wants email alerts from Microsoft Defender XDR when new incidents meet configured se...Manage a security operations environment
easy
3Which Microsoft Sentinel analytics rule type is designed for near real-time detection with minimal l...Manage a security operations environment
easy
4Which Microsoft service underpins Microsoft Sentinel playbooks?Manage a security operations environment
easy
5Which Microsoft Defender XDR feature provides curated reports about active threats, impacted assets,...Perform threat hunting
easy

Sign in to see all 200 questions

Create a free account to browse all questions — completely free during our launch phase.

Sign Up FreeSign In

Ready to test your knowledge?

Take a full Microsoft Certified: Security Operations Analyst Associate practice test with timed exam simulation.

Start Practice Test