Manage a security operations environment Questions
Practice questions for Manage a security operations environment topic in Microsoft Certified: Security Operations Analyst Associate. 83 questions covering this domain.
A security lead wants email alerts from Microsoft Defender XDR when new incidents meet configured severity criteria. Which Defender XDR feature should...
Which Microsoft Sentinel analytics rule type is designed for near real-time detection with minimal latency?
Which Microsoft service underpins Microsoft Sentinel playbooks?
A hunting query in Microsoft Defender XDR has proven useful and now should raise alerts automatically when it matches future activity. What should the...
A team creates several Sentinel automation rules that all match the same newly created incident. How are the rules executed?
A detection engineer wants to review how current detections align to adversary tactics and techniques. Which framework should be used?
A Sentinel engineer wants a workflow that runs whenever an incident is created and can use the incident together with its related alerts and entities....
An analytics rule in Microsoft Sentinel is configured not to create incidents, but the SOC still wants an automated workflow to run each time the rule...
A SOC manager wants visual dashboards for Sentinel data that analysts can use to monitor trends and investigation metrics. Which Sentinel feature shou...
A security administrator wants a subset of analysts to manage only incidents from particular devices, and those devices also need a different remediat...
An administrator needs Azure activity data from subscriptions and resources in Microsoft Sentinel. Which approach is documented for this requirement?
A network team needs to ingest Common Event Format logs from third-party appliances into Microsoft Sentinel by using the current recommended agent pat...
A SOC needs to collect Windows Security events into Microsoft Sentinel by using Azure Monitor Agent. What else must be configured?
A SOC engineer needs a playbook that can enrich and update an incident using all alerts and entities already attached to it. Which Sentinel playbook t...
A user needs to manage incidents in Microsoft Sentinel but should not create or modify Sentinel resources. Which built-in Sentinel role is the best fi...
A SOC wants to store ingested data from a proprietary line-of-business security tool in a dedicated schema inside the Sentinel workspace. What should ...
A Sentinel administrator can view a playbook but cannot attach it to an automation rule because the required permission on the playbook resource group...
A large organization wants one SOC team to see and manage only a defined subset of endpoints, while also applying specific remediation levels to that ...
A security team wants suspicious artifacts on some endpoints to be remediated only after analyst approval, while keeping investigations automatic. Whi...
An operations lead needs long-term retention beyond the Analytics tier and wants Sentinel data stored in the separate long-term tier called out in the...
Sign in to see all 83 questions
Create a free account to browse all questions — completely free during our launch phase.