Crucial Exams

Microsoft Security Operations Analyst Associate SC-200 Practice Question

You have configured the Microsoft Sentinel TAXII connector to pull domain, IP address, and file hash indicators of compromise (IOCs) from an external threat-intelligence feed. 24 hours later, analysts report that searches against the ThreatIntelligenceIndicator table show the new IOCs, but no alerts or incidents are being raised when log data contains matching entities. To ensure matches against the imported indicators automatically generate security alerts in Microsoft Sentinel, which action should you take next?

  • Enable and configure the built-in "Threat intelligence (TI) mapping" analytics rule template that maps indicators to log events.

  • Add the IP addresses to your perimeter firewall's block list to force Sentinel to generate alerts.

  • Write a new scheduled query rule that joins SecurityEvent with the ThreatIntelligenceIndicator table.

  • Create a watchlist that contains the imported indicators and reference it from existing analytics rules.

Microsoft Security Operations Analyst Associate SC-200
Manage security threats
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot