Crucial Exams

Microsoft Security Operations Analyst Associate SC-200 Practice Question

Your company uses Microsoft Sentinel to detect and respond to security threats. You have been asked to determine whether the Privilege Escalation tactic (and its related techniques) is already covered by your existing detections, hunting queries, and data sources, and to identify any gaps that require additional analytics rules or connectors. Which Microsoft Sentinel feature should you use to perform this analysis with the MITRE ATT&CK matrix view?

  • Open the built-in MITRE ATT&CK workbook from the Workbooks gallery and review its detection and data coverage matrices.

  • Open the Incidents blade and filter incidents by the Privilege Escalation tactic.

  • Use the Entity behavior blade to review user and host timelines for privilege-escalation anomalies.

  • Run the User and Entity Behavior Analytics (UEBA) workbook to list alerts related to privilege elevation.

Microsoft Security Operations Analyst Associate SC-200
Manage security threats
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot