Crucial Exams

Microsoft Security Operations Analyst Associate SC-200 Practice Question

Your organization has a device group named CriticalServers in Microsoft Defender XDR. You must ensure that the SOC receives an email each time an alert with a severity of High or above is raised on any device in that group, while suppressing notifications for Medium and Low alerts. Which configuration should you create to meet the requirement?

  • Create an incident notification rule with a minimum incident severity of High and no additional filters.

  • Create a vulnerability notification rule that filters on CVSS severity High and targets the CriticalServers device group.

  • Build a scheduled hunting query in Microsoft Sentinel that looks for High-severity alerts on CriticalServers and sends an action-group email.

  • Create an alert notification rule scoped to the CriticalServers device group with a minimum alert severity of High.

Microsoft Security Operations Analyst Associate SC-200
Manage a security operations environment
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot