ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 93 discussion

Actual exam question from Microsoft's SC-200
Question #: 93
Topic #: 3
[All SC-200 Questions]

HOTSPOT
-

You have a Microsoft Sentinel workspace that contains a custom workbook.

You need to query the number of daily security alerts. The solution must meet the following requirements:

• Identify alerts that occurred during the last 30 days.
• Display the results in a timechart.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by jr_cyber at Oct. 10, 2023, 4:25 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
g_man_rap
8 months, 2 weeks ago
summarize: This function is used to aggregate data based on specified criteria. In this case, you want to count the number of security alerts by day. The summarize function will group and aggregate the results by the TimeGenerated field. bin: The bin function is used to group the TimeGenerated values into 1-day intervals. This allows the query to generate counts of security alerts for each day within the specified 30-day period.
upvoted 1 times
...
g_man_rap
8 months, 2 weeks ago
moderator please delete the comment. is for question above. sorry
upvoted 1 times
...
g_man_rap
8 months, 2 weeks ago
Microsoft Defender for Identity sensors: These sensors are deployed on AD DS domain controllers to monitor and collect security-related events and activities directly from Active Directory. Defender for Identity (formerly Azure ATP) plays a crucial role in detecting identity-based threats, which is essential for UEBA to analyze user and entity behavior in your organization. The Security Events data source: This data source must be configured in Microsoft Sentinel to collect relevant security event logs from your domain controllers. Security events such as logons, account lockouts, and other authentication-related events are crucial for UEBA to analyze and detect abnormal behaviors.
upvoted 1 times
...
ApexPredator84
1 year, 4 months ago
In the exam on 21/12/2023
upvoted 3 times
...
chepeerick
1 year, 6 months ago
Correct option
upvoted 4 times
...
Anil0512
1 year, 6 months ago
Correct
upvoted 2 times
...
danb67
1 year, 6 months ago
Looks correct
upvoted 2 times
...
jr_cyber
1 year, 6 months ago
Tested the query- answer is correct.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago