ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 7 question 7 discussion

Actual exam question from Microsoft's SC-200
Question #: 7
Topic #: 7
[All SC-200 Questions]

HOTSPOT
-

You have a Microsoft Sentinel workspace.

You plan to visualize data from Microsoft SharePoint Online and OneDrive sites.

You need to create a KQL query for the visual. The solution must meet the following requirements:

• Select all workloads as a single operation.
• Include two parameters named Operations and Users.
• In the results, exclude empty values for the site URLs.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by DChilds at April 26, 2024, 11:06 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
DChilds
Highly Voted 11 months, 4 weeks ago
Second option should be where SiteUrl !="
upvoted 18 times
...
g_man_rap
Highly Voted 8 months ago
OfficeActivity | where Operation in ((Operations)) | where OfficeWorkload in ('OneDrive', 'SharePoint') | where SiteUrl != " " | summarize Number = count() by Site_Url, UserId, Operation, TimeGenerated First Dropdown: where Operation in ((Operations)) Second Dropdown: where SiteUrl != " "
upvoted 6 times
...
Optimizor_IT
Most Recent 3 days, 7 hours ago
Operations filter: | where Operation in ({Operations}) Site URL filter: | where SiteUrl != " (with the caveat that it should be | where isnotempty(Site_Url) or | where Site_Url != "" for correctness)
upvoted 1 times
...
VeiN
5 months, 3 weeks ago
There is a similar case under. I think this is badly copied, and "AH" is "All" OfficeActivity | where OfficeWorkload in ('OneDrive', 'SharePoint') | where '{Operations:lable}'=='All' or Operation in ({Operations}) using {} will enable to select/write entries in workbook that will be used in the query | where SiteUrl != " " => OK
upvoted 1 times
...
MqQuintana
11 months, 2 weeks ago
The project statement gums up the sumarize
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago