Exam SC-200 topic 3 question 67 discussion

D is correct: https://learn.microsoft.com/en-us/azure/sentinel/customize-alert-details

ChatGTP: ✅ Correct answer: D. Create a scheduled query rule 🧾 Explanation: To customize which details are included when an alert is created in Microsoft Sentinel for a specific event, the correct approach is to: 👉 Create a scheduled query rule Scheduled query rules in Sentinel allow you to: Write a custom KQL query to detect specific events or patterns. Define custom alert details, including alert name, severity, entities, and description. Customize the output and enrichment of the alert. This gives you full control over what data gets included in the alert based on the results of the query.

To customize which details will be included when an alert is created for a specific event in Microsoft Sentinel, you should C. Modify the properties of the connector. By modifying the properties of the Microsoft Defender for Cloud data connector, you can specify which details and fields are included in the alert. https://learn.microsoft.com/en-us/azure/sentinel/customize-alert-details?tabs=azure

data collector from defender for cloud

Correct option

select the "Data connectors" option.

D is correct

The answer is B. Create a Data Collection Rule (DCR). A Data Collection Rule (DCR) is a way to customize which details will be included when an alert is created for a specific event. You can use a DCR to specify the fields that you want to include in the alert, as well as the format of the alert.

A & B are obviously not relevant C - might be true for some data connectors, but this one Defender for Cloud does not provide any filtering options D - correct one, https://learn.microsoft.com/en-us/azure/sentinel/connect-defender-for-cloud

o customize which details will be included when an alert is created for a specific event in Microsoft Sentinel for a Microsoft Defender for Cloud data connector, you should modify the properties of the connector. Therefore, the correct answer is C. Modify the properties of the connector.

D is correct

C. Modify the properties of the connector. To customize which details will be included when an alert is created for a specific event in Microsoft Sentinel, you can modify the properties of the Microsoft Defender for Cloud data connector.

Select a scheduled query rule and select Edit. Or create a new rule by selecting Create > Scheduled query rule at the top of the screen.

I would say this is the entities it is referring to which is configurable through analytic rules