Microsoft Exam SC-200 Topic 2 Question 77 Discussion

Actual exam question for Microsoft's SC-200 exam

Question #: 77
Topic #: 2

[All SC-200 Questions]

You have a Microsoft 365 subscription. You have the following KQL query.

DeviceEvents

| where ActionType == "AntivirusDetection*

You need to ensure that you can create a Microsoft Defender XDR custom detection rule by using the query.

What should you add to the query?

Asummarize (Timestamp, DeviceHanw)=arg_min(Timestampf DeviceName), count() by Deviceld

Bsumarize (Timestamp, ReportId)>arg_max(Timestanp, Reportld), count{) by Deviceld

Csummarize (Timestamp)=range(Timestatip), count() by Deviceld

Dsumarize (ReportId)=make_set(ReportId), count() by Deviceld

Show Suggested Answer

Suggested Answer: D

by Dortha at Jul 16, 2024, 03:47 AM

Limited Time Offer

25%

Off

Contribute your Thoughts:

Submit Cancel

5 days ago

I'm not sure, but I think D) summarize (ReportId)=make_set(ReportId), count() by DeviceId could also work.

upvoted 0 times

...

13 days ago

I agree with Trinidad. Adding range(Timestamp) will help create the custom detection rule.

upvoted 0 times

...

17 days ago

I think the correct answer is C) summarize (Timestamp)=range(Timestamp), count() by DeviceId.

upvoted 0 times

...