Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft Exam SC-200 Topic 2 Question 77 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 77
Topic #: 2
[All SC-200 Questions]

You have a Microsoft 365 subscription. You have the following KQL query.

DeviceEvents

| where ActionType == "AntivirusDetection*

You need to ensure that you can create a Microsoft Defender XDR custom detection rule by using the query.

What should you add to the query?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Dortha at Jul 16, 2024, 03:47 AM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Lorean
15 days ago
I'm just going to close my eyes and click on an answer. Hopefully, it's the right one, or at least I'll get partial credit for trying.
upvoted 0 times
...
Cory
16 days ago
This is a tricky one! I'm going to guess option C - 'summarize (Timestamp)=range(Timestamp), count() by DeviceId'. It sounds like it could work, but I'm not 100% sure.
upvoted 0 times
...
Chantell
17 days ago
Wait, what's 'arg_min' and 'arg_max'? I'm a bit confused by the syntax here. Maybe I should ask the instructor for clarification.
upvoted 0 times
Kallie
2 days ago
A) You should add 'summarize (Timestamp, DeviceName)=arg_min(Timestamp, DeviceName), count() by DeviceId' to the query.
upvoted 0 times
...
...
Tonja
25 days ago
Aha, I've seen this kind of query before! I'm going to go with option D - 'summarize (ReportId)=make_set(ReportId), count() by DeviceId'. It seems to be the most relevant for creating a custom detection rule.
upvoted 0 times
...
Thomasena
1 months ago
Hmm, I'm not sure. I think I need to read up more on Microsoft Defender XDR custom detection rules. This query looks a bit complex.
upvoted 0 times
Marta
2 days ago
User2: That makes sense. It will help create the Microsoft Defender XDR custom detection rule.
upvoted 0 times
...
Von
13 days ago
User1: I think you should add 'summarize (Timestamp)=range(Timestamp), count() by DeviceId' to the query.
upvoted 0 times
...
...
Valene
2 months ago
I'm not sure, but I think D) summarize (ReportId)=make_set(ReportId), count() by DeviceId could also work.
upvoted 0 times
...
Veta
2 months ago
I agree with Trinidad. Adding range(Timestamp) will help create the custom detection rule.
upvoted 0 times
...
Trinidad
2 months ago
I think the correct answer is C) summarize (Timestamp)=range(Timestamp), count() by DeviceId.
upvoted 0 times
...

Save Cancel