Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft Exam SC-200 Topic 2 Question 77 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 77
Topic #: 2
[All SC-200 Questions]

You have a Microsoft 365 subscription. You have the following KQL query.

DeviceEvents

| where ActionType == "AntivirusDetection*

You need to ensure that you can create a Microsoft Defender XDR custom detection rule by using the query.

What should you add to the query?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Dortha at Jul 16, 2024, 03:47 AM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Lorean
2 months ago
I'm just going to close my eyes and click on an answer. Hopefully, it's the right one, or at least I'll get partial credit for trying.
upvoted 0 times
...
Cory
2 months ago
This is a tricky one! I'm going to guess option C - 'summarize (Timestamp)=range(Timestamp), count() by DeviceId'. It sounds like it could work, but I'm not 100% sure.
upvoted 0 times
...
Chantell
2 months ago
Wait, what's 'arg_min' and 'arg_max'? I'm a bit confused by the syntax here. Maybe I should ask the instructor for clarification.
upvoted 0 times
Linwood
9 days ago
Understanding the syntax is important for creating the custom detection rule.
upvoted 0 times
...
Sharee
10 days ago
Adding arg_min or arg_max can help you refine your query.
upvoted 0 times
...
Laine
11 days ago
Arg_min and arg_max are functions used to find the minimum and maximum values.
upvoted 0 times
...
Ronny
1 months ago
C) Adding 'summarize (Timestamp)=range(Timestamp), count() by DeviceId' will help you create the Microsoft Defender XDR custom detection rule.
upvoted 0 times
...
Nickie
1 months ago
You can ask the instructor for clarification.
upvoted 0 times
...
Delsie
1 months ago
B) 'arg_min' and 'arg_max' are functions used to find the minimum and maximum values in a column. You can ask the instructor for clarification.
upvoted 0 times
...
Kallie
2 months ago
A) You should add 'summarize (Timestamp, DeviceName)=arg_min(Timestamp, DeviceName), count() by DeviceId' to the query.
upvoted 0 times
...
...
Tonja
2 months ago
Aha, I've seen this kind of query before! I'm going to go with option D - 'summarize (ReportId)=make_set(ReportId), count() by DeviceId'. It seems to be the most relevant for creating a custom detection rule.
upvoted 0 times
Clorinda
30 days ago
Yes, option D makes sense for adding to the query to create the custom detection rule.
upvoted 0 times
...
Lucia
1 months ago
I agree, option D seems to be the most suitable for creating the custom detection rule with Microsoft Defender XDR.
upvoted 0 times
...
Geraldine
1 months ago
I think option D is the right choice too. It looks like it will help create the custom detection rule.
upvoted 0 times
...
...
Thomasena
3 months ago
Hmm, I'm not sure. I think I need to read up more on Microsoft Defender XDR custom detection rules. This query looks a bit complex.
upvoted 0 times
Detra
28 days ago
User1: Let's try adding it and see if it works for the custom detection rule.
upvoted 0 times
...
Thersa
29 days ago
User3: I agree. Adding that to the query will ensure the rule is effective.
upvoted 0 times
...
Marta
2 months ago
User2: That makes sense. It will help create the Microsoft Defender XDR custom detection rule.
upvoted 0 times
...
Von
2 months ago
User1: I think you should add 'summarize (Timestamp)=range(Timestamp), count() by DeviceId' to the query.
upvoted 0 times
...
...
Valene
3 months ago
I'm not sure, but I think D) summarize (ReportId)=make_set(ReportId), count() by DeviceId could also work.
upvoted 0 times
...
Veta
3 months ago
I agree with Trinidad. Adding range(Timestamp) will help create the custom detection rule.
upvoted 0 times
...
Trinidad
4 months ago
I think the correct answer is C) summarize (Timestamp)=range(Timestamp), count() by DeviceId.
upvoted 0 times
...

Save Cancel