ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 1 question 53 discussion

Actual exam question from Microsoft's SC-200
Question #: 53
Topic #: 1
[All SC-200 Questions]

You have a Microsoft 365 subscription that uses Microsoft Purview and Microsoft Teams.

You have a team named Team1 that has a project named Project1.

You need to identify any Project1 files that were stored on the team site of Team1 between February 1, 2023, and February 10, 2023.

Which KQL query should you run?

  • A. (c:c)(Project1)(date=(2023-02-01)..date=(2023-02-10))
  • B. AuditLogs -
    | where Timestamp between (datetime(2023-02-01)..datetime(2023-02-10))
    | where FileName contains “Project1”
  • C. Project1(c:c)(date=2023-02-01..2023-02-10)
  • D. AuditLogs -
    | where Timestamp > ago(10d)
    | where FileName contains “Project1”
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by hovlund at Oct. 3, 2023, 10:26 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SenorConsultant
Highly Voted 1 year, 6 months ago
Selected Answer: C
Tested in content search in the purview portal. project1(c:c)(date=2023-02-01..2023-02-10) This is the correct syntax for KQL content search in Purview, and searches for keyword "project1" in selected team, and between said dates.
upvoted 12 times
...
ostralo
Highly Voted 1 year, 1 month ago
KQL (Kusto Query Language) != KQL(Keyword Query Language) I hate MS.
upvoted 9 times
...
ExamSC200
Most Recent 2 months ago
Selected Answer: B
B is the correct answer. Option C is an incomplete query with incorrect syntax.
upvoted 1 times
...
Nikki0222
6 months, 1 week ago
C correct
upvoted 1 times
...
fy28838
6 months, 2 weeks ago
Selected Answer: B
B is definitely the correct answer
upvoted 1 times
...
emartiy
11 months ago
Selected Answer: B
checked in Content search. When enter keyword and select Date for given range its result project1(c:c)(date=2023-02-01..2023-02-10) (Correct answer is B)
upvoted 1 times
smosmo
11 months ago
@emartiy: project1(c:c)(date=2023-02-01..2023-02-10) is answer "C" not B, right?
upvoted 2 times
...
...
Durden871
1 year, 1 month ago
Chat GPT if you just copy and paste "C" into the question box. To search for Project1 files stored on the team site of Team1 between February 1, 2023, and February 10, 2023, using the provided query syntax, you can use the following KQL query: r Copy code Project1 (c:c) (date=2023-02-01..2023-02-10) Mo This query searches for files with the name "Project1" (Project1), stored on the team site of Team1 ((c:c)), with a modification date between February 1, 2023, and February 10, 2023 ((date=2023-02-01..2023-02-10)), and filters for files modified on Mondays (Mo).
upvoted 2 times
Durden871
1 year, 1 month ago
The provided KQL query seems to be targeting audit logs to identify files containing "Project1" within a specified time range. Here's the corrected version: kql Copy code AuditLogs | where Timestamp between (datetime(2023-02-01) .. datetime(2023-02-10)) | where FileName contains "Project1" This query filters the AuditLogs for entries where the Timestamp falls between February 1, 2023, and February 10, 2023, and then further filters those entries to include only files where the FileName contains "Project1".
upvoted 1 times
...
...
MILKE
1 year, 1 month ago
AuditLogs - | where Timestamp between (datetime(2023-02-01)..datetime(2023-02-10)) | where FileName contains “Project1”
upvoted 1 times
...
MattWong
1 year, 2 months ago
The question is about KQL, so it is B
upvoted 1 times
...
chepeerick
1 year, 6 months ago
Option B
upvoted 3 times
...
hovlund
1 year, 7 months ago
Correct in my opinion
upvoted 1 times
hovlund
1 year, 6 months ago
I stand corrected by Danb67
upvoted 2 times
...
danb67
1 year, 6 months ago
Nope. This is talking about Purview. I tested in my lab. I started an E-Discovery case and the only option that works is C. C:C means 'and' so here we are looking for the file Project1 and the date filter. A: Wrong syntax why would a query start with And? B: E-Discovery doesn't accept syntax like this. We are not talking about advanced hunting here. C: Correct D: See B
upvoted 4 times
wheeldj
1 year ago
Just ran this in my lab tenant and E-discovery absolutely does accept KQL format queries such as answer B. No syntax errors. I couldn't check the results as I have no data in this tenant but the search ran just fine. So on the basis that both B and C appear to work and the question specifically asks for KQL I vote answer B.
upvoted 2 times
...
TheHuman_
1 year, 4 months ago
Nowhere it is stated that this query is explicitly executed inside Purview. It says to use KQL queries, which could also be inside Advanced Hunting
upvoted 1 times
Wixed
1 year, 4 months ago
Wrong, you require Microsoft 365 Defender to perform advanced hunting. The description only says: "You have a Microsoft 365 subscription that uses Microsoft Purview and Microsoft Teams."
upvoted 3 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago