ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 1 question 54 discussion

Actual exam question from Microsoft's SC-200
Question #: 54
Topic #: 1
[All SC-200 Questions]

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint.

You need to create a query that will link the AlertInfo, AlertEvidence, and DeviceLogonEvents tables. The solution must return all the rows in the tables.

Which operator should you use?

  • A. search *
  • B. union kind = inner
  • C. join kind = inner
  • D. evaluate hint.remote =
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by hovlund at Oct. 3, 2023, 10:27 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
danb67
Highly Voted 1 year, 10 months ago
A. Not correct syntax. B. Correct Answer. Union takes two or more tables and returns the rows of all of them. C. Join Kind inner will not produce every row as inner means output has one row for every combination of left and right. So only if the columns appears in both tables will we get a hit. This doesn't meet the ask. D. Evaluate in KQL calls a plugin this is not relevant to the question
upvoted 9 times
...
DChilds
Highly Voted 1 year, 3 months ago
This question was in the exam 27/04/2024.
upvoted 6 times
...
c03bf14
Most Recent 1 month ago
Selected Answer: C
There is no such a thing as KIND in union. It cannot be B. It should be UNION but yeah, no kinds. Either B was written incorrectly here or it is C.
upvoted 1 times
...
Nikki0222
9 months, 3 weeks ago
B correct
upvoted 1 times
...
Porter5000
1 year, 6 months ago
Selected Answer: B
Union, because there are two or more tables that you need the rows from all tables
upvoted 2 times
...
N1oks
1 year, 8 months ago
Selected Answer: B
just could be *b*
upvoted 1 times
...
smanzana
1 year, 9 months ago
It is B
upvoted 1 times
...
chepeerick
1 year, 9 months ago
Option B
upvoted 2 times
...
hovlund
1 year, 10 months ago
Correct, Union takes Two or more tables and returns the rows of all of them: https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/unionoperator?pivots=azuredataexplorer
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel