ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 5 question 15 discussion

Actual exam question from Microsoft's SC-200
Question #: 15
Topic #: 5
[All SC-200 Questions]

You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1.

You create a hunting query that detects a new attack vector. The attack vector maps to a tactic listed in the MITRE ATT&CK database.

You need to ensure that an incident is created in WS1 when the new attack vector is detected.

What should you configure?

  • A. a hunting livestream session
  • B. a query bookmark
  • C. a scheduled query rule
  • D. a Fusion rule
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by phoenix5 at June 22, 2024, 6:35 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
OneplusOne
2 weeks ago
Selected Answer: C
Scheduled Query Rules are general-purpose log queries, while Analytics Rules are security-focused with advanced detection capabilities.
upvoted 1 times
...
sapphire
6 months, 4 weeks ago
Selected Answer: C
correct answer
upvoted 1 times
...
12369b6
7 months, 1 week ago
C. Scheduled Query Rules in Microsoft Sentinel allow you to automate the detection of threats by running predefined Kusto queries at regular intervals. These rules can be customized to match specific attack vectors, such as the one you identified with your hunting query. Once the query detects suspicious activity, it can trigger an alert, which can then be configured to automatically create an incident in Sentinel
upvoted 1 times
...
90158a0
11 months ago
Selected Answer: C
C. a scheduled query rule: This is used to run queries on a schedule, and when a match is found, it can create an incident in Microsoft Sentinel. Given that you have a hunting query that detects a new attack vector, setting up a scheduled query rule will ensure that this query runs regularly and automatically generates an incident whenever the attack vector is detected.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel