ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 7 discussion

Actual exam question from Microsoft's SC-200
Question #: 7
Topic #: 3
[All SC-200 Questions]

You provision Azure Sentinel for a new Azure subscription.
You are configuring the Security Events connector.
While creating a new rule from a template in the connector, you decide to generate a new alert for every event.
You create the following rule query.

By which two components can you group alerts into incidents? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. user
  • B. resource group
  • C. IP address
  • D. computer
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by sommy at April 15, 2021, 2:40 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
hyperion
Highly Voted 3 years, 5 months ago
Answer should be A, D. IP address data is removed from the query in the | summarize, and is not mapped to the IP custom entity.
upvoted 63 times
madperro
3 years ago
Correct answer.
upvoted 1 times
...
...
NoNameP
Highly Voted 3 years, 4 months ago
Correct answer A, D.
upvoted 10 times
...
rkrau
Most Recent 5 months ago
Selected Answer: AC
Ask ChatGPT
upvoted 1 times
...
Harryd82
7 months, 3 weeks ago
A & D is correct
upvoted 1 times
...
chepeerick
1 year, 1 month ago
A and D as IP is removed
upvoted 1 times
...
jamclash
1 year, 3 months ago
in exam 9/20/23
upvoted 1 times
...
RV025
1 year, 3 months ago
Selected Answer: AD
"user" should be replaced with Account
upvoted 3 times
...
[Removed]
1 year, 10 months ago
Selected Answer: AD
A. user and D. computer. To group alerts into incidents in Azure Sentinel, you can use any combination of the available grouping fields. In this case, since the rule query does not include information on resource groups or IP addresses, only user and computer can be used to group alerts into incidents. Grouping alerts by user and computer can help you identify patterns of activity and better understand the scope and impact of potential security threats. By grouping alerts into incidents, you can also more easily manage and track your response to security incidents.
upvoted 5 times
...
Apocalypse03
2 years ago
Selected Answer: AD
To group alerts into incidents in Azure Sentinel, you can use the "user" and "computer" components in the rule query.
upvoted 2 times
...
sainfosec
2 years, 4 months ago
Selected Answer: AD
AD correct
upvoted 2 times
...
Dumisoph
2 years, 4 months ago
A&D is Correct
upvoted 1 times
...
ariania
2 years, 5 months ago
Added the script to a analytic rule and get "Account" and "Host" as only options.
upvoted 1 times
...
M20200713
2 years, 8 months ago
Selected Answer: AD
Thinking top AD also
upvoted 1 times
...
Fishman22222
2 years, 8 months ago
Selected Answer: AD
A and D
upvoted 1 times
...
Muffen
2 years, 9 months ago
Selected Answer: AD
IP is not returned in the query. We can see that the Account and Computer were mapped to entities and were returned in the 'summarize' section.
upvoted 2 times
...
Tx4free
2 years, 9 months ago
Selected Answer: AD
You can group by user and computer
upvoted 1 times
...
Tx4free
2 years, 9 months ago
Selected Answer: AD
Best answer
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel