ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 8 question 1 discussion

Actual exam question from Microsoft's SC-200
Question #: 1
Topic #: 12
[All SC-200 Questions]

You need to complete the query for failed sign-ins to meet the technical requirements.
Where can you find the column name to complete the where clause?

  • A. Security alerts in Azure Security Center
  • B. Activity log in Azure
  • C. Azure Advisor
  • D. the query windows of the Log Analytics workspace
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Hacker00 at Dec. 20, 2021, 6:40 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Lion007
Highly Voted 1 year, 11 months ago
Selected Answer: D
D is correct. By increasing the time window, we would know if the failed sign ins are common or suspecious. The corrected code would be something like: BehaviorAnalytics | where ActivityType == "FailedLogOn" | extend ActivityInsightsArray=parse_json(ActivityInsights) | extend UnusualFailedSignIns = tostring(parse_json(ActivityInsightsArray).UnusualNumberOfFailedSignInOfThisUser) | where UnusualFailedSignIns == True | summarize count() by SourceIPLocation, UserName | order by count_ desc
upvoted 13 times
Metasploit
1 year, 7 months ago
I agree, D. For this case scenario and as per requirement, Identify all cases of users who failed to sign in to an Azure resource for the first time from a given country. You may want to update the enrichment with "FirstTimeUserConnectedFromCountry". :) https://learn.microsoft.com/en-us/azure/sentinel/ueba-reference#country-connected-from
upvoted 3 times
...
...
Hacker00
Highly Voted 2 years, 5 months ago
D-Correct answer
upvoted 8 times
...
chepeerick
Most Recent 7 months, 1 week ago
Correct option
upvoted 1 times
...
Muffen
2 years, 2 months ago
Selected Answer: D
Correct - The query window will provide IntelliSense to help figure out what the column is as you type. You can also just do a broad search for all failed logins and see which columns are returned in the output. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-tutorial#write-a-query
upvoted 6 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel