ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 35 discussion

Actual exam question from Microsoft's SC-200
Question #: 35
Topic #: 3
[All SC-200 Questions]

HOTSPOT -
You need to create a query for a workbook. The query must meet the following requirements:
✑ List all incidents by incident number.
✑ Only include the most recent log for each incident.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://www.drware.com/whats-new-soc-operational-metrics-now-available-in-sentinel/
by rdy4u at April 28, 2022, 4:59 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rdy4u
Highly Voted 2 years, 1 month ago
If you wanted to return a list of all incidents sorted by their incident number but only wanted to return the most recent log per incident, you could do this using the arg_max KQL operator*: List incidents by incident number SecurityIncident | summarize arg_max(LastModifiedTime, *) by IncidentNumber
upvoted 14 times
Nickname01
1 year, 7 months ago
tested, answer is correct
upvoted 7 times
...
...
chepeerick
Most Recent 7 months, 2 weeks ago
Correct option
upvoted 1 times
...
PhoenixSlasher
1 year, 3 months ago
Answer correct, tested.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel