ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 2 question 52 discussion

Actual exam question from Microsoft's MS-500
Question #: 52
Topic #: 2
[All MS-500 Questions]

DRAG DROP -
You have an Azure Sentinel workspace that has an Office 365 connector.
You are threat hunting events that have suspicious traffic from specific IP addresses.
You need to save the events and the relevant query results for future reference.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/bookmarks
by Just2a at Nov. 8, 2022, 1:42 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Just2a
2 years, 7 months ago
Answer is correct
upvoted 2 times
Ginaglia
2 years, 6 months ago
Should it be from Azure Monitor?
upvoted 1 times
EM1234
2 years, 4 months ago
No, you run the query from the LAW. Go to monitor and try to do it.
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel