Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Microsoft Exam SC-200 Topic 2 Question 77 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 77
Topic #: 2
[All SC-200 Questions]

You have a Microsoft 365 subscription. You have the following KQL query.

DeviceEvents

| where ActionType == "AntivirusDetection*

You need to ensure that you can create a Microsoft Defender XDR custom detection rule by using the query.

What should you add to the query?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Dortha at Jul 16, 2024, 03:47 AM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Thomasena
9 days ago
Hmm, I'm not sure. I think I need to read up more on Microsoft Defender XDR custom detection rules. This query looks a bit complex.
upvoted 0 times
...
Valene
18 days ago
I'm not sure, but I think D) summarize (ReportId)=make_set(ReportId), count() by DeviceId could also work.
upvoted 0 times
...
Veta
26 days ago
I agree with Trinidad. Adding range(Timestamp) will help create the custom detection rule.
upvoted 0 times
...
Trinidad
1 months ago
I think the correct answer is C) summarize (Timestamp)=range(Timestamp), count() by DeviceId.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77