Exam SC-200 All QuestionsBrowse all questions from this exam
Go to Exam
Question 206

HOTSPOT

-

You have an Azure subscription that contains a Microsoft Sentinel workspace.

You need to create a hunting query using Kusto Query Language (KQL) that meets the following requirements:

• Identifies an anomalous number of changes to the rules of a network security group (NSG) made by the same security principal.

• Automatically associates the security principal with a Microsoft Sentinel entity.

How should you complete the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

    Correct Answer:

Discussion
Anil0512

Correct Answer are. AzureActivity & Extend.

Anil0512

AzureActivity | where OperationNameValue contains "..."

danb67

Agreed.

chepeerick

Azure and only extend can be used as = is used instead of ==

7d801bf

correct answer Azure Activity and Extend

fbernis

AzureActivity & Extend