Exam SC-200 All QuestionsBrowse all questions from this exam
Go to Exam
Question 174

HOTSPOT

-

You have the following KQL query.

For each of the following statements, select Yes if the statement is true. Otherwise. select No.

NOTE: Each correct selection is worth one point.

    Correct Answer:

Discussion
theplaceholder

A) Yes -- AccountCustomEntity = Username B) No -- Watchlists can be updated C) No -- IPCustomEntity != IPList

ethhacker

B equals YES. Watchlist can be updated. Guess you misread.

ethhacker

I misread. Select yes if statement is true. Then B = No. :)

sebas12345

I hate those kind of questions... its so easy to misread ! Especially under pressure.. they should just go with the straight true/false.

learnlearnlearn

"The watchlist can not be updated after it is created" should be "No". This here are docs explaining how to edit them https://learn.microsoft.com/en-us/azure/sentinel/watchlists-manage#edit-a-watchlist-item

yoton

Uh.. If the watchlist can not be updated after it is created then the answer is yes.. because it's asking if the statement "The watchlist can not be updated after is created." Is right or not.

yoton

Ignore me. I misunderstood.

Fcnet

The account entity is set as the username not the opposite The username is not set as the account entity it's the opposite 1 should be no the watchlist can be updated so https://learn.microsoft.com/en-us/azure/sentinel/watchlists-manage#edit-a-watchlist-item 2 should be No IPList var refers to the entity type Ip Address yes https://learn.microsoft.com/en-us/azure/sentinel/entities-reference#entity-types-and-identifiers 3 should be Yes So my guess N,N,Y

Fcnet

if i misunderstund the wording of the first sentence as it seems inverted for me in this case it would be Y,N,Y :)

Fcnet

misunderstood

theplaceholder

https://learn.microsoft.com/en-us/azure/sentinel/entities-reference#entity-types-and-identifiers This article does not mention IPList anywhere. The IPCustomEntity is not set to IPList in the query. The answer for this question (to my understanding) is no.

estyj

No - AccountCustomEntity= Usersname not AccountEntity No - Watchlist can be updated No - IPcustoeEntity - IPlist

Murtuza

Username Field is set as AccountCustomEntity in the query so the answer to the question should be NO

chepeerick

Correct Option

chepeerick

Yes, Yes, no

donathon

Yes no yes

billo79152718

Yes, No, Yes is correct

Coolcat2023

That's what I'm seeing too