SC-200 Exam QuestionsBrowse all questions from this exam
Go to Exam

SC-200 Exam - Question 332

DRAG DROP

-

You have a Microsoft Sentinel workspace named SW1.

In SW1, you enable User and Entity Behavior Analytics (UEBA).

You need to use KQL to perform the following tasks:

• View the entity data that has fields for each type of entity.

• Assess the quality of rules by analyzing how well a rule performs.

Which table should you use in KQL for each task? To answer, drag the appropriate tables to the correct tasks. Each table may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Exam SC-200 Question 332
Show Answer
Correct Answer:
Exam SC-200 Question 332

Discussion

3 comments
Sign in to comment
DChilds
Apr 27, 2024

This question was in the exam 27/04/2024. BehaviorAnalytics and Anomalies.

CDR
Dec 14, 2024

Another perla. The CORRECT table for assessing rule quality is BehaviorAnalyticsRuleStats. But of course, that isn't even an option. So we go with Anomalies.

g_man_rap
Aug 21, 2024

Correct Answers: View entity data: BehaviorAnalytics Assess rule quality: Anomalies

Optimizor_IT
Apr 16, 2025

I would say it is BehaviorAnalytics for both.