Microsoft DevOps Engineer Expert AZ-400 Practice Question
Your company streams Microsoft Defender for Cloud recommendations to an Azure Log Analytics workspace by enabling continuous export. Security analysts need a KPI that shows the mean time to remediate (MTTR) for critical container-image vulnerabilities during the last 30 days, so that the KPI can be pinned to an Azure Workbook.
Which Kusto query should you recommend?
SecurityAlert | where Severity == "High" and AlertName == "Container registry image vulnerable" | summarize MTTR = avg(datetime_diff("hour", TimeGenerated, ClosedTime))
The SecurityRecommendation table contains one record when Defender for Cloud first detects a vulnerability (Status == "Active") and another when the issue is fixed (Status == "Resolved").
The correct query:
Filters on critical severity (RecommendationSeverity == "High") and the Container Registry recommendation type.
Creates pairs of Active/Resolved records for the same recommendation by using arg_min() to get the first detection and arg_max() to get the time it was resolved.
Calculates the positive time difference in hours using datetime_diff(), then averages it with avg() to obtain MTTR.
The distractors are incorrect because they:
Use the wrong table (SecurityAlert), which tracks threats instead of vulnerability recommendations.
Calculate the time difference with the datetime_diff arguments in the wrong order, which would produce negative values.
Attempt to calculate a time difference on a single record without first pairing the "Active" and "Resolved" records, which is logically incorrect and references a non-existent column.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of Azure Log Analytics in streaming Defender for Cloud recommendations?
Open an interactive chat with Bash
What is MTTR and why is it important for security analysts?
Open an interactive chat with Bash
What does the `arg_min()` and `arg_max()` functions do in KQL?
Open an interactive chat with Bash
Microsoft DevOps Engineer Expert AZ-400
Design and implement processes and communications
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .