Microsoft Security Operations Analyst Associate SC-200 Practice Question
While authoring a scheduled analytics rule in Microsoft Sentinel, you need to prevent incident sprawl by ensuring that every alert produced during a one-hour window is grouped into a single incident, even if different hosts or accounts are involved. Which of the following alert-grouping options should you select in the rule wizard to meet the requirement?
Inherit the alert grouping configuration from the rule's template
Group alerts into a single incident when the selected entities match
Disable alert grouping so that each alert becomes a separate incident
Group all alerts triggered by this rule into a single incident
Selecting "Group all alerts triggered by this rule into a single incident" causes Microsoft Sentinel to funnel every alert fired by the rule during the chosen grouping period into the same incident, regardless of which entities the individual alerts reference. The "group when selected entities match" option would still split incidents whenever the entities differ, and disabling alert grouping would create one incident per alert. Relying on the template's settings offers no assurance because the template may not use the required grouping configuration.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is alert grouping in Microsoft Sentinel?
Open an interactive chat with Bash
What does 'Group all alerts triggered by this rule into a single incident' mean in Microsoft Sentinel?
Open an interactive chat with Bash
How does 'Group alerts into a single incident when the selected entities match' differ from the correct option?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Configure protections and detections
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .