Crucial Exams

Microsoft Security Operations Analyst Associate SC-200 Practice Question

You are configuring a scheduled analytics rule in Microsoft Sentinel that runs a Kusto Query Language (KQL) statement against the SecurityEvent table. The query returns the columns Account, Computer, and SrcIpAddr. When the rule raises an incident, you want the investigation graph to automatically show the related user, host, and IP address so other alerts can be correlated. Which configuration should you apply to the rule to meet this requirement?

  • Attach an automation playbook that enriches the incident with user, host, and IP information after the alert is generated.

  • In the analytics rule wizard, map the query's Account, Computer, and SrcIpAddr columns to the Account, Host, and IP entity types in the Entities section.

  • Edit the corresponding data connector and configure Connected Data Sources field mapping for user, host, and IP fields.

  • Enable Entity Behavior Analytics (UEBA) in Microsoft Sentinel and associate the rule with the UEBA module.

Microsoft Security Operations Analyst Associate SC-200
Configure protections and detections
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot