Microsoft Security Operations Analyst Associate SC-200 Practice Question
You are investigating a suspected account compromise for a user in your tenant. To review the user's interactive sign-in events from the last 24 hours, you decide to query Microsoft Graph. Which REST endpoint should you call so that the results include only that user's sign-ins within the required time range?
GET https://graph.microsoft.com/v1.0/identityProtection/riskDetections?$filter=userId eq '' and activityDateTime ge
GET https://graph.microsoft.com/v1.0/security/alerts?$filter=assignedTo eq '' and createdDateTime ge
GET https://graph.microsoft.com/v1.0/auditLogs/signIns?$filter=userId eq '' and createdDateTime ge
Microsoft Security Operations Analyst Associate SC-200
Manage incident response
Your Score:
Bash, the Crucial Exams Chat Bot
AI Bot