Crucial Exams

Microsoft Security Operations Analyst Associate SC-200 Practice Question

You create a new scheduled analytics rule in Microsoft Sentinel that runs a Kusto query against Azure AD sign-in logs and returns the columns UserPrincipalName and IPAddress. You need every alert that the rule generates to automatically display the signed-in user and the source IP address as entities in the investigation graph so they can participate in incident correlation. Which configuration should you add before saving the rule?

  • Configure aggregation settings to group alerts by the UserPrincipalName and IPAddress fields.

  • Add UserPrincipalName and IPAddress as custom details in the alert enrichment section of the rule.

  • Enable incident creation and configure custom incident settings so that UserPrincipalName and IPAddress appear in the incident details.

  • In the Entity mapping section, map UserPrincipalName to the Account entity (Name) and IPAddress to the IPv4 entity (Address).

Microsoft Security Operations Analyst Associate SC-200
Configure protections and detections
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot