Microsoft Security Operations Analyst Associate SC-200 Practice Question
You create a scheduled analytics rule in Microsoft Sentinel that runs every five minutes. The query often returns many rows for the same user within an hour, and each row currently produces a separate incident. You need to reduce noise so that only one incident is created for each user during that hour without suppressing events for other users. Which rule setting should you configure?
Configure the Alert grouping section to combine alerts that share the same Account entity within a 1-hour window.
Enable alert suppression for 60 minutes after each trigger.
Change the rule scheduling frequency from 5 minutes to 60 minutes.
Set the alert threshold to require at least 12 query results before firing.
Use the Alert grouping settings in the analytics rule. Alert grouping lets you specify a time window and the condition that alerts must share-such as the same Account entity-so that all qualifying alerts are merged into a single incident. Suppression would block all alerts for the period, not just duplicates for the same user. An alert-threshold controls how many results in one query run create a single alert, but does not aggregate alerts across runs. Changing the query frequency simply slows detection and still allows multiple incidents if several matching results appear in subsequent runs.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is alert grouping in Microsoft Sentinel?
Open an interactive chat with Bash
How does alert suppression differ from alert grouping?
Open an interactive chat with Bash
Why doesn’t changing the rule frequency solve the issue in this scenario?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Configure protections and detections
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .