Microsoft Security Operations Analyst Associate SC-200 Practice Question
You created a hunting query in Microsoft Sentinel that identifies obfuscated PowerShell commands. During an ongoing incident response you want to receive immediate notifications in the Microsoft Sentinel portal whenever the query returns new matching events, without converting the query to an analytic rule. Which action should you take?
Add a scheduled alert rule to run the hunting query every 5 minutes.
Convert the hunting query into a workbook and pin its chart to a dashboard.
Create a recurring search job that executes the hunting query hourly.
Start a Livestream session based on the hunting query.
Running the hunting query as a Livestream session causes Microsoft Sentinel to execute the KQL continuously and surface any new matches in near real time, sending in-portal alerts so you can respond immediately. Turning the query into an alert (scheduled query) would require creating an analytic rule, which the scenario explicitly rules out. Converting the query to a workbook only provides visual reporting and does not push notifications. A search job executes the query over historical data on a schedule but does not provide real-time notifications. Therefore, starting a Livestream session is the correct choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of a Livestream session in Microsoft Sentinel?
Open an interactive chat with Bash
How does a Livestream session differ from an analytic rule in Microsoft Sentinel?
Open an interactive chat with Bash
What are the benefits of using KQL for hunting queries in Microsoft Sentinel?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Manage security threats
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .