Crucial Exams

Microsoft Security Operations Analyst Associate SC-200 Practice Question

You develop a Kusto Query Language (KQL) hunting query in Microsoft Sentinel that reliably identifies credential stuffing attempts. You need the query to execute automatically every hour and raise an incident whenever at least one match is returned. Which action should you perform from the Hunting page to meet the requirement?

  • Pin the query to a workbook and set the workbook to refresh every 60 minutes to produce alerts.

  • Export the query to a Logic App playbook that calls the Log Analytics API on an hourly recurrence to send incident notifications.

  • Select Create detection rule and save the query as a scheduled analytics rule that runs hourly with an alert threshold of 1.

  • Toggle Live stream for the query so it continuously monitors data and automatically opens incidents.

Microsoft Security Operations Analyst Associate SC-200
Manage security threats
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot