Microsoft Security Operations Analyst Associate SC-200 Practice Question
You have enabled User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel and ingested Azure AD sign-in, audit, and identity data. You plan to build a scheduled analytics rule that alerts when UEBA flags any user with a risk score of 0.7 or higher. Which log table should the Kusto query target to retrieve UEBA anomaly records and risk scores?
UEBA writes every calculated anomaly and the associated risk score to the BehaviorAnalytics table in the Log Analytics workspace that backs Microsoft Sentinel. Scheduled analytics rules that need to surface UEBA-generated insights must therefore query this table. SecurityAlert holds alerts generated by analytic rules and other security products, not the raw UEBA anomalies. IdentityInfo contains user profile enrichment data but no anomaly scores, and UserRiskEvents is not a Microsoft Sentinel table. Only BehaviorAnalytics provides the required UEBA anomaly and risk score information.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the BehaviorAnalytics table in Microsoft Sentinel?
Open an interactive chat with Bash
How does UEBA calculate risk scores in Microsoft Sentinel?
Open an interactive chat with Bash
What types of data does the Azure AD sign-in log provide for UEBA in Microsoft Sentinel?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Configure protections and detections
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .