Microsoft Security Operations Analyst Associate SC-200 Practice Question
You need to create a scheduled custom detection rule in Microsoft Defender XDR that targets endpoint data. Which two columns MUST your Kusto Query Language (KQL) query return so that the rule can generate alerts successfully?
When you create a custom detection rule that runs against device-related tables (such as DeviceProcessEvents), Microsoft Defender XDR requires the query to return at least the Timestamp column, which indicates when the event occurred, and the DeviceId column, which identifies the affected device. Without both of these mandatory columns, the rule cannot correlate results to specific devices or determine alert time, and the rule creation wizard will not let you proceed. Other columns-such as ReportId, FileName, or Severity-are optional but not required for the rule to run.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Kusto Query Language (KQL) used for in Microsoft Defender XDR?
Open an interactive chat with Bash
Why are Timestamp and DeviceId mandatory for custom detection rules in Defender XDR?
Open an interactive chat with Bash
What are device-related tables in Microsoft Defender XDR, and how are they relevant to custom detection rules?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Configure protections and detections
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .