Microsoft Security Operations Analyst Associate SC-200 Practice Question
You run a Kusto Query Language (KQL) hunting query in Microsoft Sentinel that returns 15 suspicious PowerShell execution events across several servers. You must flag these specific rows so they are saved for future reference, appear in the investigation graph, and can later be promoted to an incident or associated with one. What should you do directly from the Hunting query results pane?
Add the affected servers to a watchlist.
Create a bookmark for the selected events.
Create a scheduled analytics rule from the query.
Pin the query results to an Azure Monitor workbook.
Creating a bookmark from selected hunting results stores the events as an artifact in Microsoft Sentinel. Bookmarks are shown in the investigation graph, can be added to existing incidents, or promoted to new incidents, providing an auditable pivot point for continued analysis. Building an analytics rule schedules the query to run periodically but does not immediately save the current rows for investigation. Watchlists store static reference data such as IP or user lists and are not intended for preserving specific query results. Pinning results to a workbook only creates a visualization and does not integrate the events with investigations or incidents.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Microsoft Sentinel bookmark?
Open an interactive chat with Bash
How is a scheduled analytics rule different from a bookmark in Microsoft Sentinel?
Open an interactive chat with Bash
What is the investigation graph in Microsoft Sentinel?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Manage security threats
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .