Microsoft Security Operations Analyst Associate SC-200 Practice Question
Your organization suspects that a user removed over 100 files from the Marketing site collection earlier today. You will connect to Exchange Online PowerShell and run the Search-UnifiedAuditLog cmdlet to return only the relevant deletion events. Which RecordType and Operation values should you specify so the query returns only SharePoint file-deletion records?
RecordType AzureActiveDirectory and Operation HardDelete
RecordType ExchangeAdmin and Operation RemoveMailboxFolderItems
RecordType DataAccessGovernance and Operation FileRemoved
RecordType SharePointFileOperation and Operation FileDeleted
When a file is deleted from SharePoint Online or OneDrive, the unified audit log records the event with RecordType set to SharePointFileOperation and the Operation value FileDeleted. Using these two values scopes results to file-deletion activities that occur in SharePoint and OneDrive workloads. The other record types (such as AzureActiveDirectory or ExchangeAdmin) log completely different kinds of activities, and the alternate Operation names shown do not exist for SharePoint audit events, so those combinations would return no matching records.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the unified audit log in Microsoft 365?
Open an interactive chat with Bash
How do you connect to Exchange Online PowerShell to run the Search-UnifiedAuditLog cmdlet?
Open an interactive chat with Bash
Why are RecordType and Operation values important in Search-UnifiedAuditLog queries?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Manage incident response
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .