SC-200 · Question #131
SC-200 Question #131: Real Exam Question with Answer & Explanation
Sign in or unlock SC-200 to reveal the answer and full explanation for question #131. The question stem and answer options stay visible for context.
Question
You have a Microsoft Sentinel workspace. You receive multiple alerts for failed sign-in attempts to an account. You identify that the alerts are false positives. You need to prevent additional failed sign-in alerts from being generated for the account. The solution must meet the following requirements: - Ensure that failed sign-in alerts are generated for other accounts. - Minimize administrative effort What should do?
Options
- ACreate an automation rule.
- BCreate a watchlist.
- CModify the analytics rule.
- DAdd an activity template to the entity behavior.
Unlock SC-200 to see the answer
You've previewed enough free SC-200 questions. Unlock SC-200 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.