SC-200 Question #163: Real Exam Question with Answer & Explanation

The correct answer is C: Advanced Hunting. Advanced hunting gives a choice to save the query as a detection, while Alert and Incident don't provide an option to save as a detection. https://docs.microsoft.com/en-us/microsoft-365/security/defender/advanced-hunting-query- results?view=o365-worldwide

Submitted by yaw92· Apr 18, 2026Configure protections and detections

Question

From which of the following can a SOC (Security Operation Center) analyst make a customized detection?

Options

AAlert
BIncident
CAdvanced Hunting
DRequest

Explanation

Advanced hunting gives a choice to save the query as a detection, while Alert and Incident don't provide an option to save as a detection. https://docs.microsoft.com/en-us/microsoft-365/security/defender/advanced-hunting-query- results?view=o365-worldwide

Topics

#Advanced Hunting#Custom Detection Rules#Threat Detection#Security Operations

Community Discussion

No community discussion yet for this question.

Full SC-200 Practice Browse All SC-200 Questions