nerdexam
ExamsSC-200Questions#244
MicrosoftMicrosoft

SC-200 · Question #244

SC-200 Question #244: Real Exam Question with Answer & Explanation

The correct answer is C: Project1(c:c)(date=2023-02-01..2023-02-10). To search for specific content within a date range in Microsoft Purview, the KQL query should specify the keyword, content property, and date range in the correct format.

Submitted by yousef_jo· Apr 18, 2026Manage threat mitigation using Microsoft Purview

Question

You have a Microsoft 365 subscription that uses Microsoft Purview and Microsoft Teams. You have a team named Team1 that has a project named Project1. You need to identify any Project1 files that were stored on the team site of Team1 between February 1, 2023, and February 10, 2023. Which KQL query should you run?

Options

  • A(c:c)(Project1)(date=(2023-02-01)..date=(2023-02-10))
  • BAuditLogs
  • CProject1(c:c)(date=2023-02-01..2023-02-10)
  • DAuditLogs

Explanation

To search for specific content within a date range in Microsoft Purview, the KQL query should specify the keyword, content property, and date range in the correct format.

Common mistakes.

  • A. This query has the content property (c:c) before the keyword Project1, which is not the standard or effective KQL syntax for searching keywords in content.
  • B. AuditLogs is a table name in Log Analytics/Sentinel, not a content search query for Microsoft Purview compliance.
  • D. AuditLogs is a table name in Log Analytics/Sentinel, not a content search query for Microsoft Purview compliance.

Concept tested. Microsoft Purview eDiscovery KQL syntax

Reference. https://learn.microsoft.com/en-us/microsoft-365/compliance/keyword-queries-and-search-conditions?view=o365-worldwide#search-conditions

Topics

#Microsoft Purview#KQL#Content Search#eDiscovery

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SC-200 PracticeBrowse All SC-200 Questions