MicrosoftMicrosoft
SC-200 · Question #318
SC-200 Question #318: Real Exam Question with Answer & Explanation
Sign in or unlock SC-200 to reveal the answer and full explanation for question #318. The question stem and answer options stay visible for context.
Submitted by fatima_kr· Apr 18, 2026
Question
You have an Azure subscription that contains a Microsoft Sentinel workspace named WS1. You create a hunting query that detects a new attack vector. The attack vector maps to a tactic listed in the MITRE ATT&CK database. You need to ensure that an incident is created in WS1 when the new attack vector is detected. What should you configure?
Options
- Aa hunting livestream session
- Ba query bookmark
- Ca scheduled query rule
- Da Fusion rule
Unlock SC-200 to see the answer
You've previewed enough free SC-200 questions. Unlock SC-200 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.