SC-200 · Question #319
SC-200 Question #319: Real Exam Question with Answer & Explanation
The correct answer is B: Every 24 hours. Every 24 hours - runs every 24 hours, checking data from the past 30 days "Match the time filters in your query with the lookback duration. Results outside of the lookback duration are ignored." https://learn.microsoft.com/en-us/defender-xdr/custom-detection-rules
Question
You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR. The security team at your company detects command and control (C2) agent traffic on the network. Agents communicate once every 50 hours. You need to create a Microsoft Defender XDR custom detection rule that will identify compromised devices and establish a pattern of communication. The solution must meet the following requirements: - Identify all the devices that have communicated during the past 14 days. - Minimize how long it takes to identify the devices. To what should you set the detection frequency for the rule?
Options
- AEvery 12 hours
- BEvery 24 hours
- CEvery three hours
- DEvery hour
Explanation
Every 24 hours - runs every 24 hours, checking data from the past 30 days "Match the time filters in your query with the lookback duration. Results outside of the lookback duration are ignored." https://learn.microsoft.com/en-us/defender-xdr/custom-detection-rules
Community Discussion
No community discussion yet for this question.