SC-200 Question #36: Real Exam Question with Answer & Explanation

Sign in or unlock SC-200 to reveal the answer and full explanation for question #36. The question stem and answer options stay visible for context.

Submitted by lukas.cz· Apr 18, 2026Configure protections and detections

Question

You provision Azure Sentinel for a new Azure subscription. You are configuring the Security Events connector. While creating a new rule from a template in the connector, you decide to generate a new alert for every event. You create the following rule query. By which two components can you group alerts into incidents?Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Options

Auser
Bresource group
CIP address
Dcomputer

Unlock SC-200 to see the answer

You've previewed enough free SC-200 questions. Unlock SC-200 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock SC-200 - $49.99 / 30 days Sign in

Topics

#Azure Sentinel#Analytics Rules#Alert Grouping#Incident Creation

Full SC-200 Practice Browse All SC-200 Questions