MicrosoftMicrosoft
SC-200 · Question #373
SC-200 Question #373: Real Exam Question with Answer & Explanation
Sign in or unlock SC-200 to reveal the answer and full explanation for question #373. The question stem and answer options stay visible for context.
Submitted by paula_co· Apr 18, 2026
Question
You have a Microsoft 365 subscription. You have the following KQL query. You need to ensure that you can create a Microsoft Defender XDR custom detection rule by using the query. What should you add to the query?
Options
- A| summarize (Timestamp, ReportId)=arg_max(Timestamp, ReportId), count() by DeviceId
- B| summarize (ReportId)=make_set(ReportId), count() by DeviceId
- C| summarize (Timestamp, DeviceName)=arg_min(Timestamp, DeviceName), count() by DeviceId
- D| summarize (Timestamp)=range(Timestamp), count() by DeviceId
Unlock SC-200 to see the answer
You've previewed enough free SC-200 questions. Unlock SC-200 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.