MicrosoftMicrosoft
SC-200 · Question #389
SC-200 Question #389: Real Exam Question with Answer & Explanation
Sign in or unlock SC-200 to reveal the answer and full explanation for question #389. The question stem and answer options stay visible for context.
Submitted by anjalisingh· Apr 18, 2026
Question
You have a Microsoft 365 E5 subscription. You have the following KQL query. You need to use the query to create a Microsoft Defender XDR custom detection rule that can isolate an onboarded device. How should you modify the query?
Options
- AAdd the AccountUpn and Timestamp columns to the project operator.
- BAdd a distinct operator.
- CAdd a summarize operator.
- DAdd the DeviceId and Timestamp columns to the project operator.
Unlock SC-200 to see the answer
You've previewed enough free SC-200 questions. Unlock SC-200 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.