SC-200 · Question #435
SC-200 Question #435: Real Exam Question with Answer & Explanation
Sign in or unlock SC-200 to reveal the answer and full explanation for question #435. The question stem and answer options stay visible for context.
Question
You have a Microsoft 365 subscription that uses Microsoft Defender XDR. All endpoint devices are onboarded to Microsoft Defender for Endpoint. You have an Azure subscription that contains a Microsoft Sentinel workspace named Workspace1. All Microsoft Defender XDR events are ingested into Workspace1. You have a Microsoft Entra tenant. You create a KQL query named query1 that searches device logs for a known vulnerability. You need to ensure that query1 runs every hour. The solution must minimize administrative effort. What should you configure?
Options
- Aa custom detection rule
- Bautomated investigation and response (AIR)
- Ca watchlist
- Dan automation rule
Unlock SC-200 to see the answer
You've previewed enough free SC-200 questions. Unlock SC-200 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.