SC-200 Question #79: Real Exam Question with Answer & Explanation

Sign in or unlock SC-200 to reveal the answer and full explanation for question #79. The question stem and answer options stay visible for context.

Submitted by manish99· Apr 18, 2026Configure protections and detections

Question

You are currently using Azure Sentinel for the collection of Windows security events. You want to use Azure Sentinel to identify Remote Desktop Protocol (RDP) activity that is unusual for your environment. You need to enable the Anomalous RDP Login Detection rule. What two prerequisites do you need to ensure are in place before you can enable this rule? Each correct answer presents part of the solution.

Options

ACollect Security events or Windows Security Events with Event ID 4624.
BLet the machine learning algorithm collect 30 days' worth of Windows Security events data.
CSelect an event set other than None.
DCollect Security events or Windows Security Events with Event ID 4720.

Unlock SC-200 to see the answer

You've previewed enough free SC-200 questions. Unlock SC-200 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock SC-200 - $49.99 / 30 days Sign in

Topics

#Azure Sentinel#Anomalous RDP Login Detection#Security Events#Data Collection

Full SC-200 Practice Browse All SC-200 Questions