SC-200
Perform threat hunting
medium
Question 3 of 44

A hunter wants to look for suspicious outbound connections from endpoints. Which Advanced Hunting table is the most appropriate starting point?

ADeviceNetworkEvents
BDeviceFileEvents
CDeviceRegistryEvents
DEmailPostDeliveryEvents

More Perform threat hunting Questions

44 questions

Full Microsoft Certified: Security Operations Analyst Associate Practice Test

All topics covered

All Microsoft Certified: Security Operations Analyst Associate Questions

Browse by topic

Related Questions

Which Advanced Hunting table in Microsoft Defender XDR is used to investigate process creation and r...

easy

Which language is used to create hunting queries in Microsoft Defender XDR and Microsoft Sentinel?...

easy

Which Microsoft Defender XDR feature provides curated reports about active threats, impacted assets,...

easy

A Sentinel analyst creates a useful hunting query and wants to preserve it for future reuse and moni...

medium

A SOC wants recurring long-running hunts executed in the Sentinel data lake instead of being run man...

medium
View all Perform threat hunting questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account