AZ-500 Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel • Set 7
AZ-500 Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel Practice Test 7 — 15 questions with explanations. Free, no signup.
Your security operations center (SOC) uses Microsoft Sentinel. You need to create a custom analytics rule that detects when a user signs in from a country not in the allowed list and then accesses a high-value SharePoint site within 10 minutes. The rule should generate an incident only if both conditions occur. Which KQL operator should you use in the rule query?