MS-102 • Practice Exam 54
Free MS-102 practice exam — 20 questions with explanations. Set 54. No signup required.
A security analyst wants to create a custom detection rule in Microsoft Defender XDR that triggers when a device establishes a network connection to an IP address that has been recently observed in threat intelligence feeds as a new, malicious command-and-control server. The rule should analyze network communication events. Which advanced hunting table should be the primary data source for the Kusto Query Language (KQL) query?