SC-200 • Practice Test 22
Free SC-200 practice test — 15 questions with explanations. Set 22. No signup required.
A security operations center (SOC) uses Microsoft Sentinel. The team wants to detect anomalous behavior for a specific user account that typically logs in only during business hours from a known IP range. They create a scheduled analytics rule that queries the SigninLogs table for logins outside that range or outside business hours. To reduce false positives, which of the following configurations should the analyst apply?