SC-200 • Practice Test 40
Free SC-200 practice test — 15 questions with explanations. Set 40. No signup required.
Refer to the exhibit. You are deploying an Azure Resource Manager (ARM) template to create a saved search in Microsoft Sentinel. However, the template does not create an analytics rule. What is missing to turn this saved search into a scheduled analytics rule?
Refer to the exhibit.
```json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.OperationalInsights/workspaces/savedSearches",
"apiVersion": "2020-08-01",
"name": "[concat(parameters('workspaceName'), '/', parameters('ruleName'))]",
"properties": {
"category": "Security",
"displayName": "[parameters('ruleName')]",
"query": "SecurityEvent | where EventID == 4688 | where ProcessName endswith '\\powershell.exe'",
"tags": [
{ "name": "AlertSeverity", "value": "Medium" }
]
}
}
]
}
```