SC-200 • Practice Exam 52
Free SC-200 practice exam — 20 questions with explanations. Set 52. No signup required.
You are reviewing an alert rule in Microsoft Sentinel created via ARM template. What is the primary purpose of this rule?
Refer to the exhibit.
{
"properties": {
"displayName": "Suspicious sign-in alert",
"enabled": true,
"triggerOperator": "GreaterThan",
"triggerThreshold": 0,
"conditions": [
{
"property": "RiskLevelDuringSignIn",
"operator": "Equals",
"value": "high"
}
],
"actions": [
{
"actionGroupId": "/subscriptions/.../actionGroups/AG1",
"webhookProperties": {}
}
]
}
}