SC-200 • Mock Exam 86
Free SC-200 mock exam — 25 questions with explanations. Set 86. No signup required.
You are configuring a Microsoft Sentinel analytics rule to detect failed logons from multiple IP addresses. The rule should trigger an incident only when the same user account has failed logons from more than three distinct IP addresses within 5 minutes. Which rule setting should you configure?