SC-200 Mitigate threats using Microsoft Sentinel • Set 5
SC-200 Mitigate threats using Microsoft Sentinel Practice Test 5 — 15 questions with explanations. Free, no signup.
A SOC analyst needs to write a KQL query for a Microsoft Sentinel scheduled analytics rule that detects impossible travel activity. The rule should alert when a user signs in from two different countries within 60 minutes. The analyst has the SigninLogs table with columns: UserPrincipalName, IPAddress, Location (country), TimeGenerated. Which KQL query pattern correctly triggers an alert for each pair of sign-ins meeting the condition?