SC-200 Mitigate threats using Microsoft Sentinel • Set 7
SC-200 Mitigate threats using Microsoft Sentinel Practice Test 7 — 15 questions with explanations. Free, no signup.
A SOC analyst wants to create a scheduled analytics rule in Microsoft Sentinel that runs every hour and detects multiple failed user login attempts from a single IP address within a 5-minute window. Which KQL function should be used in the query to group the failed events by 5-minute time intervals?