SC-200 Mitigate threats using Microsoft Sentinel • Timed 15 Questions
This is a timed practice session. You have 15 minutes to answer 15 questions — approximately 1 minute per question, matching real SC-200 exam pace. Answer every question before time expires.
Time remaining
15:00
Exam-pace drill
Allow 1 minute per question. On the real SC-200 exam you have approximately 72 seconds per question — this session trains you to maintain that pace under pressure.
A security operations analyst is creating a scheduled analytics rule in Microsoft Sentinel to detect brute force attempts on Microsoft Entra ID authentication. Which data source is most appropriate for this rule?