SC-200 Perform threat hunting • 50 Questions
50 SC-200 Perform threat hunting practice questions with answers and explanations. Free, no signup.
A security analyst is using KQL in Microsoft Sentinel to hunt for potential data exfiltration by a user who has been sending unusually large amounts of data to an external IP address. Which KQL operator should the analyst use to identify the top source IP addresses and total bytes sent over the last 7 days?