SC-200 Perform threat hunting • Set 10
SC-200 Perform threat hunting Practice Test 10 — 15 questions with explanations. Free, no signup.
Your team is using Microsoft 365 Defender advanced hunting to investigate a possible data exfiltration incident. The security team suspects that an internal attacker used a compromised SharePoint Online account to download sensitive files from multiple sites. You need to build a hunting query that identifies all file download activities from SharePoint Online for a specific user account over the past 7 days, and then calculates the total size of downloaded files. Which KQL query should you use?