SC-200 Perform threat hunting • Set 5
SC-200 Perform threat hunting Practice Test 5 — 15 questions with explanations. Free, no signup.
Refer to the exhibit. The KQL query is used for threat hunting in Microsoft 365 Defender. What is the primary purpose of this query?
Refer to the exhibit. ```kusto let T = (DeviceEvents | where ActionType startswith 'ScheduledTask' | where Timestamp > ago(7d) | summarize count() by ActionType, bin(Timestamp,1h)); T | where count_ > 10 | order by Timestamp desc ```